AgenticDNS

Discovery and trust bootstrapping for the Internet of AI agents

A new indirection layer that incorporates forty years of hard-won lessons about global DNS infrastructure, governance, trust bootstrapping, and financial sustainability—applied using distributed and decentralized systems.

The AgenticDNS 3-Layer Architecture

AgenticDNS is inspired by the NANDA Architecture developed at MIT Media Lab. Each layer serves a distinct purpose, enabling rapid evolution of capabilities and trust signals without touching the global index.

Lean Index

Global, Minimal, Durable

A lightweight, globally replicated index maps agent identifiers to metadata references, not endpoints. Each AgentAddr record is ≤120 bytes, signed, and cacheable.

Metadata / AgentFacts

Dynamic, Verifiable

Capabilities, endpoints, and trust assertions live in signed metadata documents (JSON-LD, W3C Verifiable Credentials) and evolve independently of the index.

Resolver / Dynamic Resolution

Local, Policy-Driven

Resolution decisions occur locally, under enterprise policy, at machine speed. Supports static endpoints, rotating pools, and adaptive routing.

NANDA 3-Layer Architecture Model

Why Now?

Agent Churn

Agents are ephemeral, mobile, and operate across organizational boundaries at machine speed. DNS was designed for static hosts and human timescales.

Sub-Second Revocation

Current certificate revocation (CRL/OCSP) cannot keep pace with millisecond-level agent revocations. AgenticDNS enables sub-second revocation via VC-Status-List mechanisms.

Capability Discovery

TLS certificates prove domain ownership, not agent behavior or capability. AgentFacts provides machine-verifiable trust and capability signaling.

Trust Beyond Domain Ownership

Agents need verifiable claims about capabilities, security posture, and compliance—not just proof of domain control. AgenticDNS addresses trust+capability signaling for autonomous agents.

AgenticDNS Does Not Replace DNS

DNS continues to resolve hosts and domains. AgenticDNS introduces a parallel indirection layer that resolves agent authority, capabilities, and trust—concerns DNS was never designed to handle. This separation enables:

  • • Durable global discoverability without ceding control to a single platform
  • • Rapid evolution of trust signals and capabilities without global coordination
  • • Local policy enforcement aligned with enterprise governance and risk models

Rollout Like Internetworking

AgenticDNS evolves from intranet to extranet to internet, just as networking itself grew from local networks to global connectivity.

Intranet

Single-organization deployment with tight governance and highest control. Enables internal agent discovery and capability negotiation.

  • Internal trust domains
  • Enterprise-controlled registries
  • PrimaryFactsURL hosting
Learn more →

Extranet

Multi-organization federation with negotiated trust exchange. Enables secure agent collaboration across partner boundaries.

  • Federated industry registries
  • Cross-signing between trust zones
  • Negotiated governance rules
Learn more →

Internet

Global public discovery and trust bootstrapping. Enables open agent ecosystems with verifiable identity and capability assertions.

  • Public registries
  • CRDT-based distributed storage
  • Smart contract governance
Learn more →

Get in Touch

Have questions or want to learn more about AgenticDNS?

Contact Us

Email: info@agenticDNS.ai