Doing this properly isn't cheap which is why some ISP's are using DNS which is cheap but very ineffective.
DNS suffers from a range of problems. Firstly it is easy to avoid, you can enter the actual IP address of the website into the browser avoiding DNS, configure the client to use another DNS service which is a simple 45 second job on IOS or use a proxy. The last two are widely used now to allow Netflix and Lovefilm users to access US content from the UK but can also be used to completely avoid a DNS based protection system.
But even if you don't deliberately try to avoid DNS it will still fail to block a significant amount of content due to the limitations of DNS itself.
DNS works at a site level, but many sites particularly ones containing user generated content have a mix of good and bad content all held under the same DNS address, in this case sites which contain a big majority of good content tend to get classified as good even though they also contain bad content.
Because of this DNS based blocking can be less than 50% effective.
The only way to resolve this is to classify at a much finer level and this is very difficult to do with DNS.
Finally whatever mechanism you use is only as good as the classified list of URL's that you use to generate your blacklists, many of the ISP's have tried to create these on the cheap when in reality having a list with anything like the coverage and accuracy required to be effective is neither simple nor cheap.
You wouldn't buy and use a condom if it claimed to have a less than 50% protection rate. So there is something morally ambiguous about an ISP with a DNS based service claiming to protect children etc from harm. Most parents will think that ticking the no bad content box will do what it says on the tin and will be unaware that protection offered is so ineffective that they still need to monitor their children's internet use.