When millions of people suddenly couldn’t load familiar websites and apps during the Amazon Web Services, or AWS, outage on Oct. 20, 2025, the affected servers weren’t actually down. The problem was more fundamental – their names couldn’t be found.
The culprit was DNS, the Domain Name System, which is the internet’s phone book. Every device on the internet has a numerical IP address, but people use names like amazon.com or maps.google.com. DNS acts as the translator, turning those names into the correct IP addresses so your device knows where to send the request. It works every time you click on a link, open an app or tap “log in.” Even when you don’t type a name yourself, such as in a mobile app, one is still being used in the background.
To understand why DNS failures can be so disruptive, it’s helpful to know how the Domain Name System is constructed. The internet contains over 378 million registered domain names, far too many for a single global phone book. Imagine a single book containing every American’s name and phone number. So DNS was intentionally designed to be decentralized.
Each organization that owns a domain, such as google.com, is responsible for maintaining its own DNS entries in its own DNS server. When your device needs to find an IP address, it asks a DNS server, which may ask others, until it finds the server that knows the answer. No single system has to hold everything. That’s what makes DNS resilient.
Here’s how DNS works behind the scenes.
Centralization equals vulnerability
So why did AWS, the largest cloud provider in the world, still manage to break the internet for so many, from Zoom to Venmo and smart beds?
Cloud providers host web servers but also critical infrastructure services, including DNS. When a company rents cloud servers, it often allows the cloud provider to manage its DNS as well. That’s efficient – until the cloud provider’s DNS itself has a problem.
Amazon disclosed that the specific cause of the recent disruption was a timing bug in the software that manages the AWS DNS management system. Whatever the cause, the effect was clear: Any website or service relying on AWS-managed DNS could not be reached, even if its server was perfectly healthy. In this way, the cloud concentrates risk.
This wasn’t the first time DNS became a point of failure. In 2002, attackers attempted to disable the entire DNS system by launching a denial-of-service attack against the root DNS servers, the systems that store the locations of all other DNS servers. In a denial-of-service attack, an attacker sends a flood of traffic to overwhelm a server. Five of the 13 root servers were knocked offline, but the system survived.
In 2016, a major DNS provider called Dyn, which companies paid to run DNS on their behalf, was hit with a massive distributed-denial-of-service attack. In a distributed-denial-of-service…
