Second level NS delegation is not recursively followed through for @ names

Running from git master head (permissive mode), with libknot-dev from debian package. us.dlink.com fails to resolve correctly until cached:

# dig ns dlink.com @a.gtld-servers.net.

; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> ns dlink.com @a.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38408
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dlink.com.			IN	NS

;; AUTHORITY SECTION:
dlink.com.		172800	IN	NS	tricia.ns.cloudflare.com.
dlink.com.		172800	IN	NS	aragorn.ns.cloudflare.com.

;; ADDITIONAL SECTION:
tricia.ns.cloudflare.com. 172800 IN	A	173.245.58.232
tricia.ns.cloudflare.com. 172800 IN	AAAA	2400:cb00:2049:1::adf5:3ae8
aragorn.ns.cloudflare.com. 172800 IN	A	173.245.59.67
aragorn.ns.cloudflare.com. 172800 IN	AAAA	2400:cb00:2049:1::adf5:3b43

;; Query time: 30 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Wed Feb 15 07:41:18 CET 2017
;; MSG SIZE  rcvd: 183

The us. subdomain is delegated to another authority:

# dig us.dlink.com @aragorn.ns.cloudflare.com

; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> us.dlink.com @aragorn.ns.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25232
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.dlink.com.			IN	A

;; AUTHORITY SECTION:
us.dlink.com.		300	IN	NS	ns-1762.awsdns-28.co.uk.
us.dlink.com.		300	IN	NS	ns-901.awsdns-48.net.
us.dlink.com.		300	IN	NS	ns-1356.awsdns-41.org.
us.dlink.com.		300	IN	NS	ns-3.awsdns-00.com.

;; Query time: 5 msec
;; SERVER: 173.245.59.67#53(173.245.59.67)
;; WHEN: Wed Feb 15 07:45:36 CET 2017
;; MSG SIZE  rcvd: 176

This should do the right thing asking the delegates for @ IN A, but apparently not:

# dig us.dlink.com @127.0.0.1

; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> us.dlink.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21480
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;us.dlink.com.			IN	A

;; AUTHORITY SECTION:
us.dlink.com.		300	IN	NS	ns-3.awsdns-00.com.
us.dlink.com.		300	IN	NS	ns-901.awsdns-48.net.
us.dlink.com.		300	IN	NS	ns-1356.awsdns-41.org.
us.dlink.com.		300	IN	NS	ns-1762.awsdns-28.co.uk.

;; Query time: 291 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 15 07:46:43 CET 2017
;; MSG SIZE  rcvd: 176

# dig us.dlink.com @127.0.0.1

; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> us.dlink.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23050
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;us.dlink.com.			IN	A

;; ANSWER SECTION:
us.dlink.com.		60	IN	A	52.24.82.231
us.dlink.com.		60	IN	A	54.69.78.35
us.dlink.com.		60	IN	A	54.187.41.8

;; Query time: 39 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 15 07:46:50 CET 2017
;; MSG SIZE  rcvd: 89

This seems to be related to having a parent NS pointing at @ IN A delegated elsewhere, which is probably not the best of ideas, but seems fairly common. Does a workaround exist for knot recursor?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Admin message

Second level NS delegation is not recursively followed through for @ names