Why I Think an Internet Blackout Is Coming Soon

There's an idea that's been circling in my mind for some time now: one day, perhaps soon, it won't be a website that goes down, or an app, or a social network. Something more invisible will fail.

The map will go down.

And when the map goes down, even though the roads still exist, you no longer know how to get there.

That's how the internet works, deep down. We type names: google.com, wikipedia.org, neomano.com. But machines don't travel by names. They travel by numbers, by IP addresses, by routes. Between the human name and the machine address exists a silent layer we almost never look at: DNS, the system that translates names into addresses. Cloudflare explains it with a familiar metaphor: DNS is like the internet's phone book. You look up a name, and the system finds the number.

The problem is that a phone book doesn't seem important until the day it disappears.

When people talk about an "internet blackout," they imagine cut undersea cables, destroyed satellites, data centers burning, or governments switching off giant routers. That can happen, of course. But there's a more elegant, more modern, and perhaps more unsettling way to cause chaos: not destroying the internet, but making the internet forget how to call itself.

That's where root servers come in.

Root servers are a kind of first information desk for DNS. They don't necessarily know where every site is, but they know where to direct the question. If someone asks about a .com domain, the system must be able to reach the root somehow to find out who manages .com. Same for .org. Same for .ec. The root isn't the entire library, but it is the index that lets you find the aisles.

For a long time people repeated that there are 13 root servers. That's technically true and false at the same time. There are 13 names or logical addresses, from A to M, but they're not 13 lonely computers in a basement guarded by men with headsets. Today those addresses are distributed via anycast across many physical locations, operated by 12 independent organizations. Root-servers.org reports more than 2,000 instances of the root system as of May 20, 2026.

In other words, there's no red button that says "turn off the internet."

And yet, the temptation exists.

The novelty isn't that someone wants to attack DNS. That's already happened. In 2007, for example, there was a distributed attack against root servers. ICANN reported that six of the thirteen root servers were affected and two were severely impacted, though the impact on end users was limited thanks to engineering, distribution, and the use of anycast. RIPE also noted that the attack went almost unnoticed by the average user.

What's new is that now there's a tool that can make an attacker's obsession more dangerous: artificial intelligence.

Not because AI is magical. Not because it "thinks" like a movie villain. Not because it wakes up at three in the morning and decides to hate us. The danger is more boring and for that very reason more realistic: AI reduces costs. It helps search for information, automate tasks, write code, summarize technical documentation, find patterns, produce convincing messages, coordinate attempts, translate languages, simulate scenarios, and accelerate cycles of trial and error.

The UK's National Cyber Security Centre warned in 2024 that AI would almost certainly increase the volume and impact of cyberattacks, and would lower the barrier to entry for novice criminals, hackers for hire, and hacktivists, especially in reconnaissance, social engineering, and access operations.

That's the point.

Before, attacking critical infrastructure required a lot of knowledge, a lot of patience, and a lot of coordination. Today it still requires knowledge, patience, and coordination. But AI can make one person seem like a small team. Or make a small team seem like an organization. Or make an organization act with the speed of a machine.

Now imagine the scenario.

This isn't about explaining how to do it. That would be irresponsible. It's about understanding why we might notice it someday.

A brief attack against the root probably wouldn't be enough. The internet has memory. Recursive DNS servers cache answers for a certain time, defined by the TTL, or Time To Live. If a server already knows where a popular domain is, it can respond without asking the entire hierarchy again. Cloudflare explains that recursive DNS servers cache answers for a determined time and can respond from cache without consulting other servers. RSSAC, ICANN's advisory committee for the root system, also explains that DNS records have TTL: the time during which a response can remain stored before the caching server must query again.

That's why an attack lasting minutes can be invisible. People keep accessing the same sites because many names were already resolved. Apps keep working because they maintain open connections or because their domains are cached. Large sites resist better because everyone queries them all the time and their responses are repeated in thousands of resolvers.

For us to notice, the attack would need to have a special characteristic: it would need to last longer than the system's memory.

It wouldn't be enough to hit hard. It would have to hit for long enough, in enough places, and against enough parts of the resolution process, until the caches start to expire and the recursive servers need to ask again.

That's when the strange feeling would begin.

Not everything would go down at once. That would be too cinematic. First some sites would fail. Then others. Some people might be able to access from one carrier, but not from another. One country would see errors that another doesn't see. A user with public DNS would have a different experience from another using their provider's DNS. Some mobile services would keep working while certain websites seemed dead. There would be absurd conversations:

—It opens for me.
—Not for me.
—Try with mobile data.
—Try with another DNS.
—Reboot the router.
—No, wait, now it's not opening for me either.

That would be the most modern blackout: not total darkness, but inconsistency.

The internet would still be there, but we'd lose confidence in its map. And confidence, in infrastructure, is almost everything.

Something even more unsettling could also happen: not that names don't respond, but that they respond incorrectly. There the problem stops looking like a blackout and starts looking like a collective hallucination. Sites pointing where they shouldn't. Services that won't load. Certificates that fail. Apps that think they're talking to a server and in reality can't verify anything. It wouldn't take all domains failing. It would be enough for enough important domains to fail for people to feel that "the internet is acting weird."

That phrase, "the internet is acting weird," could be the first symptom.

The root infrastructure is more resilient than most people imagine. Anycast, redundancy, independent operators, monitoring, caches, DNSSEC, local copies of the root zone, and other defenses mean the system isn't a house of cards. In fact, RFC 8806 describes a method for resolver operators to have a local copy of the root zone, precisely to give more reliable responses during network attacks that affect root servers.

But the history of computer security teaches something uncomfortable: resilience doesn't eliminate risk, it only raises the price of the attack.

And AI lowers prices.

Before, to attack something like this, you needed to know a lot. Now you can know less and ask better. Before you needed to read technical documentation for weeks. Now you can summarize it in minutes. Before you needed to write tools patiently. Now you can produce prototypes, fix errors, and automate tests with dangerous speed. Before you needed to coordinate people. Now you can coordinate processes.

AI doesn't turn any teenager into a cybercrime genius. But it does turn a mediocre attacker into a less mediocre one. And it turns a good attacker into a faster one.

Then the uncomfortable question appears: why would anyone do such a thing?

The first motivation is the simplest and oldest: hatred.

There are people who don't want money, or a cause, or negotiation. They just want to see something burn. Before they broke windows. Then they took down pages. Later they leaked databases. Tomorrow they might want to leave a mark on the infrastructure we all take for granted. Not because they gain something practical, but because destruction can also be a sick form of expression.

The second motivation is money.

If someone demonstrates they can affect name resolution at scale, even for a short time, they can extort. Banks, exchanges, governments, cloud providers, e-commerce platforms, telecommunications operators: all depend on names working. A partial DNS blackout for an hour can cost more than many traditional ransoms. In the digital world, disruption is a currency.

The third motivation is fame.

But not normal fame, with interviews, photos, and biography. A strange fame. Faceless fame. Alias fame. Manifesto-published-in-some-dark-corner fame. The fame of "I was the one who made everyone look at the sky and wonder why there was no signal."

It's a contradictory fame: wanting to be known without being identified. Wanting to go down in history without appearing in it. Wanting millions to suffer an inconvenience so that a few on a forum will say: "that guy did it."

There can also be political, military, or ideological motivations. Such an attack could be used as a show of force, distraction, retaliation, or rehearsal. But I'm more interested in the small, almost human motivation. That of the resentful, the ambitious, the invisible. Because AI doesn't only empower major actors. It also gives new tools to misdirected solitude.

Maybe there won't be a big global blackout. Maybe something more modest will come: a regional blackout, a massive resolution failure, an attack against several recursive providers, a chain of incidents that seem isolated until someone connects the dots. Maybe it won't last days. Maybe it'll last hours. Maybe it'll be enough for banks not to load, apps to fail, sites to disappear, and half the world to think the problem is their router.

And when it happens, many will discover for the first time that the internet isn't a cloud. It's a collection of agreements, protocols, servers, routes, caches, and people who, miraculously, almost always cooperate.

AI didn't invent the internet's fragility. It can only make it more exploitable.

Maybe that's why I think we'll soon see an internet blackout. Not necessarily the end of the internet. Not an apocalyptic scene. Rather a warning. A tremor. A disruption large enough to remind us that digital civilization rests on layers almost no one knows about.

And that day, when we open our browser and nothing loads, we won't necessarily be disconnected.

Maybe we'll just be lost.

Because the road will still be there.

But the map will have stopped responding.