DGA can essentially be classified as an algorithm that originates a large volume of domain names. Domain-generation algorithms are usually used during a process known as domain fluxing. Domain generation algorithms (DGA) are algorithms seen in various grouped clusters of malware that are used to periodically create and disperse a large number of domain names that can be used as rendezvous points with their command and control servers.

The large number of potential rendezvous points can be a point of difficulty for law enforcement to effectively close down botnets since infected computers will try to contact a portion of these domain names every day to continuously receive updates or commands. The deployment of public-key cryptography in malware code makes it impossible for law enforcement and other actors to mimic commands from the malware controllers as some worms will automatically reject any updates not signed by the malware controllers.