Most email servers allowed anyone to connect to them and send email to anyone else. Attackers routinely use weak or misconfigured DNS servers to send back invalid IP addresses to querying clients. DDoS attacks are often accomplished using DNS “amplification” techniques. Microsoft plans to make disabling upward referrals a default default in Windows Server 2016 DNS services, and you can disable it by deleting the root hints in previous versions of the Windows Server versions of previous versions. If your DNS server will respond to all queries from whomever, especially for any domain, then you have an open relay DNS server.”]
Source: https://www.csoonline.com/article/2980736/how-to-stop-your-dns-server-from-being-hijacked.html