My DNS server is pushing 20mbps, why?
Even if your server is set to only answer authoritative queries as yours is, it's still possible for it to be used for an amplification attack - ANY
queries against the root of a zone can trigger a fairly heavy UDP response, since the zone root tends to have a number of records, particularly with SPF/DKIM/DNSSEC.
This is likely what's happening on your system - use tcpdump
to confirm. If they are using your authoritative records in an amplification attack, your best options are going to be to simply move to a new IP and hope they don't follow, change your zone root records to make it a less effective amplification vector, or implement response rate limiting (if your BIND supports it).