If this is the behavior, then might as well call it FQDN whitelisting and not domain/subdomain whitelisting.
Also, I know that regex/wildcard whitelisting is not yet available and I read in a post last year that it will be included in the "next major release". What major release version is this? 5.0? I'm using your docker container and it's currently at v4.4.
In Pi-hole V4, this is not the expected behavior. Wildcard blocking Whitelisting is exact only.
This is not a correct interpretation of that page (the whitelist page from the web Admin GUI). A single domain is entered in that entry list, with no reference to wildcards. Contrast this to the blacklist page (blacklists do support wildcards), where a domain can be added as either an exact domain or a wildcard.
It is currently on the streets in the beta 5.0, which will be released as V5.0 sometime in the relatively near future. Since there is a very small team of developers (all volunteers), there is no defined timeline for the next release.
The beta 5.0 is available if you choose to see the new features. Note that this is a one-way upgrade only due to the significant changes in the new version. If you do upgrade to the beta, ensure you have a full backup so you can revert to what you have now.
What do you mean by "wildcard blocking is exact only"?
My interpretation of the whitelist page comes from the idea that that's the "standard" way of how domain hosting provider works. When you create a domain, everything under that domain is part of that domain. My understanding is that a domain whitelist is different from a wildcard whitelist:
I see that you have a beta tag for v5.0. So should I just change the tag on my docker-compose.yml file and the existing config files will get upgraded to v5.0 too (after the container upgrade that is)?
You are free to test the pihole/pihole:beta-v5.0 image but please also read the link jfb posted and understand the new functionality and how/where to report beta bugs.
If the existing volumes/configs from v4.4 show any problems I'd suggest nuking them and starting fresh. As mentioned, keep a backup of them too.
It was manually at one point but we have automated deployments of the latest beta it has been re-built several times since then. I just don't want to put my foot in my mouth or say something without much authority such as "yes it worked with old configs a month ago but thats was an old image".