Do you mean for this dns server to be a public dns server? not sure what dns server you're using, but if it's windows there is no way to block who can use it as a caching dns server. BIND can though.
you may want to look at an alternative dns solution for internet users to resolve your public facing hosts (eg everydns.net), and then keep your internal dns server just for local users - that way you can close tcp/udp 53.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...