Say domain A.COM has a CNAME for www which points to B.COM, and B.COM also has a www CNAME which points to C.COM, and C.COM has multiple A records/IP's.
Is there any way for someone snooping around to query A.COM and see that it's simply pointing to B.COM? Or is it impossible to get that information without having full access to the DNS zone manager (meaning all they would see are the final IP's that C.COM resolve to)?
EDIT: I'm using CloudFlare (A, B, & C), so I'm not sure if that changes the answer. It seems to me they all point to CloudFlare as A records and you can't pull out a CNAME?
No, a CNAME does not hide anything. You can run a dig WWW.A.COM and it will show you the CNAME pointer. That said, casual users browsing your website will never see or know that your website points to C.COM.
Example:
$ dig ak.nextag.com
; <<>> DiG 9.8.3-P1 <<>> ak.nextag.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9813
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ak.nextag.com. IN A
;; ANSWER SECTION:
ak.nextag.com. 879 IN CNAME img.nextag.com.
img.nextag.com. 86379 IN CNAME img05.static-nextag.com.
img05.static-nextag.com. 7179 IN CNAME d2lhs8hfggtuez.cloudfront.net.
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.195
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.200
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.186
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.218
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.251
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.132
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.42
d2lhs8hfggtuez.cloudfront.net. 39 IN A 54.230.143.7
;; Query time: 106 msec
;; SERVER: 10.100.51.31#53(10.100.51.31)
;; WHEN: Sat Jul 8 01:18:44 2017
;; MSG SIZE rcvd: 254