IP addresses can change regularly. That’s the whole point of a DNS server. When this happens it updates the new IP address.

There is a way to use your own recursive DNS server instead of relying on public ones. See pihole recursive DNS using unbound, for instance.

DNS provides a bunch of functions without which the Internet wouldn’t function today.

First, load balancing. A record like [google.com](https://google.com) can have HUNDREDS of servers behind it, and DNS can provide that type of load balancing by giving different users different IP addresses.

Second, shared web servers. A server might have 1 IP address, but be serving up hundreds of domain web pages and email. That wouldn’t be possible without DNS.

Third, it’s much easier to go to a website by name, [www.pepsi.com](https://www.pepsi.com). Instead of having to remember the IP address. And how are you going to find that IP address in the first place?

DNS was around before the web. It’s been a foundation of The Internet since the beginning.

> I understand how it makes everything easy to use

And it also allows for changing IP addresses, load balancing, and hosting multiple sites on the same server. IPv4 is already bursting at the seams, not to mention of what would happen if every single website in existence had to have its own particular IP address.

> and probably has some branding implications but it’s a major source of exploits.

Everything is a major source of exploits. DNS is pretty darn simple compared to the insane amount of stuff going on in a web browser

> We have used phone numbers before and while a b inconvenient wouldn’t using IP addresses directly be much more secure. Or the very least using some decentralized framework rather than DNS servers

In what way would a decentralized framework be more secure? Decentralization doesn’t make something more secure in any way. What it does is removing a center. This may have benefits in terms of reducing central control, but doesn’t really do much about security issues.

Besides that, DNS is well distributed. There are millions of DNS servers out there, and the system is well thought out to spread the load.

Hosting providers usually have many websites behind the same IP. How distinguish what website the users want to visit?

>We have used phone numbers before

Yes and we used phone books to find the number of the people/the business we want to call.

So.. DNS is basically the phonebook for IP adresses

​

So you always need at least one source of the number you want to dial in the beginning.

The same would be true if we would use IP addresses directly.

So you would still need DNS (or an “IP-Adress book”) to find the IP you want to call and need to trust this book.

As far as a decentralised framework goes… DNS is already decentralised in a way, but not the way you mean – and looking at why is important.

Whenever a device makes a DNS query, it doesn’t go directly to a major server. The most common process is that first, it checks if it has that domain cached. Then, if it doesn’t, it asks the router – which checks if *it* has the domain cached. If it doesn’t, it goes to your ISP, and so forth until reaching a root server.

Now, imagine changing what happens at the router step. Rather than trying to make it hierarchical, it goes with the decentralised route and asks *every* device it’s connected to if it knows that domain, and somehow propagates out until it gets an answer. Rather than each request causing four packets for any device in the chain (one coming in with the request, one going out with the request, one coming in with the answer and one going out with the answer), we easily create dozens or hundreds, multiplying the traffic by massive amounts and heavily stressing the network.

The privacy, man in the middle and similar exploits can all be fixed, by encrypting DNS queries and making a new version of the standard with privacy in mind… But that’s hard to actually get moving. HTTPS was invented in 1994, formally specified in 2000, and it didn’t wee massive adoption until a massive push by the EFF and web browsers in 2016 – and HTTP contains even more important data! IPv6 has been usable since 2008 at the latest, with many devices and OSes supporting it from 2011 or earlier… And yet a lot of people still don’t have IPv6 service, and many sites don’t have IPv6. Making people swap is hard – and making them swap DNS protocol would mean upgrading or updating routers, which many don’t know how to do.

Just because DNS exists doesn’t mean you can’t use IP addresses directly. If you believe it’s more secure, go ahead and use IP addresses directly. Good luck figuring out which IP addresses belong to which web sites without DNS, though.