> On the other hand, most devs / technical staff type IPs into the browser and terminal daily.
No they don’t. Configure a DNS server and type these in once. Any time I see IP addresses passed around it’s a sign of broken infrastructure. (It also means you aren’t using tls or you’re training people to accept cert errors)
I think you’re confused a bit, so let’s split apart the use cases to be clear why IPs are bad in both cases.
You said devs and technical staff were typing IPs into their browsers. Presumably this means the address bar, which breaks TLS.
SSH derives a big chunk of security from key caching. If you’re using IPs you now can’t have an IP change without triggering key warnings on the SSH clients for a new key at a minimum or (worst case) a breach.
Every server/VM I control (~200) has a DNS entry. Every active IP has a reverse (PTR) entry.
I have a monitoring task to check for missing DNS entries, as it usually suggests a problem (i.e. we've deployed or undeployed something incompletely).
No they don’t. Configure a DNS server and type these in once. Any time I see IP addresses passed around it’s a sign of broken infrastructure. (It also means you aren’t using tls or you’re training people to accept cert errors)