I bought a domain in webs.com (here I'll call it contoso.com) and then I delegated it to my Azure contoso.com Zone DNS. Later I created a subdomain (eg sub.contoso.com) to publish a new website hosted in an Azure VM. For this reason I created a CNAME record to link sub.contoso.com to the Azure VM's default DNS (something like xxxx.westeurope.cloudapp.azure.com). It worked great but after few time I found this guide and, just for a test, I changed my DNS configuration as described by the guide (briefly, I created a new Zone DNS called sub.contoso.com and then I added the NS record in the contoso.com zone). It works but, since I need to create other two subdomains, this configuration seems too complicated and I prefer the previous one. But, and this is my question, I don't understand if the use of the CNAME record with respect to NS leads to some differences in terms of performance or security.
Thanks
In this case, the main difference is that these records are hosting in a separate zone. One is hosting in the parent zone for the parent domain contoso.com, the other is hosting in the children zone for subdomain sub.contoso.com. It's convenient to manage the records when there are large records.
The Domain Name System is a hierarchy of domains. The hierarchy starts from the 'root' domain, whose name is simply '.'. Below this come top-level domains, such as 'com', 'net', 'org', 'uk' or 'jp'. Below these top-level domains are second-level domains, such as 'org.uk' or 'co.jp'. And so on. The domains in the DNS hierarchy are hosted using separate DNS zones. These zones are globally distributed, hosted by DNS name servers around the world.
DNS zone - A domain is a unique name in the Domain Name System, for example 'contoso.com'. A DNS zone is used to host the DNS records for a particular domain. For example, the domain 'contoso.com' may contain several DNS records such as 'mail.contoso.com' (for a mail server) and 'www.contoso.com' (for a website).
For a normal DNS query process, the records in the parent zone could get answered prefer than the records in the children zone. You could see the DNS query example and how DNS delegation works.