I don't follow...
Can you explain to me your rationale for believing that "you can take down the entire OS via the init with a malicious dns response" when systemd-resolved is quite clearly a separate binary from that running as init and has also dropped its privileges and is running as a non-root user?:
# ps | grep init
1 root 7824 S {systemd} /sbin/init ldb
1108 root 2696 S grep init
# readlink -f /sbin/init
/usr/lib/systemd/systemd
# readlink -f /usr/lib/systemd/systemd-resolved
/usr/lib/systemd/systemd-resolved
# ps | grep systemd-resolved
359 systemd- 5816 S /usr/lib/systemd/systemd-resolved
1097 root 2696 S grep systemd-resolved
# cat /etc/passwd | grep systemd-resolve
systemd-resolve:x:231:231:systemd-resolve:/:/bin/nologin
systemd-resolve:x:231:
# cat /etc/group | grep systemd-resolve
systemd-resolve:x:231:
#