Yes. A wildcard is a glob, and before a . it matches (only) all subdomains.
The manpage says this (which says "as with --server", and "The domain specification works in the same way as for --server,"):
For historical reasons, the pattern /.google.com/ is equivalent to /google.com/ if you wish to match any subdomain of google.com but NOT google.com itself, use /*.google.com/
I guess the problem here is that the HTTPS - type 65 - record is not handled without --dns-rr.