>> The growing deployment of DNS Security (DNSSEC) and IPv6 has increased response sizes and therefore the use of TCP. > Yes, but doesn't IPv6 also increase the "maximum safe UDP packet size" from 512 bytes to 1280?

DNS mostly has to support larger sizes, and has for decades for things like svc/txt records used for various encryption and large blocks of text. Having worked for a registrar and dealing with ddos, not much you can do but filter more intelligently. There are ddos appliances/services built just to deal with volumetric queries from hosts for such reason.