If I were a network engineer employed by an ISP, and I was tasked with setting up a tiered system to put certain websites and services behind a paywall, the easiest and most cost-effective way would be through the ISp's internal DNS servers.
If you don't know what DNS is, it's basically a database that links IP addresses to website domain names. You type in "google.com", and your computer sends that to your router, which then forwards it to a DNS server (your ISP's server by default), which then sends back an IP address that your router/computer can use to communicate with the website. DNS servers are a list of every website on the internet. It's so simple to then set up a filter blocking people from visiting certain sites. This works even if you're using basic encryption (https) or even a VPN (not all VPNs prevent DNS leaks). This can also speed up your internet browsing significantly if your ISP uses slow servers or doesn't keep their database up-to-date.
But, if you change your settings to use another DNS server (or multiple servers) that are run by a non-ISP organization, like Google or OpenDNS, your ISP then has to rely on much more complicated, expensive, and resource-intensive methods of enforcing their paywalls, like deep packet inspection. It's still possible for them, but it may not be worth it to enforce it, especially since most customers don't even know about how it all works and won't change their settings.
If you do this, you need to change your DNS settings on both your computer and your home router, so that things like game consoles and other networked devices without changeable DNS settings also benefit from this.
I'm sure somebody will correct me in the comments if I have any of this wrong, and I probably have some of this wrong. I'm still working on my computer networking degree. Still, I think it's worth doing.
Here is an up-to-date list of free and public DNS servers for you to use.
