Securing BIND DNS: disable external root hints
Disabling recursive DNS queries in BIND is not enough to stop amplification attacks using your DNS server.
If you are running BIND you also need to disable root hints.
Find: view “external” and under line
save then restart named