Currently i use DNS over TLS via Cloudflare, for that i followed Using dns over tls or https if i understand what you posted correctly my options are turning the forwarding off and ask the root servers myself, or maybe turning off DNSSEC in Knot if that is even possible?
The 1st one is bad for performance, the 2nd for security. I guess fuck cutcaptcha.com then and do nothing 
If i got there something wrong please correct me 
Thank you for your fast help