The best architecture I can think of is using the distributed nature of Usenet to disseminate incremental updates to DNS blacklists using some authenticated structured format. The most appropriate I can think of is signed XML.
This system allows users to access blacklist information anonymously and create local (or regional) blacklist mirrors which are private to a local network (or ISP) or at the least not widely advertised. In any case, if one mirror is taken out, it doesnt affect any of the other mirrors.
The newsgroup would be moderated, trusted maintainers of blacklists given a key with which to create an 'approved' header with their own stamp of trusted approval.
The obvious attacks are post flooding and cancel bots. The former can be defeated with an official cancel bot, the latter by a resurrection bot.
Signing the content of the posts allows users to determine if they trust the assertion that the post content relates to the named blacklist and detect and reject attempts at poisoning the lists.
Its an imperfect solution, but its a start. Ideas ?