Malicious software (viruses, worms, spyware, and so forth), or “malware,” may use the Domain Name System (DNS) to autonomously identify and connect with one or multiple Command & Control (C&C) servers over the Internet for such purposes as exfiltrating data from a host and in general, coordinating actions that are taken by the malware. The DNS protocol allows for the identification of a destination Internet Protocol (IP) address based on a domain name that is supplied as part of a DNS query. To avoid detection by security software, the malware may use a Domain Generation Algorithm (DGA) to cause an infected host to attempt to connect with a number of seemingly random domains (through the use of multiple DNS queries) until a valid IP address is returned by a DNS server. In this manner, the DGA may generate a list of seemingly random domain names based on a seed (the current date, for example), and the malware sends out DNS queries to the corresponding domains. The C&C servers for the malware use the same DGA so that the C&C servers may temporarily bind one or more of the domains to an IP address.