As artificial intelligence agents multiply across the internet, the challenge of locating and communicating with them has become a critical concern. Currently, organizations rely on proprietary agent registries or custom solutions that are neither standardized nor interoperable. The Linux Foundation is stepping in with an elegant solution that leverages one of the internet's oldest and most trusted protocols: the Domain Name System (DNS).

Announced on May 29, 2026, the DNS-AID project proposes a set of DNS extensions that allow AI agents to discover, verify, and communicate with one another without requiring any new infrastructure. Instead, domain owners will add a simple well-known DNS record that points to the agents hosted on their domain. The proposed format is _index._agents.{domain}, which acts as a starting point for agent-to-agent communication.

How DNS-AID Works

The core idea is straightforward: just as DNS translates domain names to IP addresses, DNS-AID translates domain names to agent endpoints. An agent looking for a specific service—say, a weather API or a customer support bot—would query the DNS for the appropriate domain and retrieve information about available agents. This approach builds on the existing security mechanisms of DNS, including DNSSEC for authentication, ensuring that agents can trust the directory information they receive.

The Linux Foundation emphasized that DNS-AID is designed to be compatible with the Model Context Protocol (MCP), an emerging standard for AI agent communication. By integrating with MCP, DNS-AID enables agents not only to find each other but also to negotiate context, capabilities, and security policies before exchanging data.

Why DNS for Agent Discovery?

The internet already relies on DNS for billions of daily transactions. Proposing a new directory system would require massive investment in new infrastructure, adoption hurdles, and potential fragmentation. DNS-AID avoids these problems by piggybacking on existing infrastructure. Domain owners simply add new records to their DNS zones, and agents can query those records using standard DNS tools.

Jim Zemlin, CEO of the Linux Foundation, stated: "AI agents are quickly becoming the connective tissue of the modern internet, but without secure, open discovery infrastructure, that connectivity becomes a liability. DNS-AID helps anchor agent discovery in the DNS infrastructure that the internet already trusts."

Development and Contributors

DNS-AID was initially developed by staff at Infoblox, a company specializing in DNS and network services. The latest internet draft includes contributions from Deutsche Telekom and Amazon, signaling broad industry interest. The Linux Foundation intends to keep DNS-AID vendor-neutral and open, inviting contributions from the wider community through its project governance.

The proposal is still in the early stages, with many details to be worked out, including the exact format of agent records, caching strategies, and how to handle dynamic agent availability. However, the foundation has opened the specification for public comment and hopes to finalize a standard within the next year.

Background: The Rise of AI Agents

AI agents are self-contained software programs that can perform tasks autonomously, such as booking appointments, analyzing data, or controlling IoT devices. As their numbers grow—from a few thousand in 2024 to potentially millions by 2027—the need for a universal directory becomes pressing. Without one, agents cannot interact across organizational boundaries, limiting their utility.

Proprietary solutions offered by companies like Google, Microsoft, and others provide discovery within their ecosystems, but these silos prevent agents from communicating with agents outside those walls. DNS-AID aims to break down these silos by offering a common, open standard that any agent can use, regardless of its origin or platform.

Security and Trust Considerations

One of the primary challenges in agent discovery is security. Malicious agents could impersonate legitimate services, leading to data breaches or manipulation. DNS-AID addresses this by leveraging DNSSEC (DNS Security Extensions) to sign records. Agents can verify that the directory entries come from an authorized source and have not been tampered with in transit.

Additionally, the proposal allows domain owners to specify authentication requirements within the DNS records, such as requiring agents to present certain credentials before exchanging information. This layered approach ensures that DNS-AID is not just a directory but a secure foundation for agent-to-agent trust.

Comparison with Alternative Technologies

Other approaches to agent discovery include blockchain-based registries, peer-to-peer distributed hash tables (DHTs), and centralized directories. Each has trade-offs in terms of cost, performance, and decentralization. DNS-AID's advantage is its simplicity and the fact that DNS is already ubiquitous. It requires no new hardware, no new protocols, and minimal overhead for domain owners.

Critics may argue that DNS was not designed for the dynamic and ephemeral nature of AI agents. Agents may change their endpoints frequently or exist for only short periods. However, DNS supports low TTL (Time-To-Live) values, and dynamic DNS updates can accommodate frequent changes. The Linux Foundation is exploring extensions to optimize DNS-AID for agent churn.

Impact on the Internet Ecosystem

If adopted widely, DNS-AID could transform how AI agents inter operate. It could enable a new wave of decentralized AI services where agents can find and negotiate with each other without intermediaries. This aligns with the broader vision of an open, interoperable internet where AI acts as a utility layer.

For developers, DNS-AID simplifies the process of making agents discoverable. Instead of registering with multiple proprietary directories, they can simply add a few DNS records to their domain. This lowers the barrier to entry for small and medium-sized organizations that want to offer AI services.

For enterprises, DNS-AID offers a way to expose internal agents securely while maintaining control over what information is made public. By using DNSSEC and access control policies, organizations can choose to list only some agents or restrict visibility to authorized partners.

Next Steps and Community Involvement

The Linux Foundation has published an Internet Draft through the IETF (Internet Engineering Task Force) process, inviting technical feedback. The project repository is open on GitHub, and the foundation encourages developers, security researchers, and network operators to contribute. Key areas for contribution include implementation examples, security analysis, and standardization of agent metadata fields.

The initial draft covers basic discovery, but future iterations may include support for agent load balancing, health checks, and federated discovery across multiple domains. The foundation also plans to work with DNS software vendors to add native support for DNS-AID record types.

As AI agents become the connective tissue of the internet, DNS-AID offers a practical, scalable, and open way to keep that tissue healthy. By extending a system that has reliably served the internet for decades, the Linux Foundation hopes to ensure that agent discovery remains secure, decentralized, and free from vendor lock-in.

Source: InfoWorld News