I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.Just keep in mind, the above tests are focused on phishing. For some in the MT community, phishing is not the most important issue. Both internally (@Evjl's Rain DNS malware tests) and externally (I previously just searched around the net) -- it seems to me that Neustar is pretty good with malware. But this test result loosely correlates with Evjl's Rain's test results for both phishing and malware -- just in case there was any doubt about the testing.
Here is one web result from April 19. It's not a big test, so take it with a grain of salt.
View attachment 224578
That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!