A DNS amplification attack is a Layer 3 reflection attack vector, one of the volumetric classes a thorough DDoS test is built to exercise. The attacker sends small DNS queries to open recursive resolvers while spoofing the victim's IP as the source. The resolver answers the victim with a much larger response (ANY queries or records padded with DNSSEC data), turning a modest request stream into a flood that can reach hundreds of gigabits per second.
Why it matters in DDoS testing
DNS amplification is the canonical high-factor reflection vector, and it is what upstream scrubbing capacity is sized against. A test characterizes how much volume the edge absorbs before clean traffic degrades and the latency scrubbing introduces on cutover. The structural defense is source-address validation (BCP 38) at the carrier level, but its uneven deployment is why these attacks persist, so testing focuses on absorption. The mechanics of each reflection vector are detailed in Understanding DDoS Attack Vectors.