Mail-in-a-Box uses 'nsd', which is a non-recursive DNS server. I don't think it can be used to relay DNS queries in a DDOS attack. But if you meant something else, please let me know and/or file a ticket (I don't think I'll be looking here for replies).
The last thing the internet needs is more clueless users with dns servers.