most domain names ended up TLD if you enabled TLD.
For example : 6634248.fls.doubleclick.net
grep 6634248.doubleclick.net /var/unbound/pfb_dnsbl.conf
grep fls.doubleclick.net /var/unbound/pfb_dnsbl.conf
grep doubleclick.net /var/unbound/pfb_dnsbl.conf
local-data: "www.doubleclick.net.my 60 IN A 10.10.10.1"
local-zone: "doubleclick.net" redirect local-data: "doubleclick.net 60 IN A 10.10.10.1"
If you put 6634248.fls.doubleclick.net in Custom whitelist, it won't whitelist it as any request for *.doubleclick.net will give the VIP adress.
So if you want whitelist to all subdomain *.doubleclick.net, you had *.doubleclick.net to the Custom whitelist.
If you want to only whitelist 6634248.fls.doubleclick.net then you have to put doubleclick.net in the TLD Exclusion List. Do a Force Reload DNSBL, now instead of collapsing all doubleclick.net domain names into *.doubleclick.net, it will just collect all doubleclick.net domain names as they are listed in the tables. This could increase the number of Domain in DNSBL by hundreds.
After the Force Reload DNSBL, you can then whitelist any doubleclick.net domain from the Alerts Tab or with Custom Whitelist.
When you are done whitelisting domains, I recommend to run Force Reload DNSBL to settle things. Sometimes whitelisting temporary vanishes at Cron Update if the table containing the whitelisted domain names isn't downloaded, then magically return at next Cron update that download the table)