After further analysis, it appears that this issue affects a significant number of important and widely used domains, which may have a real impact on many users.

Perhaps you'd like to share more about this analysis?  From what I know so far, practical impact needs an error on the side of the authoritative server.  (as servers are obliged to send a SOA and lower TTL wins)

Would it be possible to prepare an official release and distribution packages that include this fix? This would greatly simplify deployment in production environments.
Thank you in advance for your time and consideration.

Speaking of in-distribution packages, those are almost never in *our* hands, unfortunately.  Releasing and upstream packages are doable, though honestly they seem unlikely to happen this year.

If you're impatient, I suggest the option of grabbing binary packages from our CI.  We aim to keep the master and master-5 branches in good shape all the time.  Right now, for example:

• 6.x: https://gitlab.nic.cz/knot/knot-resolver/-/pipelines/148723
• 5.x: https://gitlab.nic.cz/knot/knot-resolver/-/pipelines/148736

You just click your distro on the right, and in the artifacts you can download binary packages tested by the CI (same recipe as for our official upstream packages).

--Vladimir