[vertex-four]

One option is to run your own BIND instance configured however you like, and pay for one or more secondary DNS services to sync off it. You can even hide your own BIND instance from everyone outside your network and just point your NS records at the secondaries, if you’re worried about misconfiguration/DoS attacks/etc.

[jsmthrowaway]

A perfectly viable option that is called 'shadow mastering'. dns.he.net lets you do it for free.

[zaarn]

That sounds interesting. Would you know of any secondary DNS service headquartered in Europe? I always wanted to host DNS myself but since I lack a secondary DNS...

[vertex-four]

Unfortunately don't know any EU-based services, but all the big services have their actual servers available in most locations.

[z3t4]

Only problems is when your main DNS is down, letsencrypt wont check your secondary, because they use Google DNS.