The way it works
The authoritative NS
records reside inside the zone itself (and provided in ANSWER
section when the authoritative server is queried), just like all other records that are part of that zone.
To be able to traverse the tree, referral/delegation/authority information (NS
and any glue A
/AAAA
records necessary) is also added to the parent zone.
This information, however, is not treated as the "real answer", the answer lacks the AA
(authoritative answer) flag and the NS
records are in the AUTHORITY
section to indicate that this is just information on who has the actual answer.
One implication of this is that if you do a direct lookup of NS
records you will follow this referral and query the authoritative server despite having just seen what should be the same information.
Why was it defined to work this way?
Presumably because it was considered proper/clean/logical that all authoritative records reside inside the zone that they belong to and that there should be authoritative records also for NS
.
Could this have been defined differently?
Yes. Look at for instance how DS
records were defined when introduced much later. In that case there is no such record inside the child zone, instead it's the parent that is authoritative.
Can I do it differently?
No. Because it was defined the way it was and all the software out there works based on how it was defined, things will break (often in subtle ways) if you don't do it properly.
tl;dr
You need the same NS
records both in your zone and as delegation information in the parent zone. Much the same way, any glue A
/AAAA
records also need to actually exist as real authoritative records.