This all strikes me as incorrect. The function of the domain name system is primarily to translate an IP number into a domain name, vice versa. If a user wishes to browse to <http://64.236.16.20> he/she will arrive also at <www.cnn.com>.

Remember some servers won't work with IP address, typically if they host multiple sites on one IP address. A topical example might be; http://www.ehj-navarre.org/ versus http://206.168.174.6/ Where users recursive DNS servers are allocated by the ISP's DHCP service this stops the uninitiated, but is trivial for those who know how to work around it. The technical issues are probably well understood by most of NANOG's readership, the issue is 'is it sufficient to satisfy the courts'. My guess is yes, but it is one for the ISPs legal advisers. In most cases I think ISPs would be well advised to oppose being made into censors of the Internet, as it is a model that doesn't scale well. Aside from moral, political and technical objections, it is bad business being the unpaid guardians of everyone elses morality. The key technical objection is of course it undermines the DNS stability, there is no way apriori to establish if a domain contains DNS servers for other domains. Although where it is just one IP address, you could check for a DNS server at the time of censor, but even that could change. Reminds me of the paper on complexity we had posted a few days back, small changes to the universal DNS view usually have a small impact, but sometimes the impact may be amplified.