Sure, and something like dnscrypt-proxy can do that, but in what is being discussed here, blocking the domain would do the opposite of what you are trying to achieve.
The ransomware prematurely quits if the domain resolves to an IP, and a webserver listens to that IP.
Remember that time when VeriSign did this (wildcarding) on a global basis for .com and .net in 2003, briefly causing outrage?
"As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising."
Verizon does it too, although they just show search results and don't show ads. It's possible to opt out, but it hasn't bothered me enough to do that yet.