Skip to main content
Back to Research
PUBLISHED
Research

DUADP and the Race to Become DNS for AI Agents

No universal discovery protocol exists for AI agents. DUADP's federated architecture — DNS TXT bootstrap, WebFinger resolution, gossip propagation, and GAID URIs — addresses the most critical gap in the agentic stack.

OSSA Research Team··8 min read

Abstract

While MCP has standardized agent-to-tool connectivity (97M+ monthly SDK downloads) and A2A has consolidated agent-to-agent communication (150+ organizations), every major analysis of the agentic AI landscape identifies the same vacancy: there is no unified, vendor-neutral discovery layer spanning protocols, frameworks, and platforms. This paper examines DUADP's technical architecture — combining DNS TXT records, WebFinger-style resolution, federated gossip propagation, and a novel GAID URI scheme — against centralized registries (MCP Registry, Salesforce AgentExchange), competing decentralized approaches (AGNTCY's P2P DHT, ANS's DNS hierarchy), and emerging standards (IETF agent:// draft, did:wba, AID). We analyze the 12-18 month competitive window and the strategic implications of NIST CAISI's AI Agent Standards Initiative.

1. Introduction: The Last Unsolved Problem

The agentic AI protocol landscape underwent remarkable consolidation in 2025, crystallizing into a complementary multi-protocol stack under Linux Foundation governance:

ProtocolFunctionScaleGovernance
MCPAgent-to-tool connectivity5,800+ servers, 97M+ monthly SDK downloadsAAIF / Linux Foundation
A2AAgent-to-agent communication150+ organizations (Adobe, Cisco, SAP)Google-led, AAIF
AGENTS.mdCoding agent context60,000+ repositoriesOpenAI-originated, AAIF
AGNTCYInfrastructure plumbing75+ companies (Cisco, Dell, Oracle, Red Hat)Linux Foundation

Yet none answers the fundamental question: how does an agent — or a human — discover the right agent for a task across the entire ecosystem?

The fragmentation math is stark:

  • 10+ major agent marketplaces exist, each with different listing requirements
  • The MCP Registry indexes only MCP servers
  • A2A's .well-known/agent.json is per-domain with no global search
  • Google Agentspace is a proprietary walled garden
  • Salesforce AgentExchange serves only the Salesforce ecosystem
  • The OpenAI GPT Store contains 3M+ custom GPTs but is OpenAI-locked
  • Fetch.ai's Almanac requires blockchain transactions for registration

BCG calculates that without standards, integration complexity rises quadratically. The AI agent market is projected to reach $50 billion by 2030 with 10,000+ custom agents published weekly. Universal discovery infrastructure is not just useful — it is essential.

2. Competing Agent URI Schemes

The agent identifier landscape contains at least six competing approaches, none yet dominant.

2.1 IETF draft-narvaneni-agent-uri

Defines agent:// with a five-layer architecture: URI scheme, transport binding, agent descriptor, resolution framework, and application semantics. At IETF 123, Ted Hardie stated the draft would need "significant refactoring" for adoption.

2.2 did:wba (Web-Based Agent DID)

Extends W3C's did:web for agent-to-agent authentication. Format: did:wba:example.com:user:alice resolves to https://example.com/user/alice/did.json. Authentication uses DID + cryptographic signature in HTTP headers.

2.3 AID (Agent Identity & Discovery)

DNS-first approach using a single _agent TXT record per domain. Single-letter field keys (v, u, p, k, i) maximize byte efficiency within DNS's 255-byte-per-string limit. Identity verification uses Ed25519 HTTP signatures.

2.4 JSON Agents / PAM (Portable Agent Manifest)

Defines ajson:// URI scheme with JSON Schema 2020-12 validation, seven standard capabilities, modular profiles (core, exec, gov, graph), and explicit framework mappings for LangChain, OpenAI, AutoGen, and MCP.

2.5 BANDAID IETF Draft

Proposes SVCB records under _agents.example.com subdomains, secured with DNSSEC + DANE — a modern DNS foundation for agent discovery.

2.6 GAID (DUADP)

duadp://namespace/path offers three differentiators:

  1. Unified discovery and identityduadp://skills.sh/tools/web-search simultaneously identifies the resource and implies its discovery mechanism
  2. Multi-mechanism resolution — designed for DNS TXT, WebFinger, registry API, and gossip network with graceful fallback
  3. Hierarchical namespace — agents, tools, skills, and workflows under a unified addressing scheme

The closest analog is WebFinger (RFC 7033), which ActivityPub/Mastodon uses for federated actor discovery. No formal proposal yet combines WebFinger specifically with AI agent discovery, but the pattern is natural: a WebFinger query for a GAID returns links to the agent's A2A Agent Card, MCP server manifest, and OSSA contract simultaneously.

3. Agent Description Formats: The Index Card Gap

Current formats occupy distinct layers:

FormatLayerScopeLimitation
A2A Agent CardsProtocol discoveryA2A-compatible agents onlyNo governance, trust, or cost info
MCP server.jsonTool invocationMCP servers onlyNo agent identity or capability negotiation
OSSA manifestFull governance contractAll agent typesNot optimized for lightweight indexing
AGENTS.mdHuman-readable guidanceCoding agentsNot machine-parseable

The gap: no format is optimized for universal discovery indexing across all layers.

DUADP's .ajson format targets this gap as a universal index record — rich enough for discovery decisions but pointing to full specifications elsewhere. An .ajson record contains: GAID URI, description, capability tags from a standardized taxonomy, endpoint URLs for each supported protocol, trust tier indicators, and provenance signatures.

This "index card" approach avoids competing with existing formats while providing the universal indexing layer none of them offer.

4. Federated Gossip: Why It Beats Both Alternatives

DUADP's three-tier architecture — DNS TXT bootstrap, WebFinger-style resolution, gossip-based federation — occupies a pragmatic middle ground.

4.1 Centralized Registries: The Gatekeeper Problem

MCP Registry, Salesforce AgentExchange, and Google AI Agent Marketplace offer curated discovery but create single points of failure and vendor lock-in. As Infoblox's DNS-AID proposal warns: "Whoever controls discovery influences an agent's attack surface."

4.2 Pure P2P: The Complexity Tax

AGNTCY's P2P DHT (using libp2p Kad-DHT) eliminates single points of failure but introduces latency, consistency challenges, and bootstrap problems. The ANS IETF draft authors acknowledge "architectural decisions about the extent of decentralization required, plus issues like latency, consistency, operational cost, and complexity."

4.3 Federated Model: Email's Architecture Applied to Agents

DUADP mirrors the architecture that made email the most successful federated system in history:

  • DNS TXT records provide bootstrap — any domain advertises its DUADP node, like SPF/DMARC for email
  • WebFinger-style resolution enables cross-domain discovery, like ActivityPub resolves @user@instance
  • Gossip protocol federation (modeled on Consul's Serf/SWIM) propagates discovery in O(log N) rounds

The critical advantage: running a DUADP node can be as simple as hosting a static JSON file at a well-known path. A Drupal site, a Flask API, a Kubernetes operator, or a GitHub Pages deployment can participate without running DHT infrastructure.

5. Competitive Landscape

5.1 AGNTCY (Primary Threat)

The most complete competing approach: full discovery + identity + messaging + observability backed by 75+ companies. Strengths: institutional backing, production-ready code, Linux Foundation governance. Weaknesses: architectural complexity, Cisco-centric origins, infrastructure focus over contract semantics.

5.2 ANS (OWASP)

DNS-inspired with PKI identity, protocol adapter layers, and zero-knowledge proofs. IETF draft submitted (draft-narajala-ans). Conceptual only — no production deployment.

5.3 Oracle Open Agent Specification

Declarative schema positioned as "ONNX for agents." Open-sourced and integrating with AGNTCY's OASF.

5.4 DUADP's Differentiation: The OSSA Contract Layer

Neither AGNTCY's OASF nor ANS nor Oracle's Agent Spec addresses governance, compliance, or trust boundaries at the schema level. OSSA is the only specification that combines:

  • Agent identity (W3C DIDs / GAID)
  • Authorization (Cedar policies)
  • Trust tiers (5-level model)
  • Compliance frameworks (SP 800-53 mapping)
  • Resource governance (token efficiency budgets)
  • Cryptographic provenance

"MCP provides the hands. A2A provides the voice. OSSA provides the credentials."

6. Bridge-First Integration Strategy

DUADP's adoption path requires integration, not displacement:

  1. Protocol bridges — GAID resolution returns protocol-specific endpoints: {"a2a": "...", "mcp": "...", "ossa": "..."}
  2. Framework adaptersduadp.discover(capability="web-search", trust_tier="verified") returns native tool objects
  3. Registry connectors — crawl MCP Registry, A2A endpoints, AGNTCY, AgentExchange (like Google indexes websites)
  4. CMS integration — Drupal module (48+ AI integrations already), WordPress plugin
  5. Kubernetes operators — DUADP operator watches Agent CRDs, auto-registers in federation

7. What Wins: Historical Pattern Analysis

Protocol adoption follows three principles:

PrincipleHistorical ExampleDUADP Application
SimplicitySMTP (RFC 5321): "protocols with few options tend towards ubiquity"Static JSON file at /.well-known/duadp.json — no installation
Infrastructure embeddingTCP/IP: mandated by DoD 1982, shipped with BSD 1983Ship as Drupal module, Helm chart, GitHub Action, npm package
Neutral governanceHTTP: IETF + W3CNIST CAISI submission done; AAIF/Linux Foundation contribution planned

MCP replicated this playbook exactly, going from release to industry standard in 13 months.

8. Strategic Timeline

The window is 12-18 months:

  • March 9, 2026: NIST CAISI RFI deadline (OSSA submitted March 5)
  • April 2, 2026: NCCoE AI Agent Identity concept paper deadline
  • 2026 H2: AAIF expected to expand scope beyond MCP/AGENTS.md/Goose
  • 2027: AGNTCY or AAIF-native discovery protocol likely to consolidate

Critical next steps:

  1. Formalize GAID URI scheme as IETF Internet-Draft before draft-narvaneni-agent-uri gains traction
  2. Embed DUADP participation into popular platforms (Drupal module, K8s operator, npm package)
  3. Secure NIST reference or AAIF membership for neutral governance credential

9. Conclusion

DUADP occupies the most strategically valuable unclaimed position in the agentic AI stack: the universal discovery layer between protocols and applications. The "any system can be a node" principle — implemented through static JSON files and CMS plugins — creates an adoption funnel that P2P DHT approaches cannot match. The combination of GAID-based universal addressing, OSSA's governance contracts, and federated gossip propagation provides a technically differentiated position that no competitor fully covers.

References

  1. NIST CAISI RFI on AI Agent Security. Federal Register Doc. 2026-00206, Docket NIST-2025-0035
  2. NCCoE: Software and AI Agent Identity and Authorization. https://www.nccoe.nist.gov/projects/software-and-ai-agent-identity-and-authorization
  3. IETF draft-narvaneni-agent-uri (versions -00 through -02, October 2025)
  4. IETF draft-mozleywilliams-dnsop-bandaid-00 (BANDAID, October 2025, Standards Track)
  5. WebFinger. RFC 7033. https://www.rfc-editor.org/rfc/rfc7033
  6. DNS-SD. RFC 6763. https://www.rfc-editor.org/rfc/rfc6763
  7. MCP Server Security at Scale. arXiv:2506.13538
  8. Agent Skill Supply Chain Security. arXiv:2603.00195
  9. Agent Protocol Interoperability Survey. arXiv:2505.02279
  10. StepShield: When to Intervene on Rogue Agents. arXiv:2601.22136
DUADPdiscoveryDNSfederationGAIDcompetitive-analysisAAIFNIST
Back to All Research