A DNS response can contain much more than a single IP address. For a request of type A (asking for IP addresses associated with a hostname) you can already have multiple IPs, so if you find a host that's served by a lot of IPs, the response can already be larger than the request.

But DNS can store a lot of other fields. DNSSEC signs the DNS responses, which thus adds a signature and all key material necessary to verify that signature. DNS can also store TXT fields, which can contain any text you want, SSHFP fields which contain the ssh fingerprints of the server's keys. I won't list all the fields, Wikipedia maintains a list. Using an ANY request, you can request all of those fields at once, so the response can be quite large.

Already really well answered on the securtity stack.

To amplify a DNS attack, each DNS request can be sent using the EDNS0 DNS protocol extension, which allows for large DNS messages, or using the cryptographic feature of the DNS security extension (DNSSEC) to increase message size. Spoofed queries of the type “ANY,” which returns all known information about a DNS zone in a single request, can also be used.

Source

That "ANY" argument is what makes this type of attack useful to nefarious actors, it means that for every 1 byte you send the target receives about 6-8 bytes. This transforms a 100Mb attacker into an 800Mb attacker.

Not strictly relevant but its worth noting that a similar attack using NTP can produce an 600+X amplification factor, much more dangerous than 8X.