In the new version, Firefox users are provided with a blocking of a new technique for tracking movement and substitution of ad units, based on the creation of a separate subdomain in the DNS within the domain of the current site. The created subdomain points to the ad network server (for example, f7ds.liberation.fr CNAME record is created pointing to the tracking server liberation.eulerian.net), so the ad code is formally loaded from the same primary domain as the site. The name for the subdomain is chosen in the form of a random identifier, which makes blocking by mask difficult, since the subdomain associated with the advertising network is difficult to distinguish from subdomains for loading other local resources of the page.
In the new version of uBlock Origin, to determine the host associated via CNAME
From a performance point of view, defining a CNAME should not introduce additional overhead, other than wasting CPU resources for re-applying the rules for a different name, since the browser has already resolved when accessing the resource, and the value must be cached. When you install a new version, you will need to grant permissions to retrieve information from DNS.
The added security method based on CNAME validation can be bypassed by directly binding the name to IP without using CNAME, but this approach complicates the maintenance and maintenance of the infrastructure (if the IP address of the ad network changes, you will need to achieve data change on all publishers DNS servers) and can be bypassed by creating a blacklist of tracker IP addresses. In uBlock Origin build for Chrome, CNAME check doesn't work because API
Source: opennet.ru