As you might have noticed, or heard a lot of Ddos attacks these days are done by using dns. If you want to check if your server is vulnerable, use this url: https://isc.sans.edu/dnstest.html
By default DirectAdmin allows recursion to everyone around the world wich leads into botnets abusing your dns servers by spoofing ip’s and sending dns requests to your server.
For more info take a look at these links:
When using DirectAdmin and no other servers use this as a dns resolver, put this in your /etc/bind/named.conf.options
This will allow the localhost to do dns lookups using your server, everything else is denied.
I noticed the latest bind versions don’t do this by default, can someone confirm this?