"Would it be straightforward to limit domestic users to (say) one DNS query per second? Would this help?"
DNS resolution is needed for a lot more than just the URL you typed into the browser or clicked in Google. Each of the secondary domains that site calls have to be resolved too, and there can be dozens of them on a fairly typical site on the internet. Running uBlock Edge, I see a counter that shows the number of third-party domains a site has attempted to contact, and it has sometimes exceeded a hundred of them. It's absolutely nuts (and much of it is about tracking and analytics related to advertising), but that's the state of things now.
Not only that, but it would only work when it is a DNS server being attacked. That's not always the case.
Biting the hand that feeds IT
