The introduction of new generic top-level domains (gTLDs) such as .zip and .mov has created overlaps between DNS and filesystem namespaces, posing potential security risks through naming confusion. However, this issue has lacked systematic investigation until now. This study presents the first comprehensive enumeration and empirical analysis of DNS/filename confusion vulnerabilities. By integrating namespace modeling, large-scale network measurements, and cross-platform software behavior testing, the work uncovers real-world confusion flaws in multiple widely used software systems. The findings demonstrate that the problem is both pervasive and practically exploitable, thereby addressing a critical gap in existing research and providing a foundation for designing effective mitigation strategies.

The namespace for filenames and DNS names has overlapped since the introduction of DNS in 1985: \texttt{.com} was the original binary format used for DOS and CP/M systems. Recently the introduction of gTLDs such as \texttt{.zip} and \texttt{.mov}, coupled with the growing prevalence of web resources, has ignited new concerns about potential issues related to DNS and filename confusion. Thus far, the discourse on DNS/filename confusion has been piecemeal and hypothetical, making it unclear what, if any, security concerns credibly exist. To address this gap, we provide the first enumeration of how DNS/filename confusion can be abused. We then perform the first empirical case studies of DNS/filename confusion in the wild, which highlights suspected confusion across a wide range of software. Finally, based on our preliminary findings, we provide suggestions and guidance for future research on this topic.