Botnets are arguably one of the biggest threats online at present. In order to control networks infected by malware, the command-and-control (C&C) servers communicate with bots via an IP address or domain only known to them. However, if a dedicated domain, or a set of domains, is used for this communication, they can be easily detected and blacklisted.
Domain Generation Algorithms (DGA) is a technique used by modern botnets to avoid blacklisting and sinkhole. DGA algorithms periodically generate a large number of domain names to connect to. A new list can be generated every day, and a few of those domains are registered and activated to be used for botnet - C&C communication. Since there is infinite number of different algorithms it is impossible to generate a finite list of domains to blacklist, which makes detection of communication between bots and C&C extremely difficult.