It's not about DNS, they still have a powerful infrastructure that makes proxying from "open" ip to "hidden" ip. And DDOS protection is also within the framework of this infrastructure, it is impossible to do it on the knee.
Well, i.e. you can add a reverse proxy server to hide the ip, just the whole attack will move to it.

Horses mixed up in a bunch, people ... let's try to clarify, although there is already a solution, but the author really does not understand anything about the question, so he cannot normally evaluate the answer as a solution.

When registering domains with any registrar, you can specify the ns of the CloudFlare server.

You can specify any NS servers, even your own. This is not a feature of CloudFlare, but simply the holder of the DNS zone of the domain. They also say that the domain is delegated to <DNS zone owner name>

In CloudFlare, only the ip of the server where the domains are spinning is indicated.

Apparently we are talking about A record. Just read about the types of DNS records. And, probably, it means that not domains are spinning, but sites that are associated with this domain A record.

It turns out that the ip address of the server with domains is hidden, only the CloudFlare server is visible in whois.

No. Whois, DNS and IP addresses are different things, although they are related to each other.
Whois is a service that allows you to find out basic information about a domain name. Example https://whois.ru/google.ru . There is no information about IP addresses and domains, only NS records.
DNS is a service, roughly speaking, which compares domain names and IP addresses.
IP - a unique set of bytes for the ability to use the Internet from a particular device.
Those. so far CloudFlare hasn't hidden anything. If you delegated the domain to Yandex, there would be Yandex NS servers.

I need to do the same on 2 Linux servers.
On one, you need to raise a DNS server, in which 1 domainkkkkkk.ru domain will be registered and there will be records
...
Other domains will be spinning on the second server
...

You can raise your own DNS server only if (in this context) you want to host your zone yourself, i.e. delegate it to your DNS server. And you don't need this, because you have already delegated the zone to CloudFlare.
You need to mark up sites on the servers that will be mapped to domains, and you need to do this by matching the domain name with the IP address of the server on which the desired site will be, by adding an A record.
Those. if the IP of the first server is xxxx, and the second is yyyy, you need to create several DNS records:

Имя               Тип   Значение
site1.domain.ru   A     x.x.x.x
site2.domain.ru   A     x.x.x.x
newdomain1.ru     A     y.y.y.y
newdomain2.ru     A     y.y.y.y
newdomain3.ru     A     y.y.y.y

Still CloudFlare hasn't hidden anything.

The first DNS server must know where the second server is located and about the domains on it.
I will register the data of the first server at the registrar for domains from the second server.

These are just fantasies unrelated to the case
---
Thus, you will not hide anything, since the client must match the site name with its IP address in order to enter the site.
If you still need to hide (by the way, why?), then CloudFlare does just that. In the DNS section, there is a cloud with an arrow next to the DNS record, and only by clicking on it will you enable proxying through CloudFlare.

If you know how they implemented DDoS protection, write in addition to the main question.

This has already been said by Dr. Bacon , I will only add that DDOS protection is enabled only when proxying.