1) Does google DNS issue ANY requests on its own (or does it just pass through what clients request)?
Google Public DNS does not generate its own ANY requests to authoritative servers; those are purely the result of trying to resolve client queries sent to it.
2) Why does google DNS appear to sometimes interpret this as a SERVFAIL then negative cache it for all requests to a given domain?
If an ANY (or, really, any query type) request for a particular domain gets a lame referral response (that is, a response that refers to name servers for the same or higher level domain) that authoritative server may be removed from the set of name servers for that zone.
As an example, if a query for some.example.com
sent to one of the example.com
name servers gets back a referral response for example.com
: with an empty answer section and an authority section with name servers for example.com
3600 IN NS "ns3.example.com
") the name server that returned that response would be considered lame. Returning an empty answer section and an authority section with name servers com would also be lame, but returning name servers for some.example.com
As I wrote before, the name server names returned in referral responses from the parent are not the same as the NS records in the delegated zone itself, and you need to fix that.