Some attacks cause innocent third parties' servers to send unsolicited SYN/ACK packets to the victim's host. This is done in such a way that the machines being used to send the SYN/ACK packets each send only a trickle of them, barely noticeable to an admin who isn't looking for them, but in concert with hundreds or thousands of other machines the effect is a flood of traffic at the victim's end. For others that may not be familiar with the technology: this is what is known as a DDOS attack, or Distrubuted Denial Of Service. It is typically launched with a collection of servers that have already been compromised and have been held in waiting until given instructions to start the attack.
I don't know the specifics of this attack, but DNS lookup (port 53) is a connectionless UDP protocol, rather than TCP. So, there would be no SYN/ACK. However, I believe there are some aspects of DNS that are TCP.
The SYN/ACK DDoS attack I referred to works no matter what's running on the victim--it's targeted at the victim's resources--not any particular server. The attacker sends SYN packets at each host he wants to send traffic to the victim, with the victim's IP in the source address. The server SYN/ACKS to the victim, whose stack doesn't have a clue what to do with the packet. Gibson has a write-up on this attack somewhere on grc.com, if I remember correctly.