DNAT --to-destination: why not hostname?

[/dev/rob0 <rob0@gmx.co.uk>]

The syntax from TFM, iptables(8):
    --to-destination ipaddr[-ipaddr][:port-port]
Obviously if you are going to use a range of destinations only IP 
addresses would suffice. But why can't this option accept a hostname 
for a single destination?

This would be convenient for scripting, in that you maintain control of 
the firewall through DNS. As it is, to use a hostname I have to use an 
intermediate step to get the IP, like this:
    DEST_IP=`dig +short ${DEST_HOST}.domain.tld.`
This is also less than ideal because if iptables resolved the name 
itself, it would use the "search domain.tld" out of resolv.conf. For 
dig I have to manually append it. And it's REALLY inconvenient in some 
of my firewall machines where there is no BIND installed. It gets even 
worse in sites which aren't running their own DNS ... AFAIK dig and 
host only use DNS, not /etc/hosts, for resolving.

iptables DOES resolve hostnames used in other parameters, so why not 
here? That should have been a question for the developer list, I guess, 
but I'm not on that one.

But a good question for this list might be: "How have you handled this 
need in iptables scripting?" I have used the dig trick where available 
and hard-coded IP's elsewhere.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header