DNS sinkholing redirects DNS queries for malicious domains to a controlled IP — cutting off malware C2 communications and identifying infected hosts that query the sinkholed domain.
ISPs and security companies sinkhole known-bad domains. Infected hosts that query sinkholed domains are identified and can be remediated. Widely used to disrupt botnet C2 infrastructure.