AdGuard names over 6,000 web trackers that use CNAME chicanery which is a way to bypass many ad-blocking and anti-tracking protections.


One of such more subtle methods involves CNAME. A CNAME record, which is short for 'Canonical Name record', is a type of DNS record that maps one domain name (an alias) to another (the canonical name), instead of mapping this domain directly to an IP address. It's a basic function used by millions of websites to create unique subdomains for different services, such as mail, search, etc. To allow for seamless interaction, the subdomains are trusted just like the primary domain.

CNAME-cloaked tracking abuses this fundamental mechanic and creates many more problems than just unwelcome data collection.

Wait, actually, we did just that. Thanks to our own DNS server, plus a set of standalone and browser-based content blocking tools, we've been able to hunt the hunters (or rather track the trackers), list them, and block them. Now we're making the full list of all known CNAME-cloaked trackers publicly available as a part of the AdGuard Tracking Protection Filter. We've also published it on GitHub so that other content blockers could use it. This is the most complete auto-updating repository of actively used hidden trackers by now, consisting of more than 6000 entries. The list is to be updated on a regular basis to add new hidden trackers as they're being detected.

Be sure to add this repo to your DNS service folks whether is a PiHole or NextDNS. Adguard already has this.