Hi Avery,
Thanks for your post, which you sent to the right place (and from the right place as well, I appreciate your candor and desire to do the right thing). Unfortunately I'm afraid that nobody reading it would be able to give you what you want, which is an okay to launch a reflection attack against yourself using Google Public DNS.
There are internal teams at Google that do this sort of thing, and I hope that you might be interested in applying for a position at Google working with one of them in a year or two. The security teams probably don't do internships, but there might be an opportunity with an
SRE team where you could do internal load testing or maybe abuse/attack measurement.
Someone I know who used to work on one of those security teams, but has since left Google is
@IAmMandatory; he might be better able to give you advice about what is and is not appropriate in ethical hacking. I would guess that brute force exploits like a DNS reflection attack would be very unlikely to earn a
Google bug bounty as they would at most just be measuring parameters about where the anti-denial-of-service protections kick in, not revealing unknown vulnerabilities.
I hope this unsatisfactory answer might be better than the silence of indifference that is sometimes the fate of posts on this forum, and I wish you the best of luck in your studies.
@alex