correct.
but as long as you don't control the DNS, you can't stop them, by any other means than IP.
pretty sure the banip is able to refresh the host->IP list - banIP support thread
external DNS traffic can be blocked or rerouted, if you mean they're using non-local DNS.
and they will always be able to update while not connected to your LAN.
but at least in windows you should be able to disable updates.