The developpers have added a great feature to pihole v5 called ‘Deep CNAME inspection’, you can read about it here.
The block list maintainers will have to add entries for the CNAMEs, in order for this to feature to activelly block domains.
Found the first reference](https://github.com/nextdns/cname-cloaking-blocklist) that actually addresses CNAME entries (unfortunately it’s already two months old). There are some links to reading material to explain in further detail why you need CNAME blocking.
As explained in the beta5 announcement, you can disable ‘Deep CNAME inspection’, using the setting CNAME_DEEP_INSPECT=false in /etc/pihole/pihole-FTL.conf
There is a warning on the home page that says:
Important: For this list to work at all, the blocking logic needs to wildcard match (domain and all its multi-level subdomains) CNAMEs against the domains in this list.
The question for the developpers:
what is the recommended way to add these CNAME domains?
will adding a dnsmasq (separate config file) entry (random entry from the reffered list) such as
trigger CNAME blocking OR does it require a regex, such as
tried to find the answer myself. apparently, using dnsmasq wildcard syntax (address=/wizaly.com/#) does NOT trigger CNAME detection, regex syntax does trigger CNAME detection.
Still would like confirmation this is the best possible regex to comply to the requirements for CNAME cloaking, usin the entries from the NextDNS article.