A useful check is to then compare the certificates presented by the sites the DNS wants you to talk to. If both paths present the same cert, you're good. If they present different certs, there's a problem.
Cloudflare's creation of fake TLS certs for sites they front-end may mess that up, though. Do you see the same TLS cert from all Cloudflare MITM nodes?
Cloudflare's creation of fake TLS certs for sites they front-end may mess that up, though. Do you see the same TLS cert from all Cloudflare MITM nodes?