Two other different things...
1) ISPs could drop out-going tcp and udp packets on port 53 from all their IP address except their own DNS servers. That would stop their customers from using public DNS server outside their networks. But it would also stop this kind of attack.
It would also have a high collateral cost: diagnosing many DNS issues becomes impossible when you can only work with one recursive resolver (which may be what is causing the DNS issues!) It is necessary to access legitimate open resolvers and authoritative servers on any kind of Internet connection, even residential broadband (don't think of grandma but think of the tech helping grandma).
In short, we *need* TCP and UDP port 53 traffic unfiltered.
2) Drop all outgoing traffic that has a spoofed source IP address. This is a very simple bit mask operation. Yes, it requires more compute power than not doing it, but not very much. The ISPs know what IP addresses they own, they can very easily prevent spoofed traffic from leaving their networks, effectively stopping this kind of attack, as well as other types of hacking. At the same time, it would still allow legitimate use of public DNS servers.
This is what we need more of. Provided, of course, that it isn't applied in situations where it breaks things, but in those cases the customer is hopefully smart enough to implement their own filtering.