There's been a lot of concern about Google's new .zip gTLD - it's a domain name which can be used to make confusing URLs and make it easier to download malware. A few people are recommending blocking this and .mov which is also mistakeable for a filename extension.

I'm using dnsmasq to provide DNS to my home LAN, and investigated how easy it is to block an entire gTLD - turns out it's trivial. I just add the following line to my dnsmasq configuration:

address=/zip/

And now all DNS lookups on my local network to that tld return "not found" (NXDOMAIN) to resolvers.