What is the Domain Name System? A computer engineer explains the basics of the web

During the Amazon Web Services (AWS) outage on October 20, 2025, when millions of people suddenly found their familiar websites and apps unloadable, the affected servers weren’t actually down. The problem was more fundamental: I couldn’t find their names.

The culprit was DNS (Domain Name System), the Internet’s telephone directory. Every device on the Internet has a numerical IP address, but people use names like amazon.com and Maps.google.com. DNS acts as a translator, turning those names into the correct IP addresses so your device knows where to send the request. It works every time I click a link, open an app, or tap “Login.” Your name will continue to be used in the background even if you don’t enter it yourself, such as in a mobile app.

To understand why DNS failures can be so disruptive, it helps to understand how the Domain Name System is constructed. There are over 378 million domain names registered on the Internet, too many for one global phone directory. Imagine a book containing the names and phone numbers of every American. Therefore, DNS is intentionally designed to be decentralized.

Each organization that owns a domain, such as google.com, is responsible for maintaining its own DNS entries on its own DNS servers. When a device needs to find an IP address, it queries DNS servers until it finds one that knows the answer. DNS servers may also query other servers. A single system doesn’t have to hold everything. That makes DNS more resilient.

Centralization means vulnerability

So how was AWS, the world’s largest cloud provider, able to disrupt the internet for so many people, from Zoom to Venmo to smart beds?

Cloud providers not only host web servers, but also important infrastructure services such as DNS. When companies rent cloud servers, the cloud provider often allows them to manage DNS as well. This is efficient until something goes wrong with the cloud provider’s DNS itself.

Amazon revealed that the specific cause of the recent disruption was a timing bug in the software that manages the AWS DNS management system. Whatever the cause, the effects were clear. Websites and services that rely on AWS-managed DNS were inaccessible, even if the servers were perfectly healthy. In this way, the cloud concentrates risk.

This isn’t the first time DNS has become a point of failure. In 2002, attackers attempted to disable the entire DNS system by launching a denial of service attack on the root DNS server (the system that stores the locations of all other DNS servers). In a denial of service attack, an attacker sends a large amount of traffic to overwhelm a server. Five of the 13 root servers went offline, but the system survived.

In 2016, a large DNS provider called Dyn, which businesses pay to run DNS on their behalf, suffered a massive distributed denial of service attack. In a distributed denial-of-service attack, an attacker hijacks many computers and uses them to send large amounts of traffic to a target. The Dyn attack flooded servers with tens of thousands of compromised devices, overwhelming them. Major sites such as Twitter, PayPal, Netflix, and Reddit were functionally offline for several hours, even though their servers were fully operational. Again, the problem wasn’t the website. It’s that I couldn’t find them.

The lesson is not that DNS is weak, but that relying on a small number of providers creates an invisible single point of failure. DNS was originally designed for decentralization. But economic convenience, cloud services, and DNS-as-a-Service are quietly leading the Internet toward centralization.

Convenience over resilience

These failures are about more than shopping and streaming. DNS is also how people access banks, election reporting systems, emergency alert platforms, and the artificial intelligence tools that are now powering critical decision-making. It is dangerous even if it does not go down completely. A delayed or incorrect DNS transmission can break authentication between a user and a service, block a transaction, or erode public trust at a critical moment.

The unpleasant reality is that convenience is quietly outweighing resilience. Organizations are increasingly outsourcing DNS and hosting to the same few cloud providers, accumulating so-called resilience debt that is invisible until it’s due. Although the Internet was designed to withstand partial failures, modern economics concentrates risk in ways that its original designers clearly sought to avoid.

The lessons learned from the AWS outage are not just about fixing a single software bug. This is a reminder that DNS is critical infrastructure. This means that technology companies can’t afford to treat DNS as background plumbing and must intentionally architect for resiliency.

Although individual DNS failures cause inconvenience to people, the reliability of DNS as a whole determines whether the Internet continues to function.

This article is republished from The Conversation under a Creative Commons license. Read the original article.