The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
This Metasploit module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party.