An mDNS amplification attack is a Layer 4 reflection and amplification vector, one of the volumetric classes a thorough DDoS test is built to exercise. Multicast DNS (mDNS) runs on UDP 5353 and resolves hostnames on a local network without a central server, common in printers, smart-home gear, and Apple Bonjour services. The attacker spoofs the victim's IP in a unicast query to exposed mDNS responders, which reply with larger records, reflecting and amplifying traffic toward the victim.
Why it matters in DDoS testing
mDNS is meant to stay link-local, but devices that answer unicast queries from any source turn into public reflectors. Testing confirms that the perimeter blocks inbound UDP 5353, that no internal responder answers off-segment queries, and where the saturated edge first sheds legitimate packets. The reflection mechanics shared across these vectors are detailed in Understanding DDoS Attack Vectors.