The invention provides a DGA domain name detection method which comprises the following steps: establishing domain name white list data and DGA domain name blacklist data, training the domain name white list data and the DGA domain name blacklist data based on LSTM, and constructing an LSTM model; calculating domain name characteristics by using domain name white list data and DGA domain name blacklist data, and training an RF/GBDT model; collecting daily passive domain name resolution records based on the passive domain name logs, defining domain names which do not correspond to the resolution IPs as NX domain names, and classifying non-DGA domain names by utilizing the RF/GBDT model; carrying out DGA prediction on the non-DGA domain name by utilizing an LSTM model, judging a threshold value according to the set DGA domain name, and detecting a suspected DGA domain name; and further screening the suspected DGA domain names, and finding out the DGA domain names.