Zero trust wildcard and application together

In my dns i have a wildcard domain:

  1. *

DNS will find the closest match first which makes sense, so will be a match and resovle the given address. But wiil hit the wildcard route… All good.

Cloudflare zero trust / access doesnt seem to work like this. So * will always work with any domain. Is there a way to make acces rules use the most specific rule and stop processing all subsequent rules.

I would like a catch all access rule for new apps, but apps with specific rules to be abided by.

So * might be blocked by auth, but might allow anyone on a given IP address.

This is how it works. I just added a wildcard record to check with a different auth provider than a more specific Access policy. A host which matched the wildcard record was met with the wildcard IdP and a host with the more specific policy was presented with the IdPs assigned to it.