Any proper router that's not a home use consumer toy will do it.
I personally use a MikroTik RB951G and it works great. Never needed a reboot, handles routing fragmented small packet data out of the WAN port unlike the majority of home grade routers and has all the features you get in the professional big rack mount routers that run entire office buildings since it runs the same software as those. Tho as a result configuring some stuff on it does need a lot more networking know how (or googling in my case)
For my particular router the solution would be to block outgoing port 53 (DNS) on the WAN port, this forces people to use the built in DNS server in the router. Then add manual entries into the DNS server that redirects lookups on those sites to a different IP. If you want to make sure you can also set the firewall to block all outgoing connections to the IP addresses of those sites on the WAN port.
Tho if you make me use your LAN i would quickly set up a VPN or Tor to tunnel my way out to the free uncensored internet, because im going to do what i want to do on the internet, not what some cranky IT nerd wants me to do.