Oh, it returned appropriate-looking TTLs even at the time; we didn't watch them go down to zero and wrap to their original value, but I suspect that's what they did.

Also, if you're not on RCN, you aren't getting the same NS1 as someone who is. (Again, I assume anycast or load balancing, but I'm handwaving; I haven't understood routing since gated.conf changed.)

My boss was on RCN at home, and I was a few miles away on Comcast. We both pointed dig at 207.172.3.8 and hammered on our domain name; he saw stale results, I saw fresh ones.

Would've loved to have the expertise and tools set up to figure out what went wrong, but we just went to bed and by lunch it sorted itself out.

I let it cache a record, disabled the zone the record came from and left it to expire. It did. I won't deny that it could behave differently from different addresses, but based on the evidence available I'm sure you can understand why I remain unconvinced.