It is, and for a lot of things that works. But if your DNS server is not your router, it needs to be at a stable address so other hosts on the network can find it.
As I understand it, we (admins of ipv6 networks) are expected to run both public and private sets of addresses internally. The public ones may change if your ISP makes you, but your ULAs never do.
"ULA is functionally useless in any IPv6 deployment that has dual-stack operating anywhere."
"ULA per RFC 6724 is less preferred (the Precedence value is lower) than all IPv4 (represented by ::ffff:0:0/96 in the table).
Because of the lower Precedence value, if you have IPv4 enabled on a host, it will use IPv4 before using ULA."
But a relatively normal firewall daemon supports variables and aliases and lookups etc. I suppose if you don't use address lists or address tags and no DNS and no DDNS then it would indeed be a problem.
I have played with multiple routers even commercial ones that do not support aliases or anything but static addresses. You are not wrong but what you suggest is far from the norm.
DNS is generally looked up once, on ruleset initalization, there is no way a firewall is going to look up DNS every single time a rule is referenced. Since DNS here is changing constantly, this is unhelpful.
As I understand it, we (admins of ipv6 networks) are expected to run both public and private sets of addresses internally. The public ones may change if your ISP makes you, but your ULAs never do.