I believe you are correct. This is how Cloudflare fixed the issue and how every other provider could fix it. Just may be (considered) a lot of work by providers that currently throw ns01.provider.com and ns02.provider.com at everyone.
Krebs's article also mentions it:
>What did DNS providers that have struggled with this issue in the past do to address these authentication challenges? The security firms said that to claim a domain name, the best practice providers gave the account holder random name servers that required a change at the registrar before the domains could go live. They also found the best practice providers used various mechanisms to ensure that the newly assigned name server hosts did not match previous name server assignments.
Krebs's article also mentions it:
>What did DNS providers that have struggled with this issue in the past do to address these authentication challenges? The security firms said that to claim a domain name, the best practice providers gave the account holder random name servers that required a change at the registrar before the domains could go live. They also found the best practice providers used various mechanisms to ensure that the newly assigned name server hosts did not match previous name server assignments.