DNS as a vector for DoS
DNS is used as a vector for Denial of Service (DoS) attacks in a number of ways.
A common situation is using DNS for reflection amplification attacks by sending queries to open recursive (resolver) servers and spoofing the IP address of the victim. The spoofed IPs would be the target of the DoS attack and can include web servers, mail servers, or any network resource.
DNS can also be used as the protocol through which a straight query flood attack can take place using a botnet or compromised servers.
In some cases, DNSSEC queries can cause increased usage of DNS server resources.
This is part of the definition from MITRE ATT&CK for Network Denial of Service: Reflection Amplification:
"Adversaries may attempt to cause a denial of service by reflecting a high-volume of network traffic to a target. This type of Network DoS takes advantage of a third-party server intermediary that hosts and will respond to a given spoofed source IP address. This third-party server is commonly termed a reflector. An adversary accomplishes a reflection attack by sending packets to reflectors with the spoofed address of the victim. Two prominent protocols that have enabled Reflection Amplification Floods are DNS and NTP through the use of several others in the wild have been documented."
These Reflection and Amplification Floods can be directed against components of the DNS, like authoritative nameservers, rendering them unresponsive.”