Matthew Prince over at the CloudFlare Blog has a nice post on DNS Amplification DDos Attacks. He starts by explaining that DNS amplification attacks are descendants of the old Smurf Attacks. He goes on to show how they work and what steps everyone running a DNS server should take to help prevent them.
An interesting post for anyone who’s wondered how these attacks work or how CloudFlare manages to deal with them. Definitely worth a read.