By “censored” I meant redacted by a grey box.
I am not Google/Blogger, but I find it strange that they would give you IP addresses to point to. That’s very inflexible - what if they want to change IPs? They’ll have to have all their customers update, and need to manage that. It makes much more sense that they would give you a hostname to CNAME to (and they do, that’s your ghs.google.com which you did use for blog). Anyway, nevermind… it’s not relevant for us to solve the issue.
The whole first 4 are redundant not because they’re different from each other - they’re redundant because they’re on the naked domain - and they don’t point to the service the naked domain is supposed to provide - the site served from DreamHost’s servers. Maybe the word redundant is not the right choice, but I am not familiar with a better one to describe this.
Imagine that you’re in your car, and you’re driving to work. You punch your work address to the car’s navigation system, every morning, and you blindly follow the turn-by-turn instructions to get to work. Then, one day, you go to visit friends, and follow the same procedure - you punch in the friends’ address, and get there. But, from that point, when you go to work, you do something strange: 1 out of 5 of times, you punch in the work address as usual. At 4 of 5 times, you, from some reason, punch in the friends’ address, and expect your car to get you to work. But no matter what you do, when you get to your destination, the building looks different and you can’t find your boss there! So the 4 additional wrong destinations you’ve added for the “work” destination, how would you call them?
If it wasn’t clear at this point - in the above allegory - your work is your naked domain (and www), and you work at DreamHost. Whose address is the one ending with 59. Your friends’ house is the blog, co-located in your friends’ house, at Google/blogger.
When you added your friends’ address to the work address, the system did what you wanted: It sent the traffic destined to work - to your friends. Your boss, not surprisingly, was not there (and you got 404 errors). You did manage to get to your friends at blog.brock… because, well, that address was unique and correct.
As for line 5 - this is your work’s address - the site on DreamHost. How did it get there? It is there because the site was served by DreamHost, and always pointed to DreamHost’s servers. When you added your customers’ domain to Cloudflare, they automatically imported all DNS records from the old DNS server, so when you cut-off the DNS service to Cloudflare, things will continue to work normally. And they did. So, you DO NOT remove line 5. That’s the line that points the naked domain to DreamHost. If you look at the ‘www’ line, you’ll see it also points to the same IP.
If I am right, then the solution is as I mentioned above - delete the first redundant 4 records, as they’re causing the traffic to the naked domain to go to Google instead of DreamHost. Leave the CNAMEs that point blog.brock… as they are, and test. Sounds like your #3 (which doesn’t say anything about deleting lines 1-4 - which you still must do; though that if the site now works - they’re not there - so just don’t re-add them, as they were redundant to begin with).