Securing BIND DNS: disable external root hints
Disabling recursive DNS queries in BIND is not enough to stop amplification attacks using your DNS server.
If you are running BIND you also need to disable root hints.
in /etc/named.conf
Find: view “external” and under line
recursion no;
add
allow-recursion {“none”;};
additional-from-cache no;
save then restart named