Gadi Evron: "In this paper we address in detail how the recent DNS DDoS attacks work. How they abuse name servers, EDNS, the recursive feature and UDP packet spoofing, as well as how the amplification effect works. ....In the conclusions we also discuss some remediation suggestions." (Paper here as PDF)