I use hagezi lists via rpz for dns blocking with my own specified first for custom blocks and whitelisting.

Most of my ip blocking is by country or company. I have country, company-block, and company-allow lists in pf that are updated nightly.

I have found that once your dns list is sufficiently robust you rarely trigger an ip block. I have to add a new domain about once a month.