Lone Wolf Yeah in my opinion blocking TLDs do more harm than good for the average user.
For corporations it's completely normal to use as they don't want people accessing anything else but their work related sites, so even for .com they can block the entire TLD and allow Microsoft, Google and a few more domains that their workflow might need. So it's a useful feature but if you don't want to deal with issues because of them I wouldn't use the feature.
NRD/AI/Threat Intelligence DDNS Domains and more layers will likely block 99% of the threats that we can actually come across daily. They have very little to no FPs.
I used to have OISD and moved to HaHeZi Pro as it blocks more domains with little to no affect on usability, it's been rock solid and the more that is blocked without a compromise generally means less useless stuff for your browser to load and clutter in websites.
I'd say using all the NextDNS security features with HaGeZi Pro would give you a great experience that works really well with NextDNS's Philosophy, they want to be simple and be a service that just works.
HaGeZi's family of filters are also on the same goal, so they match perfectly and you can forget that your NextDNS configuration even exists, I usually only notice that I'm using NextDNS when I turn off Private DNS for some reason and realize that most of the web is filled with annoyances.