Hi James,
you seem to be running an open DNS resolver, is that correct? And if so, do you do it intentionally?
I just received an US-CERT alert today that warns about ongoing amplification attacks, among others against DNS, but also against some other UDP based services.
https://www.us-cert.gov/ncas/alerts/TA14-017A
From the symptoms you describe I'd say that your DNS server is being used in such an attack.
I also see a chroot directory, but if I grep for named it doesn't appear to be using the chroot(?): # ps aux | grep named named 3497 0.4 0.7 170088 15836 ? Ssl 23:02 0:02 /usr/sbin/named -u named root 3763 0.0 0.0 61192 764 pts/1 S+ 23:13 0:00 grep named
Do you have the bind-chroot package installed?
Best regards,
Peter.