What Caused the June 6, 2025 Alibaba Cloud DNS Outage and How to Mitigate It?

On June 6, 2025 early morning, Alibaba Cloud monitoring detected abnormal resolution of the

aliyuncs.com

domain, impacting Object Storage Service (OSS), Content Delivery Network, container image service, and DNS, causing widespread 404 errors and service interruptions.

Incident Timeline

02:57 – Alibaba Cloud monitoring detected the

aliyuncs.com

DNS anomaly; engineers began emergency handling.

04:04 – Engineers preliminarily identified the cause of the DNS anomaly and continued urgent remediation.

08:11 – After emergency processing, the resolution issue was fixed and affected cloud products began to recover.

~09:00 – All impacted cloud products were fully restored.

Root Cause Analysis

Some netizens suggested the failure was due to the domain being hijacked and redirected to Shadowserver.

Shadowserver (the Shadowserver Foundation) is an internationally recognized nonprofit network‑security organization founded in 2004. It improves global Internet security through threat‑intelligence sharing, malware analysis, honeypot monitoring, and other activities.

One of its tools is the Registrar of Last Resort (RoLR). When law‑enforcement or registries request the “seizure” of a malicious domain, RoLR temporarily transfers ownership of the domain, and Shadowserver points the domain’s NS records to its own sinkhole servers.

Mitigation Suggestions from the Community

For load‑balancers (NLB, ALB), change the domain to an A or AAAA record that points directly to the load balancer’s VIP for rapid recovery.

Client‑side mitigation: point the local DNS server to

223.5.5.5

for quick relief.

If the business domain’s resolved IP is known, manually edit the client’s

hosts

file to fix the IP.

For newly purchased ALB/NLB CNAME aliases, switch to other domains; for existing ones, directly modify A/AAAA records to the load balancer’s VIP.

DNS is the foundational service of the Internet; any damage to it has a broad impact.