First of all, the protected dns will only mean that your nameservers are protected from a Denial of Service attack, in most cases.
Firewalls like CSF and a script like DDoS deflate might help here and there against a DDoS, but it will eat up resources, as opposed to having your provider filter traffic, which will stop bad traffic before it reaches your server.
What sort of attacks are you receiving? How many packets per second, how many mbps is the size of the attack?
Implementing a system means you won't have instant DoS protection, as a filtering appliance needs time to analyse your traffic in order to precisely decide which packets are 'bad'.
High Bandwidth Servers
Custom Hosting Solutions
most of attacks are between 100Mbps and 700Mbps. A good solution for 500Mbps is SecurePort from staminus, but I need something for 100Mbps and 300Mbps. I found that DDoS deflate would have to run in a cron every 1 minute, and this is resource eater, like you said.
Mod_deflate will actually not help you must against a real DDOS aimed to either saturate your uplink or max out the server or operating systems capacity to handle Packets per Seconds.
What Mod_deflate does, is not much then use IPtables to stop certain attacks on httpd based on httpd requests. It is a tool to stop certain Denial of Services attacks, but it is not a DDOS filtering or mitigation method.
EDIT: seems DDOS deflate is actually another script. Even so, PPS and link saturation limits do apply. There is not a script that can actually deflate that.
Fighting DDoS you are looking at over $100 a month my friend! It is not cheap at all and an overpriced market. Good luck!
Like any market, there are suppliers who are overpriced. However, keep in mind that DDoS mitigation services are expensive because true DDoS mitigation itself is very expensive.
Not only does the provider have to spend a lot of capital on purchasing specialized DDoS mitigation equipment, but they also have to maintain high capacity links with enough excess capacity to handle the largest attacks. Not only that, but they have to eat the bandwidth costs of the attack as well. Many attacks also require the attention of highly qualified staff to manually make adjustments to mitigate the attacks.
If anything, I think DDoS mitigation may be undervalued, as the true providers are having to compete with the pricing of pretenders who do nothing except install scripts and mod_security.
ASTUTE HOSTING: Advanced, customized, and scalable solutions with AS54527 Premium Canadian Optimized Network (Level3, PEER1, Shaw, Tinet) MicroServers.io: Enterprise Dedicated Hardware with IPMI at VPS-like Prices using AS63213 Affordable Bandwidth (Cogent, HE, Tinet) Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami