You are right, the description is somewhat inexact, we will change this (however, it will probably go into v5.1 now):
restartdns= restarts the entire FTL, incl. config file parsing and history re-readingrestartdns reload= reload the DNS cache (this implies reloading the HOSTS files as you've seen) + reload database tables (white-/blacklist, gravity, groups, clients)restartdns reload-lists= only reload database tables (white-/blacklist, gravity, groups, clients), the embeddeddnsmasqcore doesn't see anything from this signal
CNAME blocking is quite hefty in its performance hit. Due to technical reasons, the CNAME inspection cannot use results from the DNS cache. For one, because the CNAME blocking could be spoiled easily and behave in a way users don't expect and which is hard to explain. For the other part, successfl lookups in dnsmasq's cache immediately trigger a response to the client (which is what we want to avoid!). As the cache also contains all HOSTS file knowledge in dnsmasq, we cannot easily access this.
Hence, CNAME blocking can only respect entries from the black-/whitelist and gravity (everything what is in the gravity.db database) but not the HOSTS files. This cannot even be changed easily so it may be considered intentional.