I have a server that was reported as being vulnerable to DNS amplification attacks. The problem is, after blocking all incoming traffic to 53 via Windows Firewall, my server is apparently still happily responding to anonymous nslookups.
How could this be the case? What else should I be looking for? I run as a web server with multiple websites and applications running, but not a DNS server. But isn't blocking Port 53 all that would be necessary?