This study addresses the security risks arising from persistent “zombie links” that emerge when domain ownership changes or expires without synchronized updates across integrated external naming systems such as the Web PKI, Ethereum Name Service (ENS), and Maven Central. The authors present the first systematic threat model for this issue and conduct large-scale empirical measurements coupled with cross-system comparative analysis. Their findings reveal that one-time validation mechanisms commonly lead to the accumulation of zombie links, whereas validation at each use effectively mitigates this risk. The investigation quantifies zombie link prevalence at 3%, 24%, and 15% in the three respective systems, informing targeted recommendations for mitigation.

DNS integrations leverage the discovery, trust, and uniqueness of the global Domain Name System with a linkage to another naming ecosystem, so the DNS name can help identify resources such as a cryptocurrency wallet or software component. While DNS ownership is verified at linkage creation, many ecosystems do not track subsequent DNS changes. The result is zombie linkages, where the DNS ownership has expired or changed, but the mapping to the linked resource persists. We define a threat model for DNS integrations, identifying five classes of attacks that leverage or exploit zombie linkages. We measure zombie occurrence across three DNS integrations -- Web PKI; ENS, a blockchain naming system; and Maven Central, a Java software repository. We show that zombies exist in every ecosystem, but at very different fractions -- zombies make up roughly 3% of TLS certificates for new domains, 24% of ENS on-chain imports, and 15% of Maven Central namespaces. We evaluate how integration design choices affect outcomes, with validate-once integrations (ENS on-chain, Maven Central) accumulating long-lasting zombies, linkages with expiration (Web PKI) limiting damage, while integrations that validate on every use (ENS gasless) are zombie-free by design. We look for specific attacks, finding attacks actively available for exploitation in both Web PKI and Maven Central. Finally, we recommend steps to reduce zombie occurrence.