The threat model is anything that is trying to phone home without approval. This includes calling command-and-control servers, trackers for ads, data exfiltrators, etc.
All of these use domain names to set up the communications, for obvious reasons, so being able to thwart those lookups is of great value.
You're right, that all by itself is insufficient, but it's still very important.
All of these use domain names to set up the communications, for obvious reasons, so being able to thwart those lookups is of great value.
You're right, that all by itself is insufficient, but it's still very important.