Technically I suppose this would be possible by hacking away at DNS SRV records and changing the registry so that a certain domain never appeared in the dropdown 'log on to' box, maybe UPN logons would help as well. But this is all beside the point as it doesn't sound like a very good idea at all. It's not the correct usage of the domain model which is all about sharing and providing access to information but denying access where necessary. I foresee lots of problems if you go down this route.
I have a client (prospective) who wants to have multiple domains with in a single AD Forest. They do not want users in domain 1 to know domain 2 exists, and so on. Only at the top level do they want to have downward access or knowledge of the child domains.
Any thoughts on how to best accomplish this?