> [That's not to say that any differences between the two NS RRsets is ever
> desirable, except as may be necessary or expedient during a change.]
That's a good rule of thumb, but so long as the union of the delegation and apex NS sets contains no lame delegations, everything will still work as far as the client is concerned.
I have seen someone use a deliberately different apex and delegation NS set (with all servers authoritative) in order to try and identify differences in the traffic pattern (e.g. to see whether there are clients who reliably cache and re-use the delegation NS set in spite of the apex NS set).
When submitting NS set changes to the root zone it is required to update the apex NS set before submitting the change request, and until the change request is completed the delegation set will be definitively different. Other registries that perform configuration checks on child zones might behave differently. I realise this was encapsulated in your use of "necessary" but I thought perhaps it was worth spelling out.