It is a response by the time the 444 is served it is to late a true DDoS is not about what the server outputs its about what it can receive you can't expect incoming traffic that amounts to 600Gbps to be prevented by a 1Gbps port it does not work like that Nginx is an Application preventing any for of DoS at an application level is a bad idea it needs to be stopped at a router level before it hits the server to consume your receiving capacity of 1Gbps.
Adding IP address denies for DDoS to the Nginx .conf file at the application level is to late still also the connection has been made the request headers / data of 100kb or less what ever the client sent has been received on your 1Gig port its already consuming your connection.
The only scenario I can think of where returning 444 is a good idea is under a single IP flooding "DoS" because then your not increasing your ports bandwidth output responding to someone who is opening and closing a connection, But in this scenario its more like they are trying to make your server DoS itself by making it max out its own outgoing bandwidth to just their connection alone so nobody else can receive anything.
http://www.networkflare.com/