What is DNS? A computer engineer explains this foundational piece of the web – and why it’s the internet’s Achilles’ heel

DNS (Domain Name System) is the internet’s “phone book” that translates names into IP addresses, but recent outages have highlighted its vulnerability.
A recent AWS outage on Oct. 20, 2025, showed how DNS failures can be so disruptive, even if servers are not down, as users couldn’t load familiar websites and apps.
The problem was a timing bug in the software that manages the AWS DNS management system, which concentrated risk by relying on a single provider for DNS services.
DNS failures like this one matter beyond just shopping or streaming, as they can impact critical infrastructure such as banks, election reporting systems, and emergency alert platforms.
The lesson from the AWS outage is that convenience over resilience is becoming the norm in modern economics, leading to “resilience debt” that can have serious consequences for the reliability of DNS on the whole.

Amazon Web Services, hosted in data centers like this one in Virginia, supports thousands of websites, apps and online services – but not during its recent DNS outage. Nathan Howard/Getty Images

When millions of people suddenly couldn’t load familiar websites and apps during the Amazon Web Services, or AWS, outage on Oct. 20, 2025, the affected servers weren’t actually down. The problem was more fundamental – their names couldn’t be found.

The culprit was DNS, the Domain Name System, which is the internet’s phone book. Every device on the internet has a numerical IP address, but people use names like amazon.com or maps.google.com. DNS acts as the translator, turning those names into the correct IP addresses so your device knows where to send the request. It works every time you click on a link, open an app or tap “log in.” Even when you don’t type a name yourself, such as in a mobile app, one is still being used in the background.

To understand why DNS failures can be so disruptive, it’s helpful to know how the Domain Name System is constructed. The internet contains over 378 million registered domain names, far too many for a single global phone book. Imagine a single book containing every American’s name and phone number. So DNS was intentionally designed to be decentralized.

Each organization that owns a domain, such as google.com, is responsible for maintaining its own DNS entries in its own DNS server. When your device needs to find an IP address, it asks a DNS server, which may ask others, until it finds the server that knows the answer. No single system has to hold everything. That’s what makes DNS resilient.

Here’s how DNS works behind the scenes.

Centralization equals vulnerability

So why did AWS, the largest cloud provider in the world, still manage to break the internet for so many, from Zoom to Venmo and smart beds?

Cloud providers host web servers but also critical infrastructure services, including DNS. When a company rents cloud servers, it often allows the cloud provider to manage its DNS as well. That’s efficient – until the cloud provider’s DNS itself has a problem.

Amazon disclosed that the specific cause of the recent disruption was a timing bug in the software that manages the AWS DNS management system. Whatever the cause, the effect was clear: Any website or service relying on AWS-managed DNS could not be reached, even if its server was perfectly healthy. In this way, the cloud concentrates risk.

This wasn’t the first time DNS became a point of failure. In 2002, attackers attempted to disable the entire DNS system by launching a denial-of-service attack against the root DNS servers, the systems that store the locations of all other DNS servers. In a denial-of-service attack, an attacker sends a flood of traffic to overwhelm a server. Five of the 13 root servers were knocked offline, but the system survived.

In 2016, a major DNS provider called Dyn, which companies paid to run DNS on their behalf, was hit with a massive distributed-denial-of-service attack. In a distributed-denial-of-service attack, the attacker hijacks many computers and uses them to send the flood of traffic to the target. In the Dyn attack, tens of thousands of compromised devices flooded its servers, overwhelming them. For hours, major sites like Twitter, PayPal, Netflix and Reddit were functionally offline even though their servers were fully operational. Yet again, the issue wasn’t the websites; it was the inability to find them.

The lesson is not that DNS is weak, but that reliance on a small number of providers creates invisible single points of failure. DNS was initially designed for decentralization. Yet, economic convenience, cloud services and DNS as a service are quietly steering the internet toward centralization.

Convenience over resilience

These failures matter far beyond shopping or streaming. DNS is also how people reach banks, election reporting systems, emergency alert platforms and the artificial intelligence tools now powering critical decision-making. It doesn’t even need to fully go down to be dangerous. Simply delaying or misdirecting DNS can break authentication between users and services, block transactions or erode public trust at sensitive moments.

The uncomfortable reality is that convenience is quietly winning over resilience. As organizations increasingly outsource DNS and hosting to the same handful of cloud providers, they accumulate what could be called resilience debt – invisible until the moment it comes due. The internet was engineered to survive partial failure, but modern economics is concentrating risk in ways its original designers explicitly tried to avoid.

The lesson from the AWS outage isn’t just about fixing one software bug. It’s a reminder that DNS is critical infrastructure. That means technology companies can’t afford to treat DNS as background plumbing, and resilience needs to be designed intentionally.

Individual DNS failures inconvenience people, but the reliability of DNS on the whole defines whether the internet still works at all.

Doug Jacobson does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

link

Q. What is DNS?

A. The Domain Name System (DNS) is the internet’s phone book, which translates names like amazon.com or maps.google.com into correct IP addresses so devices know where to send requests.

Q. Why is DNS important?

A. DNS is critical infrastructure because it enables people to reach websites, apps, and online services, including banks, election reporting systems, emergency alert platforms, and artificial intelligence tools.

Q. How does DNS work behind the scenes?

A. When a device needs to find an IP address, it asks a DNS server, which may ask others until it finds the server that knows the answer. This decentralized system makes DNS resilient.

Q. What happened during the AWS outage on October 20, 2025?

A. The affected servers weren’t down, but their names couldn’t be found due to a timing bug in the software that manages the AWS DNS management system.

Q. Why did the AWS outage affect so many websites and services?

A. Because cloud providers like AWS often manage DNS for their customers, and when the cloud provider’s DNS has a problem, it can bring down entire networks of dependent services.

Q. What is a denial-of-service attack (DoS) and how does it relate to DNS?

A. A DoS attack involves sending a flood of traffic to overwhelm a server, which can cause DNS failures. In 2016, a major DNS provider called Dyn was hit with a massive distributed-DoS attack.

Q. Why is DNS becoming more centralized?

A. Economic convenience and cloud services are steering the internet toward centralization, making it easier for organizations to outsource DNS and hosting to a few large providers.

Q. What is resilience debt in the context of DNS?

A. Resilience debt refers to the accumulation of risk when organizations increasingly outsource DNS and hosting to the same handful of cloud providers, making them vulnerable to single points of failure.

Q. Why is it important for technology companies to design DNS with resilience in mind?

A. Because individual DNS failures can inconvenience people, but the reliability of DNS on the whole defines whether the internet still works at all.