Why should I use an FQDN instead of the server's IP address?
Solution 1
Using an IP address ensures that you are not relying on a DNS server. It also has the benefit of preventing attacks through DNS spoofing.
Using a FQDN instead of an IP address means that, if you were to migrate your service to a server with a different IP address, you would be able to simply change the record in DNS rather than try and find everywhere that the IP address is used.
This is especially useful when you have many servers and services configured by multiple individuals.
Solution 2
DNS is not just FQDN = IP
The important thing about DNS is that it provides more than just A records (hostname = IP). DNS provides different types of records such as MX, CNAME, TXT, etc... that may be required by some software, sometimes. It allows multiple address records, IPv4 + IPv6 records, dynamic addresses, load balancing, geo location based resolution, fail-over/redundancy, etc... DNS tells you what things are (www.google.com is google's web service, 172.217.4.110? What's that?) It allows you to change these settings/records and have them picked up by clients without making changes on all the clients. DNS can do complex things.
There's often a clear advantage to using DNS over a direct IP address.
FQDNs can be a requirement
Some things like web servers that use name based virtual hosting or load balancers, etc... absolutely require that you address them via an FQDN or hostname. They determine how to respond to your request based on the FQDN that you are connecting to. Connecting via an IP may not work at all.
SSL certificates are issued based on domain names, so you may not be able to use some SSL enabled services (properly) without DNS.
This is a dig query for the google.com domain to give you a glimpse into the complexity of DNS
google.com. 299 IN A 172.217.0.174 google.com. 299 IN AAAA 2607:f8b0:400b:807::200e google.com. 599 IN MX 10 aspmx.l.google.com. google.com. 599 IN MX 40 alt3.aspmx.l.google.com. google.com. 59 IN SOA ns2.google.com. dns-admin.google.com. 126990955 900 900 1800 60 google.com. 599 IN MX 30 alt2.aspmx.l.google.com. google.com. 21599 IN NS ns2.google.com. google.com. 599 IN MX 20 alt1.aspmx.l.google.com. google.com. 599 IN MX 50 alt4.aspmx.l.google.com. google.com. 21599 IN NS ns1.google.com. google.com. 3599 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 21599 IN CAA 0 issue "symantec.com" google.com. 21599 IN NS ns3.google.com. google.com. 21599 IN NS ns4.google.com.
Yahoo responds with 3 IP addresses
$ host -ta yahoo.ca yahoo.ca has address 77.238.184.24 yahoo.ca has address 74.6.50.24 yahoo.ca has address 98.137.236.24
Advantage of using an IP address
For me it's usually when DNS could get in the way somehow or is not available. Generally, I would use DNS for most things.
One example of where an IP address might be better would be when you have two machines with a direct link between them (no switch) with private network addresses (say 192.168.1.1 and 192.168.1.2) and they are using it for high availability communications or DRBD or another very specific service. In this case, setting up things in DNS probably doesn't make any sense. It's not necessary, would add complexity, performance issues and could introduce a point of failure.
Another example is routing. Routing tables record IP addresses for various reasons.
Another is referencing name servers (like in /etc/resolv.conf). Since without a name server, you cannot resolve anything.
Related videos on Youtube
Emil Rowland
Updated on September 18, 2022Comments
-
Emil Rowland over 1 year
In my work with servers I have come across in configuration files where you should enter the address to an external server. I have seen some use the server's IP address directly, but I have heard many recommendations to use a hostname fully qualified domain name (FQDN) instead. Why should I use a hostname instead of the direct IP address?
Because if you use a hostname then you would need a local DNS server that would link each hostname to an IP address. What is the disadvantage between using a hostname or an IP address?
-
Janus Troelsen almost 8 yearsif you have dynamic IP's it is probably easier to just change the DNS record. and why a local DNS server? why not just make all machines have publicly resolvable IP's? another disadvantage of IP's are, that even if they are not dynamic, they probably still depend on physical location, making it harder to migrate to a different location. basically, it sounds like you are asking why DNS was invented. this question has been answered many times elsewhere.
-
Hagen von Eitzen almost 8 yearsIt has always been a recommendation (in RFCs, for example) that on application level one only deals with hostnames. However, some applications won't even work unless with IP. Nevertheless, I myself am guilty to often contact my devices by IP instead of hostname - but that bad habit will certainly end as soon as we have fully migrated to IPv6 :)
-
TessellatingHeckler almost 8 yearsBecause of course the external server will be securing all communications with SSL, and the SSL certificates will be signed for the FQDN, and your application can't verify the right server if you use the IP address. Right? :|
-
user almost 8 years@HagenvonEitzen Sure you will never, ever, type out
::1
? :-)
-
-
fluffy almost 8 yearsThis is a great answer, but it should also probably say something about vhosted services as well; IP⟷FQDN is a many-to-many mapping, not many-to-one.
-
Ryan Babchishin almost 8 yearsThanks, and agreed. DNS is very helpful for name based virtual hosting if that's what you're referring to.
-
fluffy almost 8 yearsYeah, that's what I was referring to.
-
Brandon almost 8 yearsEspecially if the knowledge of that IP address is external too, like if customers or partners or vendors use it. Imagine if instead of stackoverflow.com, we all went to an IP that we knew as stackoverflow.com, and then they needed to change the IP? How would they tell every single possible user of the site the IP has changed? Hence names.
-
Ángel almost 8 years@Brandon it'd be the same as if they now decided to change from stackoverflow.com to heapunderflow.com The original benefit of domain names is for humans to remember
stackoverflow.com
instead of151.101.1.69
. Of course nowadays that also allows virtual hosting, subdomains relating to their parents and other benefits that have arisen of them. -
Pieter Geerkens almost 8 yearsI think the core of this answer is that an organization owns its FQDN; but may not own its IP address.
-
Aron almost 8 yearsTry running HTTPS/Kerberos over IP vs FQDN.
-
Lightness Races in Orbit almost 8 yearsThis is literally the purpose of DNS.
-
womble almost 8 years"It also has the benefit of preventing attacks through DNS spoofing." or you just use DNSSEC.
-
gardenhead almost 8 yearsGreat answer that actually gets DNS right - bookmarking for future reference. One minor gripe I have is your comment "Routing tables record IP addresses for various reasons." What are the various reasons to which you refer? Routing tables have no choice but to use IPs because routing happens at the internet layer, whereas DNS uses the application layer and is therefore necessarily dependent on routing.
-
Ryan Babchishin almost 8 years@gardenhead Thanks. That's right about routing, I just didn't want to get into it. Forgive my choice of words.