Just FYI, this isn't about updating the DDNS record itself, it's about only allowing through ssh connections from a source IP that dynamically changes via DDNS-- for this you need a mechanism to update the $tables rules after DDNS changes (eg, I only want to allow ssh to my vps from my home DDNS external IP address).
If you already realized this then I misunderstood your comment and I apologize!
I understand fully what are you talking about: instead of an IP address for an ACCEPT rule, one can write a DNS name which would then get resolved into a (temporary) IP address which would be re-resolved after the time to live (TTL) period dictated by the DNS record. I'm using this for years now with MikroTik.
