DNS-lookups happening with everything blacklisted(via uMatrix/uBlock)

[ghost]

Describe the bug
A bunch of DNS lookups (at least!) are happening when visiting certain websites (currently only 1 I remember), while everything is blocked via uMatrix (including CSS/images!)
So, does this bypass blocking?! yes

To Reproduce
Steps to reproduce the behavior:

1. have uBlock Origin extension installed
2. have uMatrix extension installed and block everything (all red).
3. Ensure only www.pcmag.com is allowed to be successfully DNS-looked up (ie. you have no DNS servers in /etc/resolv.conf and www.pcmag.com is already in /etc/hosts eg. 104.121.166.103 www.pcmag.com), or alternatively use tcpdump to catch DNS lookups.
4. visit the page www.pcmag.com
5. notice everything that got looked up after that webpage loaded (and it look black btw):

104.121.166.103 www.pcmag.com
product.pcmag.com
product.pcmag.com
product.pcmag.com
product.pcmag.com
zdbb.net
www.googleadservices.com
www.googleadservices.com
api.bounceexchange.com
www.google-analytics.com
www.google-analytics.com
static.pcmag.com
assets.pcmag.com
pagead2.googlesyndication.com
api.bounceexchange.com
partner.googleadservices.com
pagead2.googlesyndication.com
a.zdbb.net
partner.googleadservices.com
assets.pcmag.com
a.zdbb.net

So the question is why? why does this happen? More importantly, if I do allow those to DNS lookup, will they load anything? (not tested yet)

Expected behavior
Only www.pcmag.com should be looked up! (which would be what happens on any other normal website that hasn't managed to find a sneaky way to bypass blocking(or whatever is going on here))

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

• OS/Platform and version:
  ArchLinux 64 bit (it's a rolling release, so it's current)

• ungoogled-chromium version:
  local/ungoogled-chromium 76.0.3809.100-1

Additional context
I'm using these policies and this ~/.config/chromium-flags.

[ghost]

hmm page source code reveals the likely reason:

<!-- test of preconnect -->
--
  | <link rel="preconnect" href="https://product.pcmag.com" crossorigin>
  | <link rel="preconnect" href="//zdbb.net">
  | <link rel="preconnect" href="//a.zdbb.net">
  | <link rel="preconnect" href="//partner.googleadservices.com">
  | <link rel="preconnect" href="//pagead2.googlesyndication.com">
  | <link rel="preconnect" href="https//securepubads.g.doubleclick.net">
  | <link rel="preconnect" href="//www.googleadservices.com">
  | <link rel="preconnect" href="//assets.pcmag.com">
  | <link rel="preconnect" href="//static.pcmag.com">
  | <link rel="preconnect" href="//www.google-analytics.com">
  | <link rel="preconnect" href="//api.bounceexchange.com">

[ghost]

uBlockOrigin/uBlock-issues#548
uBlockOrigin/uMatrix-issues#40
uBlockOrigin/uMatrix-issues#168
uBlockOrigin/uMatrix-issues#166

[ghost]

ok fixed by:

--- a/chrome/browser/predictors/preconnect_manager.cc	2019-08-26 14:08:51.054928230 +0200
+++ b/chrome/browser/predictors/preconnect_manager.cc	2019-08-26 14:09:00.778805985 +0200
@@ -105,6 +105,7 @@ void PreconnectManager::StartPreresolveH
 void PreconnectManager::StartPreresolveHosts(
     const std::vector<std::string>& hostnames) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  return;
   // Push jobs in front of the queue due to higher priority.
   for (auto it = hostnames.rbegin(); it != hostnames.rend(); ++it) {
     PreresolveJobId job_id =
@@ -120,7 +121,7 @@ void PreconnectManager::StartPreresolveH
 void PreconnectManager::StartPreconnectUrl(const GURL& url,
                                            bool allow_credentials) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-  if (!url.SchemeIsHTTPOrHTTPS())
+//  if (!url.SchemeIsHTTPOrHTTPS())
     return;
   PreresolveJobId job_id = preresolve_jobs_.Add(std::make_unique<PreresolveJob>(
       url.GetOrigin(), 1, allow_credentials, nullptr));