This is a tricky one where the "theoretical" standards-driven approach might not be right (honouring TTLs on valid responses, which are technically "block" responses from NextDNS).
I would suggest from a user perspective that hitting refresh (on a page making a request that triggers a DNS error, or was given an invalid IP like 0.0.0.0) should go and make a fresh DNS request and continue from there.
Hitting refresh (on a page which did have a valid DNS response) could honour whatever local caching or session preservation mechanism is in place. My guess is Orion and Safari are not treating a resolved IP of 0.0.0.0 as a "special state" and ignoring that response (and re-resolving on subsequent attempts).