I'm just being cautious here, not trying to say what you do is crap 
Only to raise awareness for possible copycats that may not be well-aware of how to handle firewalls properly.
Just out of personal interest: How do you deal with dynamic IP addresses? Or do they all have static assignments?
So whenever they recognize that DNS is dead, they have to manually navigate to the address quoted above to re-register their IP with your server, right?
Be aware that there is nothing like such a "fallback" as you described here:
See this excellent explanation:
My expectations were different, too, but I can only confirm this on all sorts of network hardware I used to own myself.
The DNS may leak how you configured it.