@gertjan Thanks - I appreciate your help.
2021-10-26_11-13-50.png
https://phishing.army/download/phishing_army_blocklist_extended.txt -- that's the Phishing_Army list that's showing up in the DNSBL log.
In the phishing_army26OCT2021101209UTC.txt version of the list, it has ..
edgekey.net on line 8,328
www-key-com.test.edgekey.net on line 38,876
--note that anything to do with apple.com.edgekey.net is not present in the list.
After a reload with ".edgekey.net" in the DNSBL whitelist, all references to edgekey.net are gone from the list -- phishing_army-postprocess.txt . The DNSBL log displays no more entries for the domains shown in the OP. The DNSBL whitelist entry was effective at removing the both root domain and the subdomain.
It feels correct to say that a DNSBL whitelist entry with subdomains does not whitelist every parent domain in the string. IE, ".apple.com.edgekey.net" does not remove "edgekey.net" and "com.edgekey.net" and "apple.com.edgekey.net" ad naseum. I suppose that if ".apple.com.edgekey.net" is not defined in the source list it can't be removed, and besides, the whitelisting of every parent domain in a string would lead to ..... well, it's leading me to another question. š
>>> If I have a list that includes only "edgekey.net" ... and I must whitelist ".apple.com.edgekey.net" ... and I have to whitelist ".edgekey.net" to make it work --- how do I avoid the collateral whitelisting of every other subdomain under "edgekey.net"?
Thank you again --