DNS sinkholes rely on open source lists of known malware sites. The security community at large is constantly updating and monitoring these lists, so there is very little administrative effort. An internal DNS sinkhole mimics an authoritative DNS server in the face of malicious requests. This method is effective as long as the host’s file is properly and routinely kept up to date. A single host’s file can also be used for single platforms as long as there are only a small number of malicious hosts in the platform’s concern.
Read the full article here - http://resources.infosecinstitute.com/dns-sinkhole-can-protect-malware/