Why is it always DNS?

You’ve heard the joke, sometimes in haiku form:

It’s not DNS

There’s no way it’s DNS

It was DNS

But why is it always DNS? There are a few reasons.

DNS is a simple concept to understand but extremely difficult to put into practice. DNS is often to blame for massive internet outages because even the most savvy companies and educated minds make mistakes while DNS misconfigurations are unforgiving.

At the same time, DNS issues often don’t manifest themselves as DNS issues. Based on the symptom, DNS is often the last thing you’d expect it to be—this explains the denial stage of the haiku.

There was a comment on Reddit recently that sums this up perfectly:

It takes a lot of DNS know-how to have the ability to look at a non-DNS issue and come to the conclusion that it’s a DNS problem before exhausting every other possible option, which is usually the case.

Notable DNS Outages

Amazon AWS - December 2021

A “glitch” in the internal network caused major outages in Amazon’s US-EAST region (Virginia) after a scaling for more capacity event was triggered. Increased latency and errors for services communicating between these networks, resulted in persistent congestion and performance issues on the devices. There are unverified rumors that the glitch was caused by an orchestrated DNS attack of unknown origins.

Facebook - October 2021

A bad BGP router configuration caused a global cascade of outages removing all Meta/Facebook properties from the internet for nearly six hours. To the rest of the internet, Facebook’s infrastructure IPs were unreachable and DNS names stopped resolving. Essentially a black hole where Facebook used to live.

Akamai - July 2021

The network experienced a global issue relating to edge DNS impacting many internet resources caused by a "software configuration update [which] triggered a bug in the DNS system”. Fidelity, the US Securities and Exchange Commission's document search site, Airbnb, British Airways and others were affected. Most of the sites were back up and running in under an hour.

Cloudflare - July 2020

A bad router configuration on the Cloudflare global backbone in Atlanta started announcing bad routes, rerouting massive traffic volumes to the geolocation overwhelming the hardware. The incident only lasted 27 minutes but affected San Jose, Dallas, Seattle, Los Angeles, Chicago, Washington, DC, Richmond, Newark, Atlanta, London, Amsterdam, Frankfurt, Paris, Stockholm, Moscow, St. Petersburg, São Paulo, Curitiba, and Porto Alegre.

And One More Outage

Fastly - June 2021

A software deployment introduced a bug that could be triggered by a specific customer configuration under specific circumstances. On June 8th, the specific configuration and circumstances collided to produce a “broad and severe” Fastly CDN outage.

This outage was not caused by DNS so why do I mention it? Because Fastly and the affected web properties used the magic of DNS to route around the disruption in less than an hour. DNS for the win! Tell your friends.

Masters of DNS are a rare breed and DNSFilter was founded by one and currently has several on staff (I am not one of them, I’d call myself a DNS dabbler). 

When we hear "it's always DNS" it's true, not because the technology is bad. It’s because the practitioners are, no offense, inadequate. DNS is so ubiquitous, and it means people are thrown into it without really knowing what they’re doing. It’s not their fault, DNS touches more than they realize.

But once you realize how intertwined DNS is with the entirety of your IT infrastructure, you start to have more respect for it. And you’ll recognize you need to trust the masters of DNS with your DNS security.

Are You a Master of DNS?

Test your knowledge with our short quiz.


4 https://twitter.com/Akamai/status/1418271515192270850?s=20
5 https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
6 https://www.fastly.com/blog/summary-of-june-8-outage

  • There are no suggestions because the search field is empty.
Latest posts
Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition

What a weekend at the Long Beach street circuit! The energy was electric, the excitement palpable, and DNSFilter was at the heart of the action, ensuring our guests had an unforgettable experience with Juncos Hollinger Racing and Romain Grosjean, the #77 driver for Juncos Hollinger.

Securing Public Wireless Networks Securing Public Wireless Networks

In the current era of digital transformation, securing public wireless networks has emerged as a fundamental challenge for IT professionals worldwide. The evolution of technology and the increasing reliance on digital platforms for both business and personal use have made public Wi-Fi networks indispensable. However, greater access creates greater vulnerabilities, making these networks prime targets for cybercriminals. The imperative to secure pu...

How to Secure Public Wi-Fi Networks How to Secure Public Wi-Fi Networks

In the quest to safeguard public Wi-Fi networks from the myriad of cyber threats, certain proactive steps stand out as fundamental. These measures form the backbone of a comprehensive security strategy, ensuring that the network remains robust against unauthorized access, data breaches, and various forms of cyberattacks.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.