The DomainMapping CRD is an extra install, search for "DomainMapping CRD" on
https://knative.dev/docs/install/any-kubernetes-cluster/
The reason you might not want to expose a broker is because there is a fair amount of trust on that component, and if a malicious event sender finds your broker, it is not clear what it might be able to do. It would be best to have some kind of auth to allow you to filter the inbound traffic.
Eventing nor the Sources WG have not worked on this problem space much yet, but there are several ways to work around it depending on your needs.
The last option for something cheap and cheerful would be a simple cloudevents proxy app you ship as a Knative Service if you are able to code a solution, one of the cloudevents sdks should get you most of the way there if you want to go that way.
-Scott