With iptables you can block all the dns responses for the client.
With dnsmasq or adblock you can block the replies for example.com
I am not aware of an all-in-one solution, however running a separate instance of dnsmasq and redirecting the queries of the host in question to the secondary instance, which blackholes the domain could be a solution.
is it possible to run two dnsmasq on diffirent ports (53 and 5053 ) and one of them (on port 53 ) reddirect all trafic to a welcoming page the other (on port 5053) resolve the real websites ips
and switch users between them with iptables port forwarding ...?