DNS Control policy rule "Unknown DNS Traffic"

Hi, I’m hoping someone can provide some insight into the default DNS Control policy rule called “Unknown DNS Traffic”. I opened up a ticket with Zscaler support to ask whether this should be set to Block. Their recommendation was to take a zero-trust approach and set it to Block. The purpose of this rule is to block malformed or non-standard DNS or non-DNS attempting to conceal itself as DNS traffic.

Our employees travel heavily all over the world and my concern was that by setting this rule to Block that it could result in connectivity issues for them while they are traveling. If any of you have this rule enabled please let me know what your experience has been with your end-users. All of our users have the ZCC client installed on their laptops. We don’t utilize any VPN tunnels. Thanks!!