I'm not aware of Netfilter (the firewall/NAT in Linux) has such a feature but I could be wrong. I expect a feature like this would significantly slow down the swiftness of Netfilter anyway.
Seems to me you are not far away from a solution based on the details you described. I would suggest you modify the monitor script a bit (the dig and nagios alert one...). When you detect the domain name's ip changes, update MON-Sources. It should be a simple shell script that make it as a scheduled task on edgerouter for every few minutes or so. A simple and not hacky solution imho. To update MON-Sources from command line:
$ ipset flush MON-Sources $ ipset add MON-Sources <new ip address>
Alternatively, I would suggest don't control the port forward based on source address. Use network group if security risk is acceptable for you. Furthermore, if you have some control on the application side, I would do a DNS lookup to sanity check on the source IP. Reject the connection if they don't match.