It's okay for them, when they do it to shroud their individual services and keep you from blocking one. If I want to pass Mail and block Adsense, no dice for me.
But if I want to domain front, because I need to pass through a third party censor, tough darts for me.
No, this isn't domain fronting. This has to do with PTR records, reverse DNS.
Domain fronting is all about the forward lookups, normally you wouldn't be making PTR requests in a normal web request.
Putting all your infrastructure under a single utility domain is very common, all the ISPs do it. It's good practice for reasons listed elsewhere in here.
Bringing in the practice of domain fronting into this conversation is technically irrelevant, but it does advance an agenda, relying upon the less-than-technically literate HN audience from being confused between reverse DNS, domain fronting, and firewall rules.
All of their services and ad networks use the "regular" names (like youtube.com and google-analytics.com) for these services and webpages, so any browser or mobile device will be looking up IPs via those names. And it's not like they're using CNAMEs that point to mixed-in names either.
You can block them selectively using proxies without issue.
As far as 1e100.net goes, I'm not sure where that would be applicable or why it's an issue.
Now, if you're looking to do that kind of selective blocking at the IP/netblock layer... good luck. That's a nearly impossible task since large network service providers like Google have so many network spaces coming and going and can move around their services as demand dictates. It's a core competency.
And that wouldn't matter whether they were all part of one domain or all kept separate.
Unless your strategy was to work out which netblocks each business unit's domains were authoratitive for on reverse lookup and then blocking all of that.
This has nothing to do with domain fronting at all, this is industry standard reverse DNS and PTR records for ARIN, RIPE, APNIC, AFRINIC, etc IP space.
Because using Google's servers to bypass a government level block puts them in a bad spot legally, whereas they're not in a bad spot by making it hard for you to block specific services.
It's okay for them, when they do it to shroud their individual services and keep you from blocking one. If I want to pass Mail and block Adsense, no dice for me.
But if I want to domain front, because I need to pass through a third party censor, tough darts for me.