Usually by spoofing the DNS response. That is, before going to the site, the browser finds out from the DNS the address of this site. The provider sees the DNS request packet, intercepts it, reads it, if the request goes to a blocked site, then replaces the response with its own, returning the address of the stub site with the inscription "Sorry, dude, nizya" of various scariness and blocking.
(for example: )
This blocking is quite easy to bypass, so where they are paranoid, they usually make the control cooler - up to the DPI of each packet. So everywhere can block in different ways.

Roskomnadzor itself does not block anything, it is a regulator, not a technical executor. His level - a piece of paper wrote.
The whole work of the ILV is the inclusion of some line in some list, regularly this line is not even parsed normally (big hello http:\\), but providers are obliged to "block everything", they somehow interpret this list and somehow try to make it impossible to access hosts from it. Everyone has their own method for this. Someone blocks all IPs from the list received via DNS or replaces their IP with IP stubs, someone replies with RST to any traffic to these IPs, someone tries to slip their left https-certificate on blocked sites, plus a lot of local features, variations, etc., etc.