[justizin]

Use a large provider's DNS. I can't suggest supporting CloudFlare because of their dubious selective enforcement of ToS regarding sites that actively organize and encourage harm to people, but there are much lighter weight alternatives.

AWS Route53 is basically free and doesn't require you to use any other AWS services, the same is probably true for any other cloud provider. Smaller providers like DigitalOcean / Linode / whatever should also be fine - I use DO for personal stuff, but would happily use it for larger capacity projects. Many cloud provider DNS APIs are supported in terraform, so you don't have to worry about what the UI is like.

Your DNS registrar also probably offers this service.

I will say this: if your provider is unable to protect their own DNS service, you should find a better provider. While CloudFlare and other similar services have incredibly resilient DNS, most folks don't need that. Anyone who is in the business of hosting online services should be capable of running a resilient DNS service. If not, you have to ask yourself how resilient anything else they offer you is.

While there are lots of ways to screw it up, DNS is incredibly simple compared to basically any other service, reliability-wise. BIND on any reasonable hardware can handle katrillions of queries.