About DoS Threat
Using spoofed recursive DNS requests to cause distributed denial of service (DDoS) attacks have increased. An attacker sends several thousand spoofed requests at a DNS server that allows recursion, sending a flood of DNS replies taking up space and data. If a DNS Server is misconfigured it can be used as a DNS recursion amplifier, allowing it to be used in a DDoS attack.
To Protect DNS Servers from Abuse
Restricting recursion and preventing DNS-based DoS attacks and cache poisoning by disabling the ability to send additional delegation information can be the first step to protecting DNS server abuse.