Client portal

When AWS and Azure Both Failed: The DNS Problem Nobody Talks About

Cloud Resilience Infrastructure
Richard Stubbs 4 mins

“To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness.”
— Oscar Wilde, The Importance of Being Earnest

Last week, the internet lost both of its parents. Amazon Web Services and Microsoft Azure suffered major outages within days of each other. Two of the most powerful cloud providers on the planet both stumbled for the same reason: DNS.

It was not ransomware, it was not a power failure, and it was not an external attack. It was the humble Domain Name System, breaking quietly but completely, and taking much of the internet with it.

Table of Contents

The Hidden Fragility of DNS

DNS translates human-readable names into machine-usable IP addresses. When it works, it is invisible. When it fails, everything stops.

DNS handles over 400 billion queries per day globally. A single misconfiguration can cascade across millions of services in minutes.

A single misconfiguration, malformed record, or propagation race can take down entire regions. Even if compute, storage, and networking are healthy, a DNS failure leaves users unable to reach them.

That is what happened.

  • AWS (20 October 2025): A race condition in an internal DNS subsystem caused cascading resolution failures across US-East-1.
  • Azure (29 October 2025): A misconfiguration in Azure Front Door crippled global routing and DNS resolution.

Two independent systems. One shared failure domain.

A Short History of DNS Disasters

This was not new. DNS failures have shaped the internet for decades.

  • 2016 – Dyn Outage: A DDoS attack on Dyn's DNS infrastructure took down Twitter, Netflix, GitHub, and more.
  • 2020 – Google DNS Route Leak: Misrouted traffic caused widespread name resolution failures.
  • 2021 – Facebook Outage: A BGP and DNS change locked even engineers out of their own systems.
  • 2025 – AWS and Azure: Two misconfigurations in one month, both rooted in DNS and edge routing dependencies.
DNS looks distributed on paper but behaves like a global single point of failure.

Each time, the pattern repeats. The architecture promises resilience, but the reality is that a single mistake anywhere in the chain can break everything downstream.

Why DNS Misconfigurations Are So Damaging

DNS failures do not degrade gracefully. They either work or they do not. TTLs, caches, and recursive resolvers amplify confusion and delay recovery.

Even small mistakes have big consequences:

  • A missing dot can orphan a zone.
  • A wrong delegation can render an entire domain unreachable.
  • A bad propagation can take hours to correct globally.

And when DNS goes, so does everything that depends on it: authentication, monitoring, APIs, telemetry, and automation. Even your recovery systems can be unreachable.

The Dual-Use Nature of DNS

DNS is not only fragile, it is also a favourite tool for attackers.

  • Data exfiltration: Payloads can be smuggled inside DNS query strings.
  • Command-and-control: Malware can receive instructions through DNS tunnels over UDP port 53.
  • Tracking: Recursive lookups can fingerprint users across sessions and networks.

Because DNS sits beneath most security controls, it is often treated as “just name resolution.” That makes it a perfect carrier for both mistakes and malice.

The Problem with Cloud Dependency

At some point, cloud shifted from resilience to reliance. We traded ownership for convenience, CapEx for OpEx, and responsibility for abstraction.

When AWS or Azure fail, most businesses cannot do much more than wait.

When these platforms fail, their DNS, routing, authentication, and management planes are all hosted in the same dependency chain. Your monitoring cannot alert you. Your automation cannot recover. Your failover cannot fail over.

The outages this month were a reminder that "someone else's problem" is still a problem. It is just one step removed.

Building on Your Own Foundations

Owning infrastructure does not mean rejecting the cloud. It means understanding the stack and keeping control of the layers that matter most.

A hybrid model is not about avoiding cloud services. It is about ensuring your core infrastructure can survive when they fail.

True resilience comes from sovereignty:

  • Running your own authoritative DNS where practical
  • Deploying redundant edge and routing paths
  • Maintaining operational control of core systems
  • Designing architectures that degrade gracefully rather than fail completely

A hybrid model, where you own the critical paths and rent the rest, gives both agility and independence.

Closing Thought

We lost two parents of the modern internet in a single week.
Perhaps it is time to grow up and take responsibility for our own digital house before the next misconfiguration reminds us who really owns our uptime.

Take Back Control of Your Infrastructure

At AxisOps, we run and maintain our own data centre because we believe in owning the foundation, not renting it. We help organisations reclaim sovereignty over their data, infrastructure, and destiny.

If you are ready to build on your own land, whether that means private cloud, hybrid architectures, or secure on-prem systems, our team can help you design and operate it with the same precision we apply to our own platforms.

Talk to AxisOps
Richard Stubbs

About the author:

Richard Stubbs

Director of Technology

Technology leader specialising in DevOps, cloud architecture, and scalable systems.

More from Richard Stubbs