The FQDN attribute type is used in distributed firewall FQDN Filtering policy, see FQDN Filtering. NSX supports custom FQDNs that are defined by an administrator in addition to the pre-defined list of FQDNs. Custom FQDN supports the following:

• Starting in 4.1.2, FQDN supports the caret (^) wildcard. The caret wildcard (^) matches a single word and not multiple words. For example, ax^.domain.com can match ax1.domain.com, but will not match ax.sub.domain.com.
• Starting in 4.1.2, the wildcard character * can be used at the end of the first label. The character * may represent mutliple words. For example, ax*.domain.com can match both ax1.domain.com and ax.sub.domain.com.
• Starting in 4.0.1, FQDN supports processing of DNS response record packets containing canonical names (CNAMEs).
• FQDN supports partial wildcards with * at the beginning of a string such as *.eng.northpole.com or *.yahoo.com. The character * may represent mutliple words. For example, ax*.domain.com can match both ax1.domain.com and ax.sub.domain.com.
• Wildcard characters are allowed only in the first word of the FQDN.
• Wildcard characters are allowed at the beginning or at the end of the first word, not in the middle
• More than two wildcard characters in the domain name are not allowed.
• Full FQDN names are supported, such as maps.google.com or myapp.corp.com
• The length of each label in FQDN must be between 1 and 63 characters.
• FQDNs must end with IANA registered top level domains (TLDs) such as .com, .org, or .net etc.

When creating a custom FQDN, using a wildcard domain is a best practice. For example, using *.example.com, would include sub domains such as americas.example.com and emea.example.com. Using example.com, would not include any sub domains.