Skip to main content
Back to Blog
Opinion

The Race to Become DNS for AI Agents

OSSA Team
4 min read

Nobody can find anything

MCP has 5,800+ servers and 97M+ monthly SDK downloads. A2A has 150+ organizations. AGENTS.md is in 60,000+ repos. The protocols work. The plumbing is solid.

But ask a simple question — where is the best agent for financial analysis that I can trust? — and you hit a wall.

The MCP Registry indexes only MCP servers. A2A's .well-known/agent.json is per-domain with no global search. Google Agentspace is a walled garden. Salesforce AgentExchange serves only Salesforce. The OpenAI GPT Store has 3M+ custom GPTs locked inside OpenAI. Fetch.ai requires cryptocurrency to register.

10+ major agent marketplaces. Zero universal discovery.

BCG calculates that without standards, integration complexity rises quadratically. The AI agent market hits $50 billion by 2030 with 10,000+ custom agents published weekly. We're building the internet of agents on top of disconnected silos.

This is DNS in 1983 all over again

Before DNS, you needed to know the IP address of every computer you wanted to reach. HOSTS.TXT was a flat file maintained by hand at SRI-NIC. It didn't scale.

Today's agent discovery is HOSTS.TXT. Every marketplace maintains its own registry. Every protocol has its own discovery mechanism. None of them talk to each other.

DNS solved this with three ideas: hierarchical naming, distributed resolution, and federated authority. DUADP applies the same architecture to agents:

  1. DNS TXT records for bootstrap — _uadp.example.com TXT "v=uadp1; endpoint=..." — same infrastructure that runs SPF and DMARC
  2. WebFinger-style resolution for cross-domain discovery — like how Mastodon finds @user@instance across the fediverse
  3. Gossip federation for propagation — convergence in O(log N) rounds, no central coordinator

The GAID URI scheme (duadp://skills.sh/tools/web-search) unifies identity and discovery in a single address. Query it, and you get back endpoints for every protocol the agent supports: A2A, MCP, OSSA, OpenAPI.

Six competing URI schemes, none dominant

The identifier landscape right now:

  • IETF agent:// (draft-narvaneni) — Ted Hardie said it needs "significant refactoring" at IETF 123
  • did:wba — W3C DID extension for agents, requires DID document hosting
  • AID — single DNS TXT record, 255-byte limit per string
  • ajson:// (JSON Agents/PAM) — JSON Schema validation, framework mappings
  • BANDAID — SVCB records with DNSSEC + DANE, Standards Track
  • GAID (duadp://) — multi-mechanism resolution with graceful fallback

GAID's edge: it resolves through multiple mechanisms — DNS TXT, WebFinger, registry API, gossip — and falls back gracefully. The others prescribe a single resolution path.

The real competition is AGNTCY

Let's be honest about the threat landscape:

AGNTCY (Cisco + Linux Foundation) has 75+ companies, production code, and a full stack: discovery, identity, messaging, observability. They use P2P DHT (libp2p Kad-DHT) for decentralized discovery. Their weakness: you need to run dedicated node software. Their strength: Cisco, Dell, Google Cloud, Oracle, Red Hat backing.

ANS (OWASP) has an IETF draft but no production deployment.

Oracle's Open Agent Specification is integrating with AGNTCY's OASF.

DUADP's differentiation: the OSSA contract layer. Neither AGNTCY nor ANS nor Oracle addresses governance, compliance, or trust at the schema level. OSSA combines W3C DIDs, Cedar authorization, 5-level trust tiers, SP 800-53 compliance mapping, token efficiency budgets, and cryptographic provenance in a single schema.

MCP provides the hands. A2A provides the voice. OSSA provides the credentials.

Any system can be a node

This is the killer feature. Running a DUADP node = hosting a static JSON file at /.well-known/duadp.json.

  • A Drupal site with the DUADP module? Node.
  • A Flask API? Node.
  • A Kubernetes cluster? Node.
  • A GitHub Pages deployment? Node.

AGNTCY's P2P DHT requires running dedicated software maintaining peer tables. That's a barrier. DUADP's federated model lets you participate with zero new infrastructure — the same model that let every web server become an email server by running SMTP.

The window is 12-18 months

  • NIST CAISI RFI deadline was March 9, 2026 — OSSA submitted March 5
  • NCCoE AI Agent Identity deadline is April 2, 2026
  • AAIF will expand scope beyond MCP/AGENTS.md/Goose in 2026 H2
  • AGNTCY is growing fast under Linux Foundation governance

Historical pattern: MCP went from release to industry standard in 13 months using three principles — simplicity (JSON-RPC), infrastructure embedding (shipped in Claude, ChatGPT, VS Code), and neutral governance (Linux Foundation).

DUADP needs to replicate this playbook:

  1. Simplicity — minimum viable participation is a JSON file, not a daemon
  2. Infrastructure embedding — ship as Drupal module, K8s operator, GitHub Action, npm package
  3. Neutral governance — NIST reference, then AAIF/Linux Foundation

The full competitive analysis with technical architecture comparison is in our research paper.

DUADP is part of the OSSA specification. Read the DUADP technical specification or see how it maps to NIST CAISI requirements.

DUADPdiscoveryDNSfederationcompetitive-analysis
Back to All Posts