The DNS system is incredibly resilient and secure. I am actually leveraging DNSSEC which validates your domain name, then at the last moment I make a jump to an “insecure” (not really) subdomain “nub” where all the npubs hang off. Your subdomain can point to multiple redundant name servers, so if any of them go down, it just keeps on ticking. In the end, I’m just leveraging the security of DNS and IP, the way it was designed to be. I just wrote a DNS server that resolves records from signed events, instead of zone files. The simple idea - is that any npub can have its own DNS records and be a first class citizen of DNS.