And I don't believe anyone is necessarily advocating exposing individual servers directly to the internet either.
Actually, some of us are.
That can be difficult to do when you have maybe 300 or 400 servers that handle one service. Let's say you have a site called www.foobar.com and you have several hundred servers on the front end that handle that domain. You aren't going to put several hundred A records in DNS; at least I hope you aren't. One would probably have a load balancer of some sort in front of those machines. That is the device that would be fielding any DoS.
There are other devices that can handle isolation of the servers and protect them against such things as syn floods.
What is the point of that when the servers can do it themselves?
I have a feeling you are talking about relatively small amounts of traffic.