I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.
That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!
Yeah, good points ebocious.
I don't rely too heavily on DNS, most of the time I forget about it actually.
I'm periodically surprised when it does block something.