We recently switched our Comcast visitors network at work to OpenDNS FamilyShield to enhance visitor security and reduce our liability for visitor misbehavior.
Our main corporate network has a Rube Goldberg DNS design so we can't touch that.
OpenDNS blocks lots of "bad" web sites, it's easy to setup (especially FamilyShield), and the Basic account gives me lots of flexibility.
At home I block many ad-serving domains to reduce the annoyance of ads, and reduce our vulnerability to ad-hosted malware.
Eventually, we'll further lock down our visitor's network by setting firewall rules that allow DNS access (port 53 UDP & TCP), only to OpenDNS FamilyShield servers - 18.104.22.168 and 22.214.171.124. That way you can't bypass OpenDNS by pointing to other DNS servers. Yes, there are other ways around this, but we're providing enhanced security with minimal effort.
Love OpenDNS. So does David Pogue.