Knot Resolver 6.20: persistent SERVFAIL after temporary authority unreachability

Hi,
I am using Knot Resolver 6.20 and observed an issue when authoritative servers become temporarily unreachable.

After such failure, resolver returns:

status: SERVFAIL ; EDE: 22 (No Reachable Authority)

and continues doing so even after connectivity is restored.

Reproduction (asuscomm.com):

1. Block DNS traffic (UDP/TCP 53) to 52.250.42.40
2. dig asuscomm.com NS @127.0.0.1
3. Remove firewall rule
4. Repeat query

Expected:
Resolver recovers and returns valid response.

Actual:
SERVFAIL persists for several minutes (longer than expected), until cache is cleared.

Notes:

• Cache clear temporarily fixes the issue
• Problem returns after next authority unreachability event
• Looks like failure state is cached and not revalidated

Additional case (wp.pl):

• After blocking UDP/53 to authoritative servers → resolver switches to TCP
• After restoring UDP → resolver continues using TCP only (no fallback to UDP)

Questions:

• Is this behavior expected (failure caching / EDE 22)?
• Should resolver retry / revalidate authorities after connectivity is back?
• Is TCP-only behavior after failure intentional?

Comparison:
BIND / system resolvers recover automatically in similar conditions.