Setting up DNS for self-hosted ACME DNS server

I'm probably just being dense about this, but I am trying to set up an ACME DNS server on my local network (publicly accessible) to handle the DNS-01 challenges required to automate the renewal/reissuing of Let's Encrypt SSL certificates for my domain. I believe I have the server itself operational, but I'm running into confusion/roadblocks when it comes to actually getting the DNS set up properly for the domain and its authorization subdomain.

Reading the documentation, it states that I need to add:

• NS record for auth.example.org pointing to auth.example.org (this means, that auth.example.org is responsible for any *.auth.example.org records)
• A record for auth.example.org pointing to 198.51.100.1

My domain is registered with GoDaddy, but the DNS is hosted elsewhere. I have set up the A record with the DNS host to point to my ACME DNS server (and have all the routing set up in my firewall to access it), but trying to get the NS record added/set up is proving to be quite a challenge. According to my DNS host, they can't simply add the NS record to the zone file b/c it causes an infinite loop of DNS lookups.

Current DNS query (auth.example.org. 86400 IN A 198.51.100.1):
Client -> query goes to Registrar Company (GoDaddy)-> GoDaddy delegated the zone to [MyDNSHost] -> [MyDNSHost] DNS servers display the A record 198.51.100.1

DNS query with NS record (auth.example.org. 86400 IN NS auth.example.org.):
Client -> query goes to Registrar Company (GoDaddy)-> GoDaddy delegated the zone to [MyDNSHost] -> [MyDNSHost] DNS servers delegates the subdomain to auth.example.org -> and then it returns to the beginning and loops infinitely

This makes sense to me, but I'm left wondering exactly what to do to take the next step. I logged into my GoDaddy account and went to the domain's DNS management page. I can add an NS record, but it's for the entire example.org domain, not just the auth.example.org subdomain.

I tried to "Add Forwarding" for the subdomain, but that lets me know that it's going to "automatically update the domain to GoDaddy default nameservers if it's not currently using [them]", which is not what I want.

The only things I can think to do at this point are:

1. Create a whole new zone for the auth.example.org subdomain with my current DNS host with the NS record pointing back to itself, but that seems like it's going to cause similar "looping" problems.
2. Try to get GoDaddy to add the subdomain without changing the name servers (or charging for another domain name).

I'm sure I'm just missing something, but I'm not sure what that "something" could be at this point. Before I go trying to make a bunch of changes that end up causing the DNS resolution for my domain to fail, I just want to know to whom I should be directing my efforts to get the required NS record created? GoDaddy or [MyDNSHost]?

GoDaddy doesn't play a role here other than registrar. They can't do any of what you are suggesting, because they aren't in control of DNS beyond the TLD (Top Level Domain).

Go to your DNS host for example.org (The parent zone) and add:

1. An NS record for auth.example.org that points to ns1.auth.example.org.
2. Create an A record for ns1.auth.example.org that points to the IP address of your Acme DNS server. (A 'Glue' record)

Go to your ACME DNS server for auth.example.org (The Child zone):

1. Create a zone for auth.example.org
2. Create an SOA record for auth.example.org with pertinent information about the zone.
3. Create an NS record for auth.example.org that points to ns1.auth.example.org. (Same as done in the Parent zone)
4. Create whatever other records you need for xyz.auth.example.org, etc.

Done.

https://simpledns.plus/kb/64/how-to-delegate-a-sub-domain-to-other-dns-servers

How exactly should I set up DNS to delegate authority for subdomains?