Doesn't this cause issues with cached bogus A records once the user pays and is granted access? I suppose you could return really short TTLs, but there would still be a delay of at least a few seconds.
(I'm not doubting they do this, just saying it seems very hacky...)
Yes, it does, and of course fails if the site called is https. AFAIK some implementations work as a proxy after successful authentication to reduce that problem.
Other solutions use proxy configuration detection to redirect people to a proxy that first asks for authentication/payment. (wpad file)
Both solutions are kind of hacky, but they work for more or less all devices.
(I'm not doubting they do this, just saying it seems very hacky...)