> but 2FA was both possible and a consideration 18 years ago
You could setup your own dns servers obviously 18 years ago and in fact when starting out in the mid 90's that is exactly what we and many others did. (Criket Liu nutshell books from O'Reilly)
To clarify, the problem here wasn't with their DNS servers, but rather the registrar being compromised. You could run your own DNS servers and still get compromised like this unless you also happen to run your own registrar.