Is the SERVFAIL something I should worry about here? Or is there a misconfiguration on my end with `knot-resolver`?

SERVFAIL indicates a failure, but it's very unclear what happened in this case.  (The nslookup tool isn't great for that purpose.)  While theoretically a SERVFAIL answer could contain addresses as well, it's not generally a useful result.

For simple start of debugging, I'd use at least `dig` or `kdig` command, e.g.
kdig @10.0.2.6 m1.research.internal.example.com A
kdig @10.0.2.6 m1.research.internal.example.com AAAA

These can show interesting things by themselves.  And as a fallback, it's best to enable debug logging in Knot Resolver's config (you have `level: info`, so simply change to `level: debug`) and then let's inspect what happens exactly on the failing queries.

--Vladimir