User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101
Firefox/48.0
Build Identifier: 

In /etc/dnsmasq.conf
# or if you want it to read another file, as well as /etc/hosts, use
# this.
addn-hosts=/etc/hosts.dns

service dnsmasq start

journalctl -u dnsmasq
...
read /etc/hosts - 8 addresses    <- /etc/hosts read OK
failed to load names from /etc/hosts.dns: Permission denied

Reproducible: Always

Steps to Reproduce:
1. install dnmasq
dnsmasq --version
Dnsmasq version 2.71 

2. modify file /etc/dnsmasq.conf, insert line
addn-hosts=/etc/hosts.dns

3. cp /etc/hosts /etc/hosts.dns (simplification)

4. service dnsmasq start

5. journalctl
dnsmasq[26754]: reading /etc/resolv.conf
...
dnsmasq[26754]: read /etc/hosts - 8 addresses
dnsmasq[26754]: failed to load names from /etc/hosts.dns: Permission denied

ls -lZ /etc/hosts /etc/hosts.dns
-rw-r--r-- 1 root root ? 682 Aug 26 12:41 /etc/hosts
-rw-r--r-- 1 root root ? 682 Aug 30 07:16 /etc/hosts.dns

Actual Results:  
When you move exec file from /usr/sbin/dnsmasq to /usr/bin/dnsmasq and modify
/usr/lib/systemd/system/dnsmasq.service
original:
ExecStartPre=/usr/sbin/dnsmasq --test
ExecStart=/usr/sbin/dnsmasq --log-async --enable-dbus --keep-in-foreground
new:
ExecStartPre=/usr/bin/dnsmasq --test
ExecStart=/usr/bin/dnsmasq --log-async --enable-dbus --keep-in-foreground

restart service 
service dnsmasq stop
service dnsmasq start
service dnsmasq status

This is already okay !!
dnsmasq[26841]: read /etc/hosts - 8 addresses
dnsmasq[26841]: read /etc/hosts.dns - 8 addresses

ps -ef | grep 26841
dnsmasq  26841     1  0 07:26 ?        00:00:00 /usr/bin/dnsmasq --log-async
--enable-dbus --keep-in-foreground


Problem is selinux, systemd? It is a mystery.