OpenDKIM ignoring hostnames and domains in trusted hosts file

According to http://opendkim.org/opendkim.conf.5.html, the ExternalIgnoredHosts and InternalHosts options support the same format as the PeerList option as follows:

The set should contain on each line a hostname, domain name (e.g. ".example.com"), IP address, an IPv6 address (including an IPv4 mapped address), or a CIDR-style IP specification (e.g. "192.168.1.0/24").

IP addresses and subnets are being correctly identified as internal hosts but all hostnames and domains are not being picked up.

Here is /etc/opendkim.conf

LogWhy              yes
Syslog              yes
SyslogSuccess       yes
UMask               002
UserID              opendkim:opendkim

KeyTable            refile:/etc/opendkim/key.table
SigningTable        refile:/etc/opendkim/signing.table

ExternalIgnoreList  refile:/etc/opendkim/trusted.hosts
InternalHosts       refile:/etc/opendkim/trusted.hosts

AutoRestart         yes
AutoRestartRate     10/1M
Background          yes
Canonicalization    relaxed/simple
DNSTimeout          5
Mode                sv
Nameservers         192.168.100.1,192.168.100.2
OversignHeaders     From
SignatureAlgorithm  rsa-sha256
SubDomains          no

Socket              local:/var/spool/postfix/opendkim/opendkim.sock
PidFile             /run/opendkim/opendkim.pid

And /etc/opendkim/trusted.hosts

127.0.0.1
::1
localhost
mailserver                # mail server hostname
192.168.100.50            # test server
webserver.domain.local    # web server
.domain.local             # entire local domain
*.testdomain.local        # entire local test domain

And main.cf milter options:

milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen}
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

Mail from 192.168.100.50 is signed as expected:

mailserver postfix/qmgr[5406]: 59CA920E11: removed
mailserver postfix/smtpd[5412]: connect from testserver.mydomain.com[192.168.100.50]
mailserver postfix/smtpd[5412]: 41BD520E11: client=testserver.mydomain.com[192.168.100.50]
mailserver postfix/cleanup[5436]: 41BD520E11: message-id=<>
mailserver opendkim[5427]: 41BD520E11: DKIM-Signature field added (s=default, d=contoso.com)
mailserver postfix/qmgr[5406]: 41BD520E11: from=<[email protected]>, size=371, nrcpt=1 (queue active)
mailserver postfix/smtp[5437]: 41BD520E11: to=<[email protected]>, relay=ASPMX.L.GOOGLE.COM[173.194.76.27]:25, delay=0.4, delays=0.01/0/0.13/0.26, dsn=2.0.0, status=sent (250 2.0.0 OK  1610364907 k20si14443742wrc.23 - gsmtp)
mailserver postfix/qmgr[5406]: 41BD520E11: removed

But mail from webserver.domain.local is not picked up as being internal despite the name of the client being resolved:

mailserver postfix/smtpd[5846]: connect from webserver.domain.local[192.168.100.51]
mailserver postfix/smtpd[5846]: 4F00620E11: client=webserver.domain.local[192.168.100.51]
mailserver postfix/cleanup[5850]: 4F00620E11: message-id=<>
mailserver opendkim[5840]: 4F00620E11: webserver.domain.local [192.168.100.51] not internal
mailserver opendkim[5840]: 4F00620E11: not authenticated
mailserver opendkim[5840]: 4F00620E11: no signature data
mailserver postfix/qmgr[5821]: 4F00620E11: from=<[email protected]>, size=371, nrcpt=1 (queue active)
mailserver postfix/smtp[5851]: 4F00620E11: to=<[email protected]>, relay=ASPMX.L.GOOGLE.COM[74.125.133.27]:25, delay=0.83, delays=0.01/0/0.43/0.39, dsn=2.0.0, status=sent (250 2.0.0 OK  1610365309 g124si15021166wma.170 - gsmtp)
mailserver postfix/qmgr[5821]: 4F00620E11: removed

Am I missing something relating to how hostnames are resolved or something more fundamental with how this functionality is implemented? I have also tried domain combinations of *.domain.local and .domain.local in /etc/opendkim/trusted.hosts with no success.

Any and all help would be gratefully received.

Version numbers:

~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic

~$ postconf mail_version
mail_version = 3.3.0

opendkim -V
~$ opendkim -V
opendkim: OpenDKIM Filter v2.11.0
        Compiled with OpenSSL 1.1.1  11 Sep 2018
        SMFI_VERSION 0x1000001
        libmilter version 1.0.1
        Supported signing algorithms:
                rsa-sha1
                rsa-sha256
        Supported canonicalization algorithms:
                relaxed
                simple
        Active code options:
                POLL
                QUERY_CACHE
                USE_DB
                USE_LDAP
                USE_LUA
                USE_ODBX
                USE_UNBOUND
                _FFR_ATPS
                _FFR_RBL
                _FFR_REPLACE_RULES
                _FFR_SENDER_MACRO
                _FFR_STATS
                _FFR_VBR
        libopendkim 2.11.0: atps query_cache

Solution 1:

This was resolved by removing the leading asterisks from a domain wildcard in /etc/opendkim/trusted.hosts. The asterisks being there not only stopped the domain wildcard from working but also stopped all other string entries in the file from working, although IP addresses were not affected.

IP addresses work but strings do not:

127.0.0.1
::1
localhost
mailserver                # mail server hostname
192.168.100.50            # test server
webserver.domain.local    # web server
.domain.local             # entire local domain
*.testdomain.local        # entire local test domain

IP addresses and strings both work:

127.0.0.1
::1
localhost
mailserver                # mail server hostname
192.168.100.50            # test server
webserver.domain.local    # web server
.domain.local             # entire local domain
.testdomain.local         # entire local test domain