the marginal sin of intercepting DNS queries for private addresses, to prevent the sort of problems those queries cause, seems to me to be fairly small.
I probably agree. But I guess my question is "where does it end?"
It ends when IPv4 ends. That is, if we can keep NAT out of IPv6.
That is, how many things do we change elsewhere in the network in order to minimize the operational problems that crop up with NATs? What is the cost of those changes, and how much do they impair the ability of the network to support applications?
There is no answer for these questions. Everyone can unilaterally decide to run stuff like NATs. That's actually a strength of our archictecture. Also, anyone can unilaterally decide to send traffic. That's a big issue with our architecture. Fixing the latter (so, amongst other things, root nameservers aren't forced to receive traffic from RFC 1918 sources) without getting in the way of the former isn't going to be easy.