Generally, the intention is that the rules are checked for sanity at best of capabilities as soon as possible. Fail fast, less surprises at runtime. And that describes also the current behaviour.
I guess your case makes an exception to the rule. What we could do to support it, is that we can delegate the DNS resolution at rule evaluation time, handle the name resolution exception returning a NO_MATCH, and try again next time a request comes.
Doing so, we could say we’d have supported “temporary DNS lookup failures”.
On a side note, keep in mind the JVM has a permanent address resolution (once a name resolves to anything, it’s going to be in a JVM-level dns lookup table for ever) for security reasons (i.e. DNS poisoning). This is relevant because the fresh alias has to resolve to nothing in order for the resolution to be “failed” and postponed to the next request.
The settings is here (and can be changed of course with a #of seconds)
$ grep 'networkaddress.cache.ttl' $JAVA_HOME/jre/lib/security/java.security
How does this mechanism work for you?