There's also the possibility that there has been a false diagnosis.
From reading the paper and looking at the bind (named) configuration in 5.5 it looks like the diagnosis is reasonable. The bind configuration in 5.5 does support promiscuous recursive lookups, which you have presumably exposed to the Internet by opening a UDP port 53 hole in your firewall (or worse still, you do not have a firewall). The quickest fix is to disable the named service, and add a custom template for /etc/resolv.conf to use another (properly secured) name server.
The best solution is to upgrade to a supported version.
5.5 has been unsupported and deprecated for a long time now. You have no excuses for still running it.