Why is DNS a thing? And why is it integrated the way it is with the web infrastructure.

67 views
0

I understand how it makes everything easy to use and probably has some branding implications but it’s a major source of exploits. We have used phone numbers before and while a b inconvenient wouldn’t using IP addresses directly be much more secure. Or the very least using some decentralized framework rather than DNS servers

In: 2

IP addresses can change regularly. That’s the whole point of a DNS server. When this happens it updates the new IP address.

There is a way to use your own recursive DNS server instead of relying on public ones. See pihole recursive DNS using unbound, for instance.

DNS provides a bunch of functions without which the Internet wouldn’t function today.

First, load balancing. A record like [google.com](https://google.com) can have HUNDREDS of servers behind it, and DNS can provide that type of load balancing by giving different users different IP addresses.

Second, shared web servers. A server might have 1 IP address, but be serving up hundreds of domain web pages and email. That wouldn’t be possible without DNS.

Third, it’s much easier to go to a website by name, [www.pepsi.com](https://www.pepsi.com). Instead of having to remember the IP address. And how are you going to find that IP address in the first place?

DNS was around before the web. It’s been a foundation of The Internet since the beginning.

> I understand how it makes everything easy to use

And it also allows for changing IP addresses, load balancing, and hosting multiple sites on the same server. IPv4 is already bursting at the seams, not to mention of what would happen if every single website in existence had to have its own particular IP address.

> and probably has some branding implications but it’s a major source of exploits.

Everything is a major source of exploits. DNS is pretty darn simple compared to the insane amount of stuff going on in a web browser

> We have used phone numbers before and while a b inconvenient wouldn’t using IP addresses directly be much more secure. Or the very least using some decentralized framework rather than DNS servers

In what way would a decentralized framework be more secure? Decentralization doesn’t make something more secure in any way. What it does is removing a center. This may have benefits in terms of reducing central control, but doesn’t really do much about security issues.

Besides that, DNS is well distributed. There are millions of DNS servers out there, and the system is well thought out to spread the load.

Hosting providers usually have many websites behind the same IP. How distinguish what website the users want to visit?

>We have used phone numbers before

Yes and we used phone books to find the number of the people/the business we want to call.

So.. DNS is basically the phonebook for IP adresses

​

So you always need at least one source of the number you want to dial in the beginning.

The same would be true if we would use IP addresses directly.

So you would still need DNS (or an “IP-Adress book”) to find the IP you want to call and need to trust this book.