Consumer and business routers equipped with DNS servers that are configured to accept queries from anywhere on the Web (“open recursive” DNS servers) are leveraged by perpetrators to create what is called a DNS Reflection Attack. Attackers can send spoofed DNS queries to these open DNS servers, forging the request so that it appears to come from a target network. That way, when the DNS servers respond, they reply to the spoofed (target) address resulting in a DDoS attack!
Read more here – http://krebsonsecurity.com/2012/08/triple-ddos-vs-krebsonsecurity/