"... when a backdoored version of the network monitoring software is run, it looks up the IP address of the hard-coded domain avsvmcloud[.]com. Depending on the result, the backdoor malware, dubbed SUNBURST by FireEye, will deactivate. So, with Microsoft taking control of that domain name, with DNS giant GoDaddy's help, the tech trio killed off the malware by ensuring the dotcom resolves to an IP address that deactivates the code."
And it uses DNSSEC and nobody can hack your DNS service anyway, so that's OK then.