My DNS server is pushing 20mbps, why?

linux domain-name-system bind amazon-ec2

Even if your server is set to only answer authoritative queries as yours is, it's still possible for it to be used for an amplification attack - ANY queries against the root of a zone can trigger a fairly heavy UDP response, since the zone root tends to have a number of records, particularly with SPF/DKIM/DNSSEC.

This is likely what's happening on your system - use tcpdump to confirm. If they are using your authoritative records in an amplification attack, your best options are going to be to simply move to a new IP and hope they don't follow, change your zone root records to make it a less effective amplification vector, or implement response rate limiting (if your BIND supports it).

Related

Cannot connect to Linux Samba share from Windows 10
What's the bandwidth and form factor for PCIe x1 x4 x8 and x16?
Setting Up Git Repository on Remote Windows Server?
git clone - fail instead of prompting for credentials
Business Ethics/Legality For IT Administrators
IIS is overriding my response content, if I manually set the Response.StatusCode
What's the best way to clean up after a fork bomb?
Temporarily increasing sudo's timeout for the duration of an install script
SSH Reverse Port Forwarding with PuTTy - how to specify bind address
How do you reset vagrant back to it's original state?
Certbot letsencrypt on different port than 443
How to disable "WARNING: apt does not have a stable CLI interface..." [closed]