The namespace for filenames and DNS names has overlapped since the introduction of DNS in 1985: \texttt{.com} was the original binary format used for DOS and CP/M systems. Recently the introduction of gTLDs such as \texttt{.zip} and \texttt{.mov}, coupled with the growing prevalence of web resources, has ignited new concerns about potential issues related to DNS and filename confusion. Thus far, the discourse on DNS/filename confusion has been piecemeal and hypothetical, making it unclear what, if any, security concerns credibly exist. To address this gap, we provide the first enumeration of how DNS/filename confusion can be abused. We then perform the first empirical case studies of DNS/filename confusion in the wild, which highlights suspected confusion across a wide range of software. Finally, based on our preliminary findings, we provide suggestions and guidance for future research on this topic.

翻译：自1985年DNS引入以来，文件名和DNS名称的命名空间便存在重叠：\texttt{.com}最初是DOS和CP/M系统使用的二进制格式。近年来，\texttt{.zip}和\texttt{.mov}等通用顶级域（gTLD）的引入，加之网络资源的日益普及，引发了人们对DNS与文件名混淆潜在问题的新担忧。迄今为止，关于DNS/文件名混淆的讨论仍零散且停留在假设层面，这使得实际存在的安全威胁究竟为何尚不明确。为填补这一空白，我们首次系统梳理了DNS/文件名混淆可能被滥用的方式，并开展了首项针对真实环境中DNS/文件名混淆的实证案例研究，揭示了多种软件中存在的疑似混淆现象。最后，基于初步发现，我们为未来相关研究提供了建议与指导。