DNS Amplification Attack

An attack that became apparent at the beginning of 2006, involving a weakness in many DNS servers.

By using a botnet and IP spoofing, an attacker can, where recursive DNS queries are permitted, send spoofed requests for a website's IP address to a user's primary DNS servers. Responses from these servers are sent on to the victim, at a much larger size than the initial DNS query.