This is not a third level domain. Here
ns.example.com is a name of (e.g. points to) the
AAAA RR, which contains actual IPv4 or IPv6 addresses of the server.
And, because NS should point to precisely
AAAA records, you can't use the "apex" name as the nameserver host name. A delegated zone always contains at least a
SOA record and therefore the zone name is unsuitable as a
NS record target.
Your zone (as served by your servers) will be of the form:
example.com. SOA ...
example.com. NS ns.example.org.
example.com. NS ns.example.com.
ns.example.com. A 192.0.2.1
If the nameserver RR name itself is inside this
example.com zone, you are required to define it (as I did for
ns.example.com above), and your upstream zone (
com) will add its as a glue record together with delegation records. In this case the
com zone will contain the three records for you: 2 delegation
NS and 1 glue
A. If the nameserver RR is outside of the domain, it cannot be added to this zone (because it doesn't belong to it) and upstream will not have a glue for it (ok, it can have that same record as a glue for another domain, but that's none of your business).
But I don't get why are you concerned. Just do as everybody does it. Don't be pulled by the marketing gimmick, the "level" of the "domain" doesn't mean anything, except technical. When we talk about logically consistent use of names, the use of nested levels of the hierarchy is encouraged.