Hi Michael,
Local DNS records, outgoing firewall rules and web blocking are three different feature for the device.
Local DNS records is just simple entry records that you can use for local/LAN server resolve from domain name to IP address. Some users may defined the local DNS records for public server that doesn’t register with public domain name. For server registered with public domain name, usually we won’t add the record here instead if we let the forwarding DNS service send the request to public DNS server for the domain name resolve. Local DNS records will match back exactly the domain name defined and you shouldn’t have the wildcards local records.
Outgoing firewall rules based on a domain name
The public server IP addresses for the defined domain name in the firewall rules or outbound policy will be learn from DNS query from the LAN network that pass-though Peplink devices,
If Domain Name is chosen from the firewall and a domain name, such as foobar.com, is entered, any outgoing accesses to foobar.com and .foobar.com will match this criterion. You may enter a wildcard (.) at the end of a domain name to match any host with a name having the domain name in the middle. If you enter foobar.*, for example, then www.foobar.com, www.foobar.co.jp, or foobar.co.uk will also match. Placing wildcards in any other position is not supported.
Tip: If you are trying to block outgoing HTTP access to a website using a domain name, please consider using Web Blocking.
Web blocking
Web blocking is block base on the domains that the user is browsing instead if server IP addresses. Web blocking is layer 7 service that will monitor & block the selected domain.
Thank you