You have to basically instantiate ACLs and only allow certain IP addresses.

Effectively you have to make it so the you set it up to be used locally as a caching DNS server that goes out and looks up things for you... and then return authoritative stuff for nothing for any other IP addresses.

Lookup "DNS for Rocket Scientists". Excellent book if you choose to buy it.