Not that I disagree with the fact that these risks exist, but how is that different than running any other service for a mission critical platform?

The main thing I can think of is DNS amplification attacks, but that's more your DNS server being used as part of a DDoS attack rather than being targeted for one. Also (afaik) resolvers are more common targets for DNS amplification than authoritative.

Large scale dns vendors have a multi million dollars worth of network layer traffic filtering equipment pipelined in front of their DNS servers (or in house solutions such as Google).

Yes, of course. But my question was why are you focusing on DNS here? Everything you've said so far is true of setting up literally any public service. Considering how cheap DNS is to serve in the common case, running an authoritative DNS server seems no less risky than running, say, a web server.

Virtual private cloud services where you host the DNS server may also include DDoS protection.

May or may not. You open the UDP ports, you get flooded, they block all incoming traffic, and this way or another your assets are not resolvable.

One must distinguish between application layer attacks HTTP/S and UDP, cloud vendors won’t protect you implicitly for network layer attacks unless you purchased such service from them.

So you buy it. I checked the prices at our provider, and it's something like $20+/month extra and they use some HW from https://www.riorey.com/

Far cry from needing $1e6 HW ourselves.

Sure, but if the services are available, you can just purchase as-needed. If the problem never comes up, you're golden.

Does that mean running your own DNS in the cloud is a better answer? This is what I do.