The target of a CNAME must be a domain that the Pi-hole already has in its cache or is authoritative for. This is a universal limitation of CNAME records.
The reason for this is that Pi-hole will not send additional queries upstream when serving CNAME replies. As consequence, if you set a target that isn't already known, the reply to the client may be incomplete. Pi-hole just returns the information it knows at the time of the query. This results in certain limitations for CNAME targets,
for instance, only active DHCP leases work as targets - mere DHCP leases aren't sufficient as they aren't (yet) valid DNS records.
Additionally, you can't CNAME external domains (bing.com to google.com) successfully as this could result in invalid SSL certificate errors when the target server does not serve content for the requested domain.