See 1.1.1.1 prevents GeoIP based DNS lookups from working - #3 by luke-at-netlify - 1.1.1.1 doesn’t forward the client’s real IP address via EDNS client subnet, so chances are that site is using a geoip-based service to route visitors to different servers, and it has an old/incorrect database (CF does a best-effort attempt to send a ‘fake’ IP in ECS that matches fairly closely to the visitor based on that thread, but that requires keeping an updated database).