1) certain domains (the most offensive privacy infringers) are whitelisted by Microsoft's DNSAPI.DLL to always bypass hosts file lookup (DNSAPI.DLL is a place where hosts file parser lives on Windows, so this parser just ignores hosts file records which don't align well with data vaccuming purpose of modern Windows versions)
2) hosts file can't blacklist domain hierarchies (domain + all subdomains), it can blacklist only apex domains
3) some domains to block are not quite domains, rather domain names regexps (set of domain names to block is not finite)
So, I would say it's rather list of regexps to block than list of domains to block (in our product it's compiled to highly efficient finite state machine in C, plus a user-friendly list of categories to choose blocking preferences from); but in principle you are right: all of it currently boils down to DNS packet interception.