Although unusual, you can certainly delegate
www.example.com to a different set of name servers than
There is no reason for name servers to cache authoritative name servers on
www.example.com as authoritative for
example.com, so this problem will never happen.
But by delegating
www you close the option for example to have it as
CNAME, and I just mention it for completion, because it looks exactly what you want to fly away.
Say differently: if your
example.com zone a
NS records for
www.example.com to delegate it to a second set of name servers, you CANNOT have a
CNAME save on
www in the
example.com zoned. This configuration will not be accepted by any decent name server, those authoritative on
example.com would / should refuse to load such a zone.
Authoritative name servers for
www.example.com must be authoritative for
www.example.com this is their top, not
example.com. They cannot be configured to be authoritative for
example.comneither can they
CNAME record for
www.example.com because this is their top and therefore already has
NS records that does
CNAME impossible presence. This part is not very clear of your question, so not sure to follow (things are much clearer with the real names and the search results …)
Note of course that the name servers for
www.example.com must be "real" name servers that respond correctly to DNS for many things, not just
A request types, such as
NS record types.
I am writing this because from experience when I have seen people delegate
www it was often a case of closing boxes acting as a load balancer and handling both HTTP (S) and DNS traffic, unfortunately they were often very broken at DNS level (no response to
NS requests for example or response
NS queries with
A recordings pointing to themselves or other nightmares …) that have created all kinds of difficult cases. So just by the way, be sure to delegate your
www to something that really acts like a name server and not just pretends to be one on the surface.
Also, you might not want to hear that, but still, since your premise is "CNAME always changes and the person who controls CNAME only has control of zone 2." and then you try to work around that, the real proper solution is instead:
www.example.com CNAME www.example.com.your-provider.example
then your supplier is free to play with the file
www.example.com.your-provider.example as much as he wants and even make it a CNAME changing every 5 minutes. He has total control over him, and you have given him authority through your own
CNAME this will remain once and for all, without you really having to delegate, at the DNS level, part of your zone to other name servers.
I am not claiming that it is the same case, but observe the similarity:
$ dig www.microsoft.com +noall +ans
www.microsoft.com. 8m51s IN CNAME www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net. 7m25s IN CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net. 8m24s IN CNAME e13678.dspb.akamaiedge.net.
e13678.dspb.akamaiedge.net. 14s IN A 22.214.171.124