Managing comprehensive access control for domains often requires defining both the top-level domain and its subdomains to ensure complete coverage. This manual process can be time-consuming and increases the risk of security gaps if a specific subdomain is omitted.

You can now configure Advanced DNS Security Resolver external dynamic lists to automatically include all subdomains associated with a specific domain entry. When you enable this capability, the Advanced DNS Security Resolver treats a standard domain entry, such as example.com, as inclusive of all lower-level components (for example, *.example.com). This ensures that your security policies apply consistently across the entire domain hierarchy without requiring you to manually define wildcard entries.

This feature simplifies EDL domain management on your Advanced DNS Security Resolver; however, because the system generates an implicit wildcard entry for each domain, enabling this setting consumes two entries for every domain in the list. To accommodate for the increased entry count, the total domain entry limits (across all EDLs for a given tenant) have been increased.