Hi,
I'm trying to apply a search restriction for youtube, google and bing
searches and I added the following to my dnsmasq.conf :

-------------------------------------------------
cname=m.youtube.com,restrict.youtube.com
cname=www.youtube.com,restrict.youtube.com
cname=www.youtube-nocookie.com,restrict.youtube.com
cname=youtube.googleapis.com,restrict.youtube.com
cname=youtubei.googleapis.com,restrict.youtube.com
cname=www.google.com,forcesafesearch.google.com
cname=google.com,forcesafesearch.google.com
cname=www.bing.com,strict.bing.com
cname=www.bing.it,strict.bing.com
cname=bing.com,strict.bing.com
-------------------------------------------------

Although I saw the dns queries hitting dnsmasq the replies were
completely ignoring the real restricted.domain.com IP and replying
instead with the real IP of the domain itself which brought me to :

-------------------------------------------------------------------------------
--cname=<cname>,<target>[,<TTL>]
Return a CNAME record which indicates that <cname> is
really <target>. There are significant limitations on the target; it
must be a DNS name which is known to dnsmasq from /etc/hosts (or
additional hosts files), from DHCP, from --interface-name or from
another --cname. If the target does not satisfy this criteria, the
whole cname is ignored. The cname must be unique, but it is permissable
to have more than one cname pointing to the same target.
If the time-to-live is given, it overrides the default,
which is zero or the value of -local-ttl. The value is a positive
integer and gives the time-to-live in seconds.
---------------------------------------------------------------------------------

How I'm supposed to use cname if it doesn't resolve the target CNAME?
expand-hosts and /etc/hosts it's not an option in case the server uses a
dynamic IP.

Please this is quite important to heave,
Regards,
Tom.