hi @James_O_Stanworth! this topic is in fact easy and complicated at the same time because there is mix two different concepts. WOPI protocol itself is completely about DNS (consult Collabora integration guide for details) but the WOPI allow list only works with Ip addresses.
Basically speaking this list should cover IP addresses where the request comes from (like in a firewall). To know where it comes from you must understand the whole way of the request from the CODE server to access Nextcloud. usually and as best practice both systems use public DNS names for communication. This make CODE resolving the public DNS name of Nextcloud to its public IP… in turn CODE connects to a public IP of NC often traveling all the way from internal CODE server to the router to the internet 
and coming back through the router public IP, port forwarding, maybe reverse proxy hitting the NC server… this is the reason why often your public IP must be included in the allow list to make CODE work…
PS: there are technics like splitbraindns addressing the issue and routing the traffic internally but this add complexity and require some understanding of networking basics.