Typically, DDoS mitigation services offer a limited number of 48-72 hour mitigations per year (can be a large number, depending on the contract). Outside of these periods the traffic is not routed via them.
How does that work? Does the DDOS mitigation software change DNS and if so how can it change the DNS in the middle of an attack assuming the attackers?
Only very basic DNS mitigations services have you change DNS and proxy through them. Predictably GitHub is not using one of those.
If you really want to protect your service (your own DNS or say SMTP, WebSockets, TCP), then you need to change the internet routing. This is done via BGP announcements of your IP subnets, such that you announce your inbound routes via the mitigation providers. The providers scrub the traffic and deliver clean traffic via a GRE tunnel to your routers. The outbound traffic is routed directly via your upstream providers.