Obfuscating server-side addresses

What is claimed is: 1 . A system associated with a Domain Name System (DNS) service that obfuscates Internet Protocol (IP) addresses of endpoints using groups of home addresses (HAs), the system comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: mapping at least one server IP address of an endpoint to a home address (HA); receiving a DNS request to resolve a domain name on behalf of a client device; converting the domain name into the HA of the endpoint; and providing the HA for use by the client device to contact the endpoint. 2 . The system of claim 1 , the operations further comprising: mapping the HA to a first client identifier (ID) associated with the client device; receiving another DNS request to resolve the domain name for another client device; selecting the HA to provide to the other client device; providing the HA for use by the other client device to contact the endpoint; and mapping the HA to a second client ID associated with the other client device. 3 . The system of claim 1 , the operations further comprising: determining that the HA maps to multiple server IP addresses associated with respective multiple endpoints; determining a selected server IP address of the multiple server IP addresses to be used for encapsulation based at least in part on load balancing between the multiple server IP addresses; performing an encapsulation of a packet with the selected server IP address that corresponds to the HA; and sending the packet to a next hop associated with the selected server IP address associated with the endpoint. 4 . The system of claim 1 , the operations further comprising: creating a tunnel between a virtual service of the system and the endpoint such that: first packets sent from the virtual service and to the endpoint have a home address of the virtual service as a source address; and second packets sent from the endpoint to the virtual service have a destination address of the home address. 5 . The system of claim 1 , the operations further comprising: receiving a packet having a destination address that is the HA; determining that a source address of the packet is a source IP address of the client device that sent the packet; performing an encapsulation of the packet with a server IP address that corresponds to the HA; and sending the packet to a next hop associated with the server IP address of the endpoint. 6 . The system of claim 5 , wherein the packet is associated with a mobile IP version 4 (MIPv4) protocol and the encapsulation includes converting the packet to an MIPv6 protocol. 7 . The system of claim 5 , the operations further comprising, prior to sending the packet: changing the source address of the packet from the source IP address to a particular system VIP address associated with the system; and mapping the particular system VIP address to the source IP address of the client device. 8 . The system of claim 7 , the operations further comprising: receiving a return packet from the endpoint; determining that a destination address of the return packet is the particular system VIP address; based at least in part on the mapping of the particular system VIP address to the server IP address, performing a decapsulation of the packet such that the destination address of the return packet is a client IP address; and sending the return packet to the client device. 9 . The system of claim 1 , the operations further comprising: receiving a packet from a source device; determining that a destination address of the packet is the HA; determining that the source device is not the client device to which the HA was provided; and dropping the packet. 10 . The system of claim 1 , the operations further comprising: receiving a packet from a source device; determining that a destination address of the packet is the HA; determining that the source device is the client device to which the HA was provided; and forwarding the packet to a next hop associated with the endpoint. 11 . A method performed at least partly by a computing system associated with a Domain Name System (DNS) service that obfuscates Internet Protocol (IP) addresses of endpoints using groups of endpoint identifications (HAs), the method comprising: mapping at least one server IP address of an endpoint to a home address (HA); receiving a DNS request to resolve a domain name on behalf of a client device; converting the domain name into the HA of the endpoint; and providing the HA for use by the client device to contact the endpoint. 12 . The method of claim 11 , further comprising: mapping the HA to a first client identifier (ID) associated with the client device; receiving another DNS request to resolve the domain name for another client device; selecting the HA to provide to the other client device; providing the HA for use by the other client device to contact the endpoint; and mapping the HA to a second client ID associated with the other client device. 13 . The method of claim 11 , further comprising: receiving a packet having a destination address that is the HA; determining that a source address of the packet is a source IP address of the client device that sent the packet; performing an encapsulation of the packet with a server IP address that corresponds to the HA; and sending the packet to a next hop associated with the server IP address of the endpoint. 14 . The method of claim 13 , further comprising, prior to sending the packet: changing the source address of the packet from the source IP address to a particular system VIP address; and mapping the particular system VIP address to the source IP address of the client device. 15 . The method of claim 14 , further comprising: receiving a return packet from the endpoint; determining that a destination address of the return packet is the particular system VIP address; based at least in part on the mapping of the particular system VIP address to the server IP address, performing a decapsulation of the packet such that the destination address of the return packet is a client IP address; and sending the return packet to the client device. 16 . The method of claim 11 , further comprising: receiving a packet from a source device; determining that a destination address of the packet is the HA; determining that the source device is not the client device to which the HA was provided; and dropping the packet. 17 . The method of claim 11 , further comprising: receiving a packet from a source device; determining that a destination address of the packet is the HA; determining that the source device is the client device to which the HA was provided; and forwarding the packet to a next hop associated with the endpoint. 18 . One or more non-transitory computer-readable media storing computer executable instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: mapping at least one server IP address of an endpoint from multiple endpoints to a home address (HA) from multiple HAs; determining that a client device requested an IP address of the endpoint; selecting the HA from the multiple HAs to provide to the client device; storing a first association between a client identifier (ID) of the client device and the HA; providin