Real-Time DNS resolution of entries in Network Zone

Network Zone allows me to specify individual IP addresses to allow/prohibit network activity to. However, some domain names resolve to multiple IP addresses, i.e. time.windows.com, download.microsoftupdates.com, and Comodo will not resolve these real time. Therefore it is impracticable to use Network Zone for these addresses, leaving a big gap in protection.