Re: Problem with denying FQDN
It has limited usefulness, honestly, but I can tell you it is not going to be useful for almost any website, ever. Again, websites pull data from a plethora of locations at various domains and subdomains. Just run developer tools in your browser (F12) and you can see that.
Maybe to get you away from thinking of it wrong...you would generally only ever use it where you would otherwise use a single, static IP address in your policy. The only advantage is if that single, static IP address changes but retains the same hostname.
One of the main places I use it is when I have a particular user's PC (named BLD123EC01 in Active Directory) that needs a particular rule applied to them. They may get a different IP next week (depending on DHCP and all) but their hostname remains the same and is resolvable against AD DNS.