What are the prerequisites for exploiting remote DLL loading on a DNS server using dnscmd?

You need credentials or hashes of a user in the DnsAdmins, Domain Admins, or Enterprise Admins groups. You also need a DNS server that can be remotely managed and access to a network share (like SYSVOL) to host the malicious DLL. This technique is detailed in Domain Penetration - Remote DLL Loading on DNS Server Using dnscmd.