It uses an off-the-shelf recursive DNS server. To be more specific, Unbound. (With a particular configuration, with DNSSEC and so forth enabled, and caching minimized.)
The CA software, Boulder, doesn’t do anything complicated. It just makes a TXT query to the resolver (using miekg’s dns client).
Boulder doesn’t make its own NS query. Unbound, as currently designed, doesn’t go out of its way to make unnecessary NS queries either. It just follows the NS records as given by the delegations (and the authority sections of other responses, I think).
Boulder makes one query to the resolver. If some of a zone’s authoritative DNS servers are down or so forth, Unbound will query other ones, but a valid negative response from one server will be taken as definitive.
You have to ensure that all of the zone’s authoritative DNS servers are serving the TXT record.