Table compares the amplification factors of the 10 most frequently abused domains before and after DNSSEC adoption. Again using aids.gov as an example, the domain’s DNS server amplification power surged to more than 45.28X (up from 4.53X) after DNSSEC. Clearly, DNSSEC is a very cost-effective resource for attackers seeking to reflect amplification attacks.