The joke goes that if something goes wrong with the Internet, it's always Domain Name Server (DNS). That's because, uh, well, actually it often is DNS. That said, we do need a universal, open way to track AI Agents, so why not try DNS to see whether the Internet's universal directory can identify Agents as well as IP addresses?
The Linux Foundation is trying this idea by introducing the Agent Name Service (ANS). This is an open, DNS‑inspired standard designed to give AI agents verifiable, internet‑native identities and a secure way to be discovered and trusted.
Why DNS? Well, even though DNS breaks down badly when it fails, it doesn't really fall down that often. After all, DNS processes over 100 million queries per second worldwide.
So, rather than introducing a new lookup network or proprietary ecosystem, ANS anchors agent identity directly to DNS. This proposed framework enables systems and users to verify who an agent represents, what permissions it has, and whether its code and operational history remain authentic and unchanged.
This is an essential effort. As Jim Zemlin, CEO of Linux Foundation, said, “AI agents will increasingly operate across enterprises, platforms, and digital services, which makes trusted identity infrastructure a foundational requirement. By building on DNS and open standards, ANS creates a scalable and interoperable framework for verified agent communication across the global digital economy.”
Such a system is necessary because even as enterprises rapidly embrace autonomous agents, they lack a common, vendor‑neutral way to know who really controls an agent, what code and model version it is running, and whether its metadata or endpoint has been tampered with. Proprietary “agent registries” from cloud and AI vendors address the problem in silos. ANS is intended to be the glue that spans them, or possibly replaces them.
An ANS name is anchored to a domain, so an agent operated by a company is explicitly tied to that company’s Internet identity. The resolution process looks familiar to anyone who has worked with DNS, but with added security layers. When an application or another agent asks ANS to resolve a name, the service returns signed records that can be checked against public key infrastructure and certificates before any interaction occurs. The idea is that a system can programmatically answer three questions before trusting an agent: who runs it, what version it is, and whether the record has been altered since it was registered.
Supporters argue that this approach gives agents “first‑class status” in the web’s identity fabric, rather than treating them as opaque services hidden behind APIs. Others, however, worry that ANS will be too slow since agentic AI is constantly calling and recalling agents to get work done.
The ANS specification did not appear out of thin air. The work emerged from the OWASP GenAI Security Project. These contributors were grappling with how to secure multi‑agent systems without leaving enterprises at the mercy of proprietary registries and opaque discovery mechanisms.
Within OWASP, ANS has been framed as a protocol‑agnostic agent discovery and registration layer that can sit alongside existing DNS infrastructure. The design leans on public key infrastructure and signed registration records, and it contemplates integrating decentralized identifiers (DIDs) and legal entity identifiers (LEIs) so that agents can be cryptographically tied to real organizations. That linkage is intended to address the “shadow AI” problem, in which agents are spun up with no clear provenance or governance, yet can make security‑critical decisions or access sensitive data.
To transform this idea into a deployable standard, two companies, Infoblox and GoDaddy, have been working on making concrete services. First, Infoblox is advancing DNS for AI Discovery (DNS-AID). This is an open, interoperable approach for agent discovery built on DNS. Simultaneously, GoDaddy is helping develop ANS. Both efforts are complementary and are being developed in community standards bodies with the explicit goal of enabling independent implementations and avoiding single- or concentrated-vendor control.
By hosting ANS as its own initiative, the Foundation is signaling that agent identity and discovery is becoming a cross‑industry concern that touches cloud providers, enterprise software vendors, registrars, and security teams alike. They're also hoping that
The Linux Foundation’s move effectively graduates ANS from a security‑focused project into a broader standards effort.
In the plan, which is still coming together, DNS-AID defines a naming convention and metadata format layered on top of existing DNS record types such as SVCB, TXT, and TLSA. This is all secured by DNSSEC. In practice, an organization can publish agents under names like *chatbot.*mcp._agents.example.com, sign the zone with DNSSEC, and let other agents resolve and verify those records before connecting over MCP, A2A, HTTPS, or any protocol addressable via DNS's Service Binding (SVCB) and Application-Layer Protocol Negotiation (ALPN).
Many companies are supporting ANS. Cloudflare, Equinix, GoDaddy, ISC, and other infrastructure providers have signed on as early backers. They want AI agent discovery to live in open Internet standards rather than be locked into a handful of platform providers. The Linux Foundation, for its part, is positioning ANS and DNS-AID as building blocks in a broader “agentic AI” foundation that could eventually sit alongside Kubernetes and other flagship projects in its portfolio.
Their motivation is straightforward. If ANS gains traction as a neutral naming and identity layer, they can plug agents into existing domain, DNS, and certificate ecosystems rather than reinventing the wheel for AI.
Registrars and DNS providers see a new category of names and records to manage. Security vendors see a standardized place to attach policy and monitoring. Cloud providers see an opportunity to interoperate without ceding control of their own agent orchestration stacks.
Not everyone is happy with this proposal. An open, DNS‑anchored standard for agent identity shifts some control away from vertically integrated AI platforms, which have been building their own discovery and trust mechanisms. If ANS succeeds, enterprises may insist that agents from any vendor be registered and verifiable under their own domains, with independent identity checks. That could complicate proprietary ecosystems that rely on closed agent directories.
ANS arrives alongside a related effort, the Linux Foundation's DNS for AI Discovery (DNS-AID). DNS-AID focuses on the complementary problem of helping AI agents and Model Context Protocol (MCP) servers find and verify one another. As the name says, DNS-AID also uses DNS as a neutral directory
For now, ANS is more of a roadmap than reality. But the Linux Foundation’s decision to pick up the work suggests that agent identity and discovery are poised to become first‑class standards problems, not just features buried in proprietary AI dashboards. As autonomous agents proliferate, the question of “who exactly is this thing I’m talking to?” may prove as important as the models that power them—and ANS is an attempt to answer it in the language the internet already understands: names, keys, and domains. Noteworthy Linux and open-source stories:
Do NOT Chase SpaceX. Do This Instead.
SpaceX is getting all the attention right now.
NVIDIA, Apple, Tesla, and the other mega-cap names are still dominating the conversation.
But Wall Street’s top-rated analysts are pointing to a different group of stocks.
MarketBeat tracks the highest-rated analyst recommendations every day, and 5 names have just risen to the top.
The Top 5 Stocks to Buy Now report reveals the 5 stocks getting some of Wall Street’s strongest analyst support before the broader market catches on.
If you’re looking for your next move, don’t just follow the names everyone is already talking about.