That's not that typical anymore. For one thing, it poisons the client's dns cache, and it can be hard to go to the actual destination later. For another, if DNS was the access control mechanism, that's pretty weak, many people can figure out how to get around a DNS block.

It's more typical now to return the A records, and then route all IPs to a portal server until you login. Logged in sessions get to go forth to the internet.