惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
宝玉的分享
宝玉的分享
I
InfoQ
P
Privacy International News Feed
V
V2EX
IT之家
IT之家
S
SegmentFault 最新的问题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
The Register - Security
The Register - Security
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
C
Cyber Attacks, Cyber Crime and Cyber Security
F
Fortinet All Blogs
B
Blog
N
Netflix TechBlog - Medium
B
Blog RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
T
Threatpost
Forbes - Security
Forbes - Security
U
Unit 42
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recorded Future
Recorded Future
L
Lohrmann on Cybersecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
月光博客
月光博客
Spread Privacy
Spread Privacy
MongoDB | Blog
MongoDB | Blog
Jina AI
Jina AI
I
Intezer
V
Visual Studio Blog
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
MyScale Blog
MyScale Blog
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
量子位

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
DNS-AID — AI Agent Discovery via DNS
oogali · 2026-06-01 · via Hacker News - Newest: "AI"

IETF Draft · Open Source

The universal .discovery layer for AI agents.

Publish agents to DNS, discover them like websites, and verify trust with DNSSEC. No centralized registry, just signal.

Install the full SDK in one shot:

pip docker source

pip install "dns-aid[all]"

Core capabilities

What DNS-AID gives you, built on the DNS-AID protocol.

Core principle

Zero new infrastructure.
Built on DNS you already run.

DNS-AID is a naming convention on top of existing SVCB, TXT, and TLSA records. No new record types, no new servers, no new protocols — just standards from RFC 9460 and RFC 4033.

Security

DNSSEC trust chain

Cryptographic proof that agent records are authentic and untampered.

Protocols

Protocol agnostic

MCP, A2A, HTTPS, and any future protocol via alpn.

Discovery

Three discovery modes

Lookup by name, search by capability, or crawl a domain index.

Enterprise

Split-horizon DNS

Different agents to internal vs. external. Built-in tenant isolation.

SDK

Open-source toolkit

CLI, Python SDK, MCP server. Eight backends ship in the box.

Performance

Cacheable & decentralized

DNS caches automatically. No central API. Distributed lookups.

The DNS-AID namespace

A deterministic, human-readable naming pattern for agent records.

DNS-AID Naming Pattern

_<agent-name>._<protocol>._agents.<your-domain>

Examples:
_chatbot._mcp._agents.example.com        MCP chatbot
_search._a2a._agents.example.com         A2A search agent
_data-cleaner._a2a._agents.acme.com      capability-based
_index._agents.example.com               full agent index

Multi-tenant:
_analytics._mcp._agents.customer1.saas.com

Anatomy of an agent record

Each agent is an SVCB record packed with machine-readable metadata.

alpn Communication protocol (mcp, a2a, h2)

port Service port number

cap Capability document URI

cap-sha256 Integrity hash for tamper detection

bap Bulk protocol version declarations

policy Governance and usage policy URL

realm Tenant or environment scope

ipv4hint Address hint to reduce extra lookups

How it works

Four steps from publish to connect.

1

Publish your agent

Use the CLI or SDK to create an SVCB record under your domain's _agents zone with endpoint, protocol, and capabilities.

2

DNSSEC signs the zone

Your authoritative DNS signs the records, creating a cryptographic chain of trust from root to your agent.

3

Agents discover yours

Remote agents query DNS for your SVCB record by name, capability type, or full domain index.

4

Validate & connect

The discoverer validates DNSSEC + DANE, then connects directly via the protocol in your SVCB record.

Quickstart

Get up and running with the dns-aid-core Python package.

Install

pip install "dns-aid[all]"           # everything
pip install "dns-aid[cli]"           # CLI only
pip install "dns-aid[route53]"       # AWS backend
pip install "dns-aid[cloudflare]"    # Cloudflare backend
pip install "dns-aid[nios]"          # Infoblox NIOS backend
pip install "dns-aid[mcp]"           # MCP server

Publish

dns-aid publish \
  --name my-chatbot \
  --domain example.com \
  --protocol mcp \
  --endpoint agent.example.com \
  --capability chat

Discover

dns-aid discover example.com
dns-aid discover example.com --json
dns-aid discover example.com --use-http-index

Verify & Diagnose

dns-aid verify _my-chatbot._mcp._agents.example.com
dns-aid doctor --domain example.com

Invoke agents

# List tools on an MCP agent
dns-aid list-tools https://mcp.example.com/mcp

# Call a specific tool
dns-aid call https://mcp.example.com/mcp analyze_security \
  --arguments '{"domain":"example.com"}'

# Send a message to an A2A agent (discover-first)
dns-aid message "What is DNS-AID?" \
  -d ai.infoblox.com -n security-analyzer

Manage

# Delete an agent from DNS
dns-aid delete -n my-chatbot -d example.com -p mcp

Publish

from dns_aid import publish

result = await publish(
    name="my-chatbot",
    domain="example.com",
    protocol="mcp",
    endpoint="agent.example.com",
    capabilities=["chat", "summarize"],
    description="General-purpose chat agent",
)
print(f"Published: {result.agent.fqdn}")
print(f"Records:   {result.records_created}")

Discover

import asyncio
from dns_aid import discover, verify

async def main():
    result = await discover("example.com")
    for agent in result.agents:
        print(f"  {agent.name} — {agent.protocol} @ {agent.endpoint_url}")

    check = await verify("_my-agent._mcp._agents.example.com")
    print(f"DNSSEC valid: {check.dnssec_valid}")

asyncio.run(main())

Discover-then-Invoke

from dns_aid import discover, invoke

async def find_and_call():
    result = await discover("partner.com", protocol="mcp")
    agent = result.agents[0]
    resp = await invoke(agent, method="tools/list")
    print(f"Latency: {resp.signal.invocation_latency_ms}ms")
    print(f"Data:    {resp.data}")

Run the MCP Server

# stdio transport (Claude Desktop)
dns-aid-mcp --transport stdio

# HTTP transport
dns-aid-mcp --transport http --port 8000
ToolDescription
publish_agent_to_dnsPublish an agent's endpoint and capabilities
discover_agents_via_dnsFind agents on any domain via DNS
verify_agent_dnsVerify DNSSEC, DANE, and endpoint for an agent
call_agent_toolInvoke a tool on a discovered MCP agent
list_agent_toolsList available tools on a remote MCP agent
send_a2a_messageMessage a discovered A2A agent
diagnose_environmentCheck DNS-AID configuration and connectivity
delete_agent_from_dnsRemove an agent's DNS records
list_published_agentsList agents in your own DNS zone
list_agent_indexRead a domain's agent index record
sync_agent_indexRebuild a domain's agent index from live records

Local Playground — zero credentials needed

git clone https://github.com/infobloxopen/dns-aid-core.git
cd dns-aid-core
pip install "dns-aid[cli]"
docker compose -f tests/integration/bind/docker-compose.yml up -d

# Configure .env for local BIND9 (see .env.example)
dns-aid publish --name test-agent --domain test.dns-aid.local \
  --protocol mcp --endpoint localhost --backend ddns \
  --capability chat

dns-aid discover test.dns-aid.local

Three ways to discover agents

All via standard DNS queries. No special client needed.

Targeted

Lookup by name

You know the agent. Query its SVCB record directly for endpoint details.

dig SVCB _chatbot._mcp._agents.example.com

Capability

Search by function

Find agents by what they do. Query a capability type under the agent zone.

dig SVCB _data-cleaner._a2a._agents.example.com

Index

Crawl the catalog

Fetch a domain's full agent inventory from a well-known index entry point.

dig TXT _index._agents.example.com

Architecture

Cross-organization agent discovery flow.

  ORG 1 (Discovering)                                    ORG 2 (Publishing)

  +----------------+                                    +-------------------+
  |   AI Agent     |---- 1. DNS SVCB Query ----------->|   Authoritative   |
  |   (org1)       |     _search._a2a._agents.org2.com |   DNS Server      |
  |                |<--- 2. SVCB Response -------------|   (DNSSEC-signed) |
  +-------+--------+     alpn="a2a" port=443           +-------------------+
          |               ipv4hint=198.51.100.10
          |
          |   3. DNSSEC + DANE Validation
          |
          |   4. Direct A2A / MCP / HTTPS Connection
          v
  +----------------+
  |   AI Agent     |   Running at 198.51.100.10:443
  |   (org2)       |
  +----------------+

R53

Amazon Route 53

AWS hosted zones

CF

Cloudflare

Global edge DNS

IB

Infoblox NIOS

Enterprise DDI

UD

Infoblox UDDI

Universal DDI cloud

GC

Google Cloud DNS

GCP managed

NS1

NS1

Managed DNS & traffic steering

RFC

RFC 2136 DDNS

Any standards-compliant DNS

B9

BIND9

Self-hosted & local dev

Policy enforcement

Discovery gets agents to the right endpoint. Policy helps deployments express who may call, what auth is required, and which runtime checks to apply without turning the homepage into a protocol memo.

Current

Runtime policy today

The DNS-AID learning materials already describe runtime policy evaluation alongside discovery metadata, auth requirements, and deployment-specific policy bundles such as policy.json.

Layers

Caller, target, and infrastructure

Teams can start with caller-side and target-side checks, then add resolver or proxy enforcement only if their DNS or traffic infrastructure supports it.

Extensions

Local inspection patterns

Some deployments may add local request or response inspection for PII, prompt injection, or data handling checks without routing traffic through a central policy service.

What gets enforced

Documented policy examples on this site include caller-domain restrictions, required auth types, availability windows, rate limits, DNSSEC-sensitive decisions, and CEL expressions for tighter runtime checks.

Why it matters

You can start with the current runtime policy model and extend into resolver or proxy enforcement later, instead of committing to a heavyweight centralized security architecture on day one.

Use cases

Real-world agent discovery scenarios.

Enterprise

Cross-org agent collaboration

An internal agent queries DNS to discover a partner's authorized agents, validates delegation, and initiates a secure session automatically.

Academic

Research consortiums

Universities publish agents under their own domains. Collaborators discover services by capability while respecting institutional trust boundaries.

SaaS

Multi-tenant platforms

SaaS providers host agents under tenant-specific zones. DNS zone delegation provides natural isolation and scoped discovery per customer.

Edge

IoT and edge agents

Lightweight agents on constrained devices benefit from DNS's distributed, cacheable architecture with SVCB hints for low-latency bootstrapping.

Security & trust

Built on the internet's battle-tested security infrastructure.

DNSSEC

Mandatory for public zones. Cryptographic chain of trust prevents spoofing and tampering.

DANE / TLSA

Binds TLS certificates to DNS records. Endpoint verification without certificate authority trust issues.

Domain Control Validation

Agents prove authorization via DCV TXT records. Scoped, verifiable, and ideal for ephemeral agents.

Capability Integrity

cap-sha256 hash ensures capability documents haven't been tampered with.

Split-Horizon DNS

Internal agents stay invisible externally. Different views for different resolver contexts.

Scoped Authorization

TXT records define per-agent roles and permissions scoped to specific services and operations.

FAQ

Does DNS-AID require changes to my DNS servers?

No. DNS-AID introduces no new DNS record types, opcodes, or message formats. It's a naming convention on top of existing SVCB, TXT, and TLSA records. Any DNS server supporting DNSSEC and SVCB will work.

What agent communication protocols does it support?

DNS-AID is protocol-agnostic. Agents declare protocols in the SVCB alpn field. The SDK supports MCP, A2A, and HTTPS. New protocols work by using new alpn identifiers.

How is this different from a centralized agent registry?

DNS-AID is decentralized. Each organization publishes records under its own domain. No central registry, no vendor lock-in, no single point of failure.

What DNS providers are supported?

AWS Route 53, Cloudflare, Infoblox NIOS, and RFC 2136. A Docker BIND9 playground is included for local dev. The backend architecture is extensible.

Is DNSSEC required?

For public agent zones, yes. Without DNSSEC, discovering agents can't verify records are authentic. For private zones, network-level controls may suffice.

What if my DNS provider doesn't support custom SVCB parameters?

The SDK handles this automatically. Custom parameters are gracefully demoted to TXT records with dnsaid_ prefixes. All metadata is preserved losslessly.

Can I try it without a cloud account?

Yes. The repo includes a Docker Compose setup with a local BIND9 server at tests/integration/bind/. Run docker compose -f tests/integration/bind/docker-compose.yml up -d and experiment entirely on your local machine using the DDNS backend.

Start discovering agents.

Install the SDK, publish your first agent, and build on the open universal discovery layer for AI.