A destination list is quite literally a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization.
A destination is currently defined as an IP or a fully qualified domain name. In upcoming releases, we will allow for the possibility of adding custom URLs to the dashboard but if you have reached this article due to an error regarding URLs in the dash, it has not yet been implemented.
This article briefly outlines what is or isn't acceptable to be added to a destination list at this time and as this information changes, this article will be updated.
What you can add
1. Fully qualified domains and subdomains. The protocol is not required. If you wish to block all subdomains of a domain, add the top level domain name as exampledomain.com
If you wish to only block a subdomain, add the subdomain as subdomain.exampledomain.com
2. IP addresses can be added to an Allow Destination only. These can only be IPv4 and cannot include ranges like /29 or /16 or subnet masks like 255.255.255.0. An example would be 100.100.101.250. However, this feature is currently in Limited Availability and may not be available for all users.
What you cannot add
1. You cannot add URLs to a destination list. This is a feature we are hoping to implement in the upcoming few months but as of this writing (June 2017), the ability to allow or block URLs is not available.
2. You cannot add URLs that end in file names, such as www.domain.com/file.exe
3. You cannot add wildcards. A wildcard is implicit in the way DNS is structured, so adding a domain covers all of the subdomains and there is no reason to add *.domain.com to cover this.