That error isn’t from Let’s Encrypt. I’d guess that lego is trying to check that the record works (though it’s not necessary) using a resolver of its own with no permanent cache.
For what it’s worth, Let’s Encrypt’s own recursive DNS servers disable caching, so they also make a lot of queries to the root and TLDs.