There is a minor bug on the Microsoft Server 2008 DNS service that responds with the list of all root servers when queried for non-authoritative domains, even when recursion is set to OFF. This allows a malicious party to spoof the source ip on a udp DNS request to any Microsoft Server 2008 DNS and elicit a 533 byte response to a victim, making the server a contributor to coordinated distributed denial of service attacks. The response contains the default list of root DNS servers.
3ab734fcb865afbabdc1004a74625865444aad1020e90004c4aa22a1133b0f2a