[jcranmer]

Do the same thing you do for other illegal things: throw the law at the people hosting them, and if those people are international, use good ole diplomatic levers to get the countries in question to shut them down.

Look, child pornography is deeply troubling, but so are lots of other things in life that people don't call for mandatory, obtrusive government censorship to prevent. The mandatory DNS blocking to prevent child porn is not particularly effective. In non-technical terms, DNS blocking is effectively the same as taking down the sign on the front door: it doesn't prevent anyone from getting to it, if they know where to look, and even people who might trap unwitting visitors into traveling to these sites can still do so (you can use IP addresses in lieu of domain names in links).

Indeed, if you know the DNS addresses of places to avoid, you actually know enough information to take more proactive action: for example, you could mandate that the IP addresses these sites use (or even the ISPs who host them!) are made to be unreachable, which would make it much, much more difficult to actually access these sites. Blocking only the DNS address is pretty much doing the barest minimum to look like you're tackling the problem.