There are two main types of DDoS
1)requests to Overload your server
2)requests to Overload your Internet link.
With the first type of threats you can handle it yourself to optimize your server to put the server on another server, which will filter the queries, the options are many.
With the second type of threats is nothing you can do - you just lie the channel, and even your provider can ask you to leave, because you prevent him from working.
Services like CloudFlare solve the second type of threats mostly.
They have servers directly connected to the major traffic exchange points very thick channels.
To score them is almost impossible.
They proxybot your traffic slicing obvious bots.
This is done so - your domain resolvase not your IP address, and IP address of the CloudFlare, the traffic is there, and from there it is filtered directly into your IP.
In the end, the attacker knows your real address and can not put your channel.