The sites affected were using Dyn DNS Manager to manage their DNS. The sites not affected were sites like Google, and Facebook who have their own DNS servers. So anyone using Dyn went down when Dyn went down, and it was mostly Silicon Valley tech companies with API driven web services mostly hosted on Amazon.
There are only so many major cloud providers, and only so many high-end DNS managers. By knocking out the DNS manager, it disconnected all of these websites APIs from the Internet.
Who ever launched this attack was extremely clever, because they launched the first DDoS early in the morning, then launch the second about 3 hours later, then an hour later, then 30 minutes later, etc. So as they attempted to mitigate the attack, the attacks became bigger and more frequent. This was likely someone testing their capabilities.
I would guess this entire thing was a test. They likely just proved their DNS management vulnerability theory. Now imagine if follow up attacks target multiple DNS managers and servers including Google's and Facebooks. You could probably take down 99% of the Internet.
"This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn."
Now imagine how much power millions of devices can generate. Small devices like cameras are going to be the bane of the internet. But I have to admit that I can't wait to see how will root name servers cope with this.
There's an interesting article written by PC World on this: An IoT botnet is partly behind Friday's massive DDOS attack