Could you please elaborate on why exactly using (non-CNAMEd) "naked domains" is a problem? What do "naked domains" and DDoS attacks have to do with each other?
DNS only allows you to put an IP addresses on the apex (read: bare/naked/etc) domain A record. That means in the case of a DDoS or other problem affecting one of those IPs you run the risk of having degraded redundancy. Some people unfortunately only put one IP in, which means you're only one machine away from going offline. A long way from what you'd want from the cloud.
DNSimple have created an ALIAS record type which gets around this problem nicely, and Route 53 from Amazon takes a similar approach.
DNSimple have created an ALIAS record type which gets around this problem nicely, and Route 53 from Amazon takes a similar approach.