Yes. Both NTP and DNS operate over UDP. UDP is a connectionless protocol, which means no connection handshake needs to be made in order for a data to be delivered to a target IP address. What generally happens is, one attacker will send many requests to a many DNS and or NTP servers whilst spoofing their IP address to make it appear as if their victim is sending all of these requests. No connection handshake happens to verify that the victim is actually making these requests. So, every server that the attacker sent this request to will send the much-larger answer back to the victim. If DNS were to only operate over TCP (which uses a connection handshake), the internet would be much slower, because connection handshakes can take a while.
However, this isn't what happened on Monday. It seems like one attacker with a lot of systems used those systems to query someone's domain name whilst spoofing many IP addresses at once. This in turn overwhelmed many of the root servers, and possibly several authoritive DNS servers in the process. Sounds like a botnet owner was showing off how much power they have.
