If I simply point to both in my DNS record, wouldn't 50% of traffic be in trouble as well?
There are easy ways of providing resilient services using one IP address that needn't cost the earth.
For example, you can just configure the public IP address onto a loopback interface onto each of the proxy servers and then announce it via the OSPF routing protocol (or similar) into your internal routing tables.
If a server dies completely, the route is withdrawn from your interior routing tables and traffic automatically stops flowing to the dead server within 30 seconds.
In most networks this solution costs nothing. The OSPF routing can be done using Quagga if your proxies are running Linux or some other UNIX variant.
Your internal network will need to be able to speak OSPF too, but that comes out of the box with most Cisco or Juniper class hardware. You are planning to run some reasonably OK network gear to support these thousands of sites, aren't you ;-) ?
FWIW, I've used a similar technique in the past to handle fail-over of large scale shared web-hosting from one data center to another.