Any time - I could discuss DNS for hours and hours ;) So if you ever have any questions about DNS just post a thread I will more then likely see it and comment..
The problem of when a firewall updates its aliases is problem with pretty much every firewall have worked with in the last 30 years when client might use or get something different. When there is more than 1 IP for some fqdn.. Be it based upon geo location of the query or some sort of roundrobin, or from a cache that resolves from a different location then the firewall/user, etc.
It's not just pfsense that such issues can be seen that is for sure.. Blocking of url based stuff is normally done better with a proxy where the proxy so you can base the filter on the actual uri being requested vs the IP of said fqdn in the url.. Proxy also allows for filtering on path or other words in the url and not just the hostname portion, etc.
DNS based lookups and blocking of the IP work fine when its static sort of IPs returned, but when your wanting to talk to something hosted on a CDN that returns lots of different IPs for the same fqdn then yeah you can run into complications.