For countermeasures against attacks that make large numbers of queries to non-existent domains, RFC 8198 https://datatracker.ietf.org/doc/html/rfc8198 "Aggressive Use of DNSSEC-Validated Cache" is useful