Disabling recursive DNS queries in BIND is not enough to stop amplification attacks using your DNS server.
If you are running BIND you also need to disable root hints.
in /etc/named.conf
Find: view “external” and under line
recursion no;
add
allow-recursion {“none”;};
additional-from-cache no;
save then restart named