Since there isn't an abstract, I'll drop a key quotes from the intro -<p><i>"In this paper, we point out a new vulnerability and show an attack, the NXNSAttack, that exploits the way DNS recursive resolvers operate when receiving NS referral response that contains nameservers but without their corresponding IP addresses (i.e., missing glue-records)</i>"<p><i>"The NXNSAttack is more effective
than the NXDomain attack: i) It reaches an amplification factor of more than 1620x on the number of packets
exchanged by the recursive resolver. ii) Besides the negative cache, the attack also saturates the ‘NS’ resolver
caches.</i>"<p><i>"Essentially the attacker issues many requests for sub-domains of domains authorized by its own authoritative server (step 1 in Fig. 3). Each such request is crafted to have a different sub-domain to make sure it is not in the resolver’s cache, thus forcing the resolver to communicate with the attacker’s authoritative server to resolve the queried subdomains (step 2). The attacker authoritative name-server then returns an NS referral response with n name-server names but without their glue records(step 3), i.e., without their associated IP addresses, forcing the resolver to start a resolution query for each one of the name-server names in the response</i>"