There's an old saying among network engineers: "It's always DNS." It's a joke that survives because it keeps being true. When email stops arriving, when the site goes down, when single-sign-on inexplicably fails for half the team — there's a better-than-even chance the proximate cause is a DNS record that's stale, expired, or pointed somewhere it shouldn't be. Outsiders treat DNS as exotic and arcane. Inside, we treat it like plumbing — invisible when it works, ruinous when it doesn't, and emphatically not something to leave to the most recent person who happened to have the login.
The most common failure mode we see at small and mid-sized businesses isn't a DNS attack or a misconfiguration in some fancy record. It's that the DNS is registered to someone's personal Gmail address from twelve years ago, and that person hasn't worked there in eight years, and nobody remembers the registrar password, and the domain is about to expire. We've watched companies lose their email for three weeks because of this. It's preventable in an afternoon.
If you treat DNS as plumbing, the maintenance becomes obvious. Registrar accounts live in a business email, not a person's email. Domain registrations auto-renew, on a credit card that won't expire next quarter. Records get documented somewhere — not in someone's head, not in a Slack thread, but in a list you'd be unembarrassed to share with an auditor. The MX records (mail) and SPF / DKIM / DMARC records (the things that decide whether your email arrives in inboxes or spam folders) get reviewed at least once a year. And when you make changes, you make them in a low-traffic window, after writing down what they were before, with a path to roll back.
None of this is glamorous, and that's the point. The companies that take DNS seriously rarely have DNS outages. The ones that don't will eventually have a story they tell at conferences — the kind that starts "so the domain expired on a Friday afternoon."