A página man do dnsmasq diz:
--cname=<cname>,<target>
Return a CNAME record which indicates that
<cname>
is really<target>
. There are significant limitations on the target; it must be a DNS name which is known to dnsmasq from /etc/hosts (or additional hosts files) or from DHCP. If the target does not satisfy this criteria, the whole cname is ignored. The cname must be unique, but it is permissable to have more than one cname pointing to the same target.
Acho que os critérios de "destino conhecido" o tornarão inadequado para suas necessidades.
Eu sei que o Unbound suporta esse recurso.