Friday morning is prime time for some casual news reading, tweeting, and general Internet browsing, but you may have had some trouble accessing your usual sites and services this morning and throughout the day, from Spotify and Reddit to the New York Times and even good ol’ WIRED.com. For that, you can thank a distributed denial of service attack (DDoS) that took down a big chunk of the Internet for most of the Eastern seaboard.

This morning’s attack started around 7am and was aimed at Dyn, an Internet infrastructure company headquartered in New Hampshire. That first bout was resolved after about two hours; a second attack began just before noon. In both cases, traffic to Dyn’s Internet directory servers on the East Coast of the United States was stopped by a flood of malicious requests disrupting the system. Still ongoing, the situation is a definite reminder of the fragility of the web, and the power of the forces that aim to disrupt it.

Dyn offers Domain Name System (DNS) services, essentially acting as an address book for the Internet. DNS is a system that resolves the web addresses we see every day, like https://www.WIRED.com, into the IP addresses needed to find and connect with the right servers so browsers can deliver requested content, like the story you’re reading right now. A DDoS attack overwhelms a DNS server with lookup requests, rendering it incapable of completing any. That’s what makes attacking DNS so effective; rather than targeting individual sites, an attacker can take out the entire Internet for any end user whose DNS requests route through a given server.

All of which still leaves plenty of open questions, like where the DDoS attack against Dyn originated, and how big it was. It’s possible that the attack was part of a genre of DDoS attack that infects Internet of Things devices all over the world with malware, and conscripts them into botnet armies to then coordinate, generate, and amplify malicious traffic toward a target. The source code for one of these types of botnets, called Mirai, was recently released to the public, leading to speculation that more Mirai-based DDoS attacks might crop up. Whether that’s the case with Dyn isn’t yet known.

Though there may be a hint that it was, or if not, a striking bit of irony.

Dyn’s principal data analyst Chris Baker wrote about these types of IoT-based attacks just yesterday in a blog post titled “What Is the Impact On Managed DNS Operators?”. It appears he has his answer. And that all DNS services, and their customers, should be on notice