DNS::disable all just prevents any further processing of DNS (GTM, ZoneRunner), since you're forwarding the query somewhere else for resolution.
Instead of an exact match, the iRule can be modified to match for "ends with". Like this:
when DNS_REQUEST {
DNS::question name [string tolower [DNS::question name]]
if { [class match [DNS::question name] ends_with dotuk_group] } {
DNS::disable all
pool pool1
}
elseif { [class match [DNS::question name] ends_with nhs_group] } {
DNS::disable all
pool pool2
}
else {
DNS::disable all
pool default_pool
}
}
So there's no need for you to put the wildcard FQDN in your dotuk_group. Just put it in as gcsx.gov.uk and the ends_with will match anything of that domain or any sub domains.