1.1.1.1 doesn’t seem to handle names that are delegated back to the same nameserver in a loop properly - ie where that nameserver will always answer with a referral.
For example, a.servfailmaybe.timstallard.me.uk gets a response with NOERROR and no records:
$ dig a.servfailmaybe.timstallard.me.uk @one.one.one.one
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> a.servfailmaybe.timstallard.me.uk @one.one.one.one
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34783
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;a.servfailmaybe.timstallard.me.uk. IN A
;; Query time: 1 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
;; WHEN: Tue Mar 31 21:13:48 BST 2020
;; MSG SIZE rcvd: 62
Testing against other nameservers locally (eg BIND, pdns-recursor, knot-resolver) these all return SERVFAIL, and other large public resolvers (eg 8.8.8.8) do as well.
In practise, this causes intermittent failures resolving names that are delegated back to the original nameserver as well as some other nameservers - this was seen on 52.205.22.109.in-addr.arpa.
Just in case it makes a difference, this is the POP I’m hitting:
$ dig +short chaos txt id.server @one.one.one.one
"FRA"