On Friday a large chunk of the internet fell over because someone pointed a botnet at Dyn, the managed DNS provider, and a lot of very well-known names went with it. Twitter, Spotify, GitHub, Reddit and plenty more were unreachable for stretches of the day, all because the thing that turns names into addresses stopped answering. The attack came from compromised IoT tat, cameras and recorders with hardcoded passwords, which is its own depressing story.
What struck me was not the scale but the familiarity. We have known for years that putting all your DNS with one provider is a single point of failure, and we mostly do it anyway because it is convenient and usually fine. "Usually fine" is doing a lot of work in that sentence.
I went and looked at my own setup afterwards, because it is easy to be smug about other people's architecture. My personal domains sit behind one provider too. That is the trade I have chosen, and for a blog it is the right one. For anything that pays the bills, a secondary DNS provider on a different network is cheap insurance, and Friday was a loud reminder to actually buy it rather than nod along to the idea. The lesson is not new. We just keep choosing not to act on it until a Friday afternoon makes us.