The Linux Foundation announced DNS-AID, a new open-source project aimed at solving one of the less visible but most critical problems of the web agentic: how AI agents can discover, verify, and communicate with each other without relying on centralized registries, fragile integrations, or manually configured addresses.
The proposal is based on a straightforward idea. Internet already addressed the discovery problem decades ago with DNS. Whenever a user types a domain, the name system translates that human-readable identity into a technical address. DNS-AID seeks to bring that same logic into the world of AI agents and MCP servers, leveraging existing DNS infrastructure as a global, distributed, and neutral directory.
Initially developed by Infoblox, the project now falls under the Linux Foundation’s umbrella, with early support from companies and organizations such as Cloudflare, CSC, Equinix, GoDaddy, Indeed, Internet Systems Consortium, and WWT. The goal is to create an open, interoperable, and governance-neutral foundation for an internet where autonomous agents not only respond to humans but also locate services, verify identities, and coordinate with other systems.
Agent discovery becomes critical infrastructure
The rise of AI agents is transforming how applications are designed. An agent is no longer just a chatbot. It can search for information, use tools, query APIs, execute actions, coordinate tasks, call other agents, and connect to MCP servers to access external contexts or capabilities. To function reliably, this model requires a trustworthy way to know what agents exist, where they are, what they do, and whether they are legitimate.
Today, many integrations depend on private registries, fixed URLs, manual configurations, or closed platforms. While sufficient at small scale, this approach becomes fragile when thousands or millions of agents need to interact across organizations, clouds, domains, and providers. The security risk is also significant: a misidentified, impersonated, or discovered agent via a compromised registry can serve as an entry point to corporate data, tools, and processes.
DNS-AID proposes using DNS as a layer for publishing, discovery, and verification. According to the Linux Foundation, the project offers a vendor-neutral framework for publishing, discovering, and verifying AI agents and Model Context Protocol servers without relying on centralized records or rigidly embedded integrations. The reference implementation includes a Python SDK, a command-line interface, and an MCP server to facilitate integration into existing development workflows.
| DNS-AID Element | Main Function |
|---|---|
| DNS as Directory | Publish and locate agents using existing infrastructure |
| Verification | Help verify agent or server identity and trustworthiness |
| MCP Support | Facilitate discovery of Model Context Protocol servers |
| Python SDK | Integration for developers and platforms |
| CLI | Command-line use and automation |
| Linux Foundation Governance | Neutrality, community, and open development |
| Vendor-Neutral Approach | Avoid dependence on a single provider or closed registry |
Choosing DNS is not incidental. It’s one of the most widespread internet infrastructures, functioning globally, distributed, and already embedded in the trust chain of domains, certificates, policies, and service resolution. Using it for agents may prevent the agent web from fragmenting into incompatible proprietary directories.
From the human web to the agentic web
The human web is built upon browsers, URLs, DNS, certificates, and open protocols. The agentic web requires something similar but adapted for systems acting on behalf of users, companies, or applications. An agent might need to find another specialized in billing, locate a technical documentation MCP server, discover an internal tool, or verify if an external service really belongs to the entity it claims to represent.
Cloudflare summarizes this in its statement with a clear idea: DNS already solved the discovery challenge because it’s fast, globally scalable, and universally understood. Extending that architecture to the agentic web can help prevent the scale of AI from being throttled by central control points or closed registries.
The Internet Systems Consortium also links DNS-AID to records like SVCB and HTTPS, designed specifically to publish metadata about available services. This technical approach is relevant because DNS-AID does not reinvent the base internet infrastructure. Instead, it builds on known standards, which is often decisive for broader adoption.
The project also raises a growing concern: agent identity. In today’s web, a domain, a certificate, and security policies help understand who an application communicates with. In a web where agents make decisions, invoke tools, and manage permissions, that identity must be even clearer. It’s not enough for an agent to respond correctly; we need to know who operates it, under what domain, with what capabilities, trust level, and boundaries.
Security: the new perimeter will be agent-to-agent
Communication between agents creates a new attack surface. If agents become regular intermediaries between applications, data, and actions, attackers will attempt impersonation, redirection, poisoning responses, publishing fake agents, or manipulating discovery records. This adds to the already known shadow AI problem: agents deployed by business units without sufficient cybersecurity oversight.
DNS-AID can help establish a basic control layer: open, identifiable, and verifiable discovery. While it doesn’t solve all security risks associated with agentic AI, it provides an essential layer. Without a common way to publish and find agents, each provider might impose their own directory, trust rules, and trust mechanisms, making auditing and governance harder.
WWT relates DNS-AID to the need for secure infrastructure and operational controls for AI. Indeed, it describes DNS as a vast distributed trust graph that can extend to agents via artifacts like AgentCards and verifiable third-party attestations. The future envisioned is one where discovery is not just “finding a URL,” but establishing contextual trust about the agent, its operator, and declared capabilities.
| Risks in the agentic web | How DNS-AID helps |
|---|---|
| Fake agents | Verification linked to domain and identity |
| Fragile integrations | Standard discovery instead of hardcoded URLs |
| Centralized records | Reduced dependence on a single provider |
| Shadow AI | Shared conventions for publishing and locating agents |
| Multicloud and hybrid | Neutral discovery across platforms |
| Lack of interoperability | Open foundation for agents and MCP servers |
Governance by the Linux Foundation is also crucial. Many internet standards succeed not only because of technical design but because they are perceived as belonging to an open, neutral ecosystem. For companies, governments, and developers, this neutrality can be decisive if agent discovery becomes part of critical processes.
MCP, agents, and the interoperability challenge
Support for MCP servers is another key aspect. Protocols like Model Context Protocol have become prominent for connecting models and agents with tools, data, and external systems. As the number of MCP servers grows, the same question arises: how to discover them, verify their identity, and avoid unwieldy manual configurations?
DNS-AID does not replace MCP but can serve as a discovery layer, helping agents locate MCP servers via DNS. This can streamline deployment in hybrid and multi-cloud environments where different teams operate agents, internal tools, connectors, and services across distinct domains.
Fragmentation remains a risk. If each platform creates its own marketplace, registry, and publishing method for capabilities, the agentic web may become siloed. While that benefits large providers, it hampers interoperability. DNS-AID’s approach is to promote a shared, open infrastructure aligned with internet architecture standards.
A small piece for a big transformation
DNS-AID isn’t the most glamorous AI project. It doesn’t generate videos, write code independently, or promise to replace humans. Its value lies elsewhere: in creating a basic, decentralized layer that allows agents to find each other reliably and securely.
Such projects often seem minor initially, but many foundational elements of the internet started that way. DNS, certificates, service registries, identity standards, and open protocols enabled the web’s exponential growth beyond isolated platforms. To achieve similar scale, the agentic web will require comparable foundational elements.
The Linux Foundation is positioned well by framing the discussion around infrastructure. Autonomous AI won’t scale solely through better models; it requires identity, discovery, permissions, security, observability, revocation, auditing, and standards. DNS-AID addresses one piece: knowing where an agent is, how it’s published, and how to verify it.
Whether developers, DNS providers, cloud platforms, companies, or MCP projects adopt this approach remains to be seen. The project is open for contributions on GitHub. If it gains traction, it could become one of those subtle technologies supporting a significant part of the next internet. If not, the risk is a more closed, fragmented, and dependency-heavy agentic web based on private directories.
Artificial intelligence is progressing toward systems that act among themselves, not just chatbots communicating with humans. For this leap to be built on solid foundations, open standards and protocols are essential. DNS-AID represents one of the first serious proposals to elevate this conversation to the infrastructure level where the internet has historically thrived.
Frequently Asked Questions
What is DNS-AID?
DNS-AID is an open-source project by the Linux Foundation enabling AI agents and MCP servers to publish, discover, and verify using existing DNS infrastructure.
Why use DNS to discover AI agents?
Because DNS is a global, distributed, interoperable, and widely deployed infrastructure. Using it avoids reliance on centralized records or rigid integrations.
What’s the relationship between DNS-AID and MCP?
DNS-AID can serve as a discovery layer, helping agents locate MCP servers and available tools or contexts.
Does DNS-AID solve all AI security risks?
No. It provides a foundation for discovery and identity but must be combined with permissions, authentication, auditing, usage policies, and security controls.
via: linuxfoundation