for s in $(seq 4);do dig +noall +answer @ns"${s}".google.com gmail.com;done
gmail.com. 300 IN A 172.217.14.197
gmail.com. 300 IN A 172.217.14.197
gmail.com. 300 IN A 172.217.14.197
gmail.com. 300 IN A 172.217.14.197
# cf open resolver
dig +noall +answer @1.1.1.1 gmail.com;dig +noall +answer @1.0.0.1 gmail.com
gmail.com. 293 IN A 172.217.4.69
gmail.com. 144 IN A 142.250.69.197
# google open resolver
dig +noall +answer @8.8.8.8 gmail.com;dig +noall +answer @8.8.4.4 gmail.com
gmail.com. 300 IN A 142.250.69.197
gmail.com. 300 IN A 142.250.69.197
Perhaps it was a transient issue at CF? A historical monitor like thousandeyes might have seen it. It gets tricky to catch with Anycast memberships. IIRC each of their Anycast regional groups at CF have a dozen or so nodes but there are several CF employees on HN that could correct me.
dig gmail.com @1.1.1.1 ;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.10.6 <<>> gmail.com @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55809 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: Message has 1167 extra bytes at end
;; QUESTION SECTION: ;gmail.com. IN A
;; Query time: 5 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Wed Jul 19 10:33:59 PDT 2023 ;; MSG SIZE rcvd: 1212
The malformed was coming from every IP I tried (router, cloudflare, google)