We've been seeing large (100gb/sec+) DNS
reflection/amplification attacks for years. Yes, the attacker will identify a big TXT
record, or he will execute an ANY query (blocking ANY queries during an attack is a
rational response, although this will break qmail), or he will query any DNSSEC-enabled
server and be guaranteed that the minimum response size he will get will be at least 1300
bytes. We see all of this routinely.
It's always interesting to me that Arbor
seems to be the only one who "routinely" sees those in the wild. One could
almost think that there is a business driver somewhere there ...