DNS Amplification* is a type of DDoS attack in which the attacker sends a (usually brief) request to a vulnerable DNS server, which in turn responds with a much larger packet. If the IP address of the victim computer is used as the source IP address when sending the request (ip spoofing), the vulnerable DNS server will send large numbers of unwanted packets to the victim computer until it completely paralyzes it.

This type of attack is most effective on a misconfigured DNS server, which, as mentioned above, responds to short requests from attackers with large packets

*What to do?

First of all, of course to check the actual version of your DNS-server, regardless of what platform it is running on

Secondly, make sure that the server is configured securely enough and does not respond to "left-handed" requests to everyone

*We recommend to use our NS-server, as they are located in 4 different geographical locations and are designed for high loads

Read more about DNS Amplification at habrahabr.ru

Updated Aug. 20, 2018