tag: dns

9 posts tagged

blog • infoblox • 15 min read

Over-Engineering Homelab Syslog Receiving With DNSTAP

Changing per-query DNS telemetry from syslog forwarding to a DNSTAP pipeline, and what the syslog path actually does on the appliance.

read →
ASCII-art pipeline diagram showing NIOS grid members emitting dnstap protobuf frames over tcp/6000 to dnscollector, which pipes JSON on stdout to bridge.py, which posts GELF to a dedicated Graylog index set
blog • dns • 15 min read

The Thing the Index Points To

DNS-AID's path-2 index leaf names a registry the draft explicitly leaves out of scope. Wiring ANS — a registration authority plus transparency log — to be that registry.

read →
Terminal screenshot showing a signed C2SP checkpoint emitted by the live ans-tl deployment at ans.darknetian.com, alongside the SVCB record at _index._agents.darknetian.com pointing back at it
blog • dns • 14 min read

Five Fake Agents on a Real Cloudflare Zone

Publishing 5 DNS-AID agent records to darknetian.com — flat primary plus walkable AliasMode, DANE TLSA from throwaway self-signed certs, all DNSSEC-signed end-to-end. No agents actually exist behind any of them.

read →
Terminal screenshot of dig output showing SVCB ServiceMode, AliasMode, TLSA, and TXT records resolving with DNSSEC AD flag set
project • ai research • 14 min read

DNS-AID — DNS-based Agent Identification and Discovery

An IETF draft + open-source reference implementation that lets AI agents discover each other through the internet's existing naming substrate instead of through a new central registry.

read →
Screenshot of the "How it works" four-step diagram from dns-aid.org — Publish your agent, DNSSEC signs the zone, Agents discover yours, Validate & connect
blog • dns • 11 min read

EDNS(0) for Agent Discovery — Letting the Client Tell the Resolver What It's Looking For

An experimental EDNS(0) option for DNS-AID that lets a client signal selector filters on the query so any hint-aware hop can narrow the answer or short-circuit with a cached match.

read →
Cover page of RFC 6891 — "Extension Mechanisms for DNS (EDNS(0))" by Damas, Graff, and Vixie, April 2013 — the foundational standards-track document the agent-hint work builds on
project • dns • 7 min read

REEF — When the Agent Holds the Pen

An agent loop that reads, reasons, and (with your permission) edits Infoblox Threat Defense policy. Runs against any LLM you point it at — including a 4GB GPU in your homelab.

read →
Terminal output of BEACON summarizing an Infoblox Threat Defense tenant with counts of policies, named lists, and feeds
blog • dns • 7 min read

DCV — Proving an Agent Belongs to a Domain Without a Central Authority

A stateless challenge/response primitive over TXT records that lets a NAT'd agent prove zone control without registering with anyone.

read →
GitHub view of PR
project • dns • 13 min read

Creating a New DNS Resource Record Type

Why it may be beneficial to think about DNS in a new way.

read →
A meme from the 'you wouldn't download a car' ad campaign that says 'you wouldn't add to DNS'
project • ai research • 2 min read

Agentic AI Discovery

The fight for an open web continues.

read →
A meme from the 'you wouldn't download a car' ad campaign that says 'you wouldn't add to DNS'

← back to all tags