RSS

AI Agent Discovery via DNS

oogali1 pts0 comments

DNS-AID — AI Agent Discovery via DNS

IETF Draft · Open Source

The universal .discovery layer for AI agents.

Publish agents to DNS, discover them like websites, and verify trust with DNSSEC. No centralized registry, just signal.

Get started<br>Read IETF draft

Install the full SDK in one shot:

pip<br>docker<br>source

pip install "dns-aid[all]"<br>Copy

docker compose -f tests/integration/bind/docker-compose.yml up -d<br>Copy

git clone https://github.com/infobloxopen/dns-aid-core.git<br>Copy

Core capabilities

What DNS-AID gives you, built on the DNS-AID protocol.

Core principle

Zero new infrastructure.<br>Built on DNS you already run.

DNS-AID is a naming convention on top of existing SVCB, TXT, and TLSA records. No new record types, no new servers, no new protocols — just standards from RFC 9460 and RFC 4033.

SpecRFC 9460

SecurityDNSSEC

StatusIETF draft

Security

DNSSEC trust chain

Cryptographic proof that agent records are authentic and untampered.

Protocols

Protocol agnostic

MCP, A2A, HTTPS, and any future protocol via alpn.

Discovery

Three discovery modes

Lookup by name, search by capability, or crawl a domain index.

Enterprise

Split-horizon DNS

Different agents to internal vs. external. Built-in tenant isolation.

SDK

Open-source toolkit

CLI, Python SDK, MCP server. Eight backends ship in the box.

Performance

Cacheable & decentralized

DNS caches automatically. No central API. Distributed lookups.

The DNS-AID namespace

A deterministic, human-readable naming pattern for agent records.

DNS-AID Naming Pattern

_._._agents.

Examples:<br>_chatbot._mcp._agents.example.com MCP chatbot<br>_search._a2a._agents.example.com A2A search agent<br>_data-cleaner._a2a._agents.acme.com capability-based<br>_index._agents.example.com full agent index

Multi-tenant:<br>_analytics._mcp._agents.customer1.saas.com

Anatomy of an agent record

Each agent is an SVCB record packed with machine-readable metadata.

_my-agent._mcp._agents.example.com. 3600 IN SVCB 1 agent.example.com. (<br>alpn="mcp" ; protocol<br>port=443 ; service port<br>cap="https://example.com/cap.json" ; capability doc<br>cap-sha256="abc123..." ; integrity hash<br>bap="mcp=1.0,a2a=0.2" ; protocol versions<br>policy="https://example.com/policy" ; governance URL<br>realm="production" ; tenant scope<br>ipv4hint=192.0.2.1 ; address hint

alpn Communication protocol (mcp, a2a, h2)

port Service port number

cap Capability document URI

cap-sha256 Integrity hash for tamper detection

bap Bulk protocol version declarations

policy Governance and usage policy URL

realm Tenant or environment scope

ipv4hint Address hint to reduce extra lookups

How it works

Four steps from publish to connect.

Publish your agent

Use the CLI or SDK to create an SVCB record under your domain's _agents zone with endpoint, protocol, and capabilities.

DNSSEC signs the zone

Your authoritative DNS signs the records, creating a cryptographic chain of trust from root to your agent.

Agents discover yours

Remote agents query DNS for your SVCB record by name, capability type, or full domain index.

Validate & connect

The discoverer validates DNSSEC + DANE, then connects directly via the protocol in your SVCB record.

Quickstart

Get up and running with the dns-aid-core Python package.

CLI<br>Python<br>MCP Server<br>Docker

Install

pip install "dns-aid[all]" # everything<br>pip install "dns-aid[cli]" # CLI only<br>pip install "dns-aid[route53]" # AWS backend<br>pip install "dns-aid[cloudflare]" # Cloudflare backend<br>pip install "dns-aid[nios]" # Infoblox NIOS backend<br>pip install "dns-aid[mcp]" # MCP server

Publish

dns-aid publish \<br>--name my-chatbot \<br>--domain example.com \<br>--protocol mcp \<br>--endpoint agent.example.com \<br>--capability chat

Discover

dns-aid discover example.com<br>dns-aid discover example.com --json<br>dns-aid discover example.com --use-http-index

Verify & Diagnose

dns-aid verify _my-chatbot._mcp._agents.example.com<br>dns-aid doctor --domain example.com

Invoke agents

# List tools on an MCP agent<br>dns-aid list-tools https://mcp.example.com/mcp

# Call a specific tool<br>dns-aid call https://mcp.example.com/mcp analyze_security \<br>--arguments '{"domain":"example.com"}'

# Send a message to an A2A agent (discover-first)<br>dns-aid message "What is DNS-AID?" \<br>-d ai.infoblox.com -n security-analyzer

Manage

# Delete an agent from DNS<br>dns-aid delete -n my-chatbot -d example.com -p mcp

Publish

from dns_aid import publish

result = await publish(<br>name="my-chatbot",<br>domain="example.com",<br>protocol="mcp",<br>endpoint="agent.example.com",<br>capabilities=["chat", "summarize"],<br>description="General-purpose chat agent",<br>print(f"Published: {result.agent.fqdn}")<br>print(f"Records: {result.records_created}")

Discover

import asyncio<br>from dns_aid import discover, verify

async def main():<br>result = await discover("example.com")<br>for agent in result.agents:<br>print(f" {agent.name} — {agent.protocol} @ {agent.endpoint_url}")

check = await verify("_my-agent._mcp._agents.example.com")<br>print(f"DNSSEC valid:...

agent example protocol discover _agents install

Related Articles

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.