Allow for distinct/longer-lived DNS namespaces (container.[USER].westeurope.azurecontainer.io)
I can imagine some forms of abuse by people watching the container instance DNS namespace and snitching names, e.g. by mimicking previous content/APIs and waiting for people or machines to supply data.
It should be possible to protect against such an attack by registering long-living names which protect all shorter-lived subdomain names.