I have done this, please read my article before you actually do this here:
http://neonos.net/white-labeled-dns-name-servers-on-amazon-route-53-with-delegation-sets/
The functionality has been programmed by Amazon in Nov 2014, however it has not been implemented in the web based console, hopefully they will do this soon. There is also no documentation or any articles that I could find on this topic. But I was able to do this by using AWS CLI Client, as follows:
Create your delegation set using the CLI client:
aws route53 create-reusable-delegation-set --caller-reference MyDelegationSet
This will return something such as:
{
"Location": "https://route53.amazonaws.com/2015-01-01/delegationset/xxx",
"DelegationSet": {
"NameServers": [
"ns-xxx.awsdns-xx.com",
"ns-xxx.awsdns-xx.co.uk",
"ns-xxx.awsdns-xx.org",
"ns-xxx.awsdns-xx.net"
],
"CallerReference": "MyDelegationSet",
"Id": "/delegationset/XXXXXXXXXX"
}
}
Once you have created the reusable delegation set, you will need to create the hosted zone using the CLI client which will allow you to associate the new zone with the delegation set created above.
aws route53 create-hosted-zone --delegation-set-id /delegationset/XXXXXXXX --name mydomain.tld --caller-reference UNIQUEREFERENCEID
Using the list of name servers found in the output, ping each server to obtain the IP address. Use the IP addresses to create the glue records in the parent zone (using A records). I recommend shorter TTLs in case Amazon informs of IP changes to dns zones. I called mine route531.mydomain.com, route532... etc.
Now update your domain nameservers at the registrar, then update your Route53 to include those nameservers as Authoritative nameservers as well.
More Info:
Amazon claims that this can be done to white label these nameservers without any further reference.
"This feature also makes it possible for you to create “white label”
name server addresses such as ns1.example.com, ns2.example.com, etc.,
which you can point to your Route 53 name servers. You can then use
your "white label" name server addresses as the authoritative name
servers for as many of your domain names as desired." --SeanM@AWS
https://forums.aws.amazon.com/ann.jspa?annID=2733
The problem is that Amazon also says that they can not guarantee the IP's of the nameservers not changing.
https://forums.aws.amazon.com/thread.jspa?messageID=474708
"We do promise that the DNS names of your Route 53 nameservers will
not change, but we can't make the same guarantee about their IP
addresses. If they were to change in the future, your DNS could
silently break if you used them in this unsupported way." -- DavidR@AWS Jan 25, 2011
Before you freak out this might help you feel better:
Some registrars only allow you to specify name servers using IP
addresses; they don't allow you to specify fully qualified domain
names. If your registrar requires using IP addresses, you can get the
IP addresses for your name servers using the dig utility (for Mac,
Unix, or Linux) or the nslookup utility (for Windows). We rarely
change the IP addresses of name servers; if we need to change IP
addresses, we'll notify you in advance.
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/SOA-NSrecords.html
Keep in mind it is a bad idea to create CNAME records with your own domain for each of the nameservers, even though this in theory would solve the change of IP issue it is a bad idea:
NS records pointing to a CNAME is bad and may conflict badly with
current BIND servers. In fact, current BIND implementations will
ignore such records, possibly leading to a lame delegation. There is a
certain amount of security checking done in BIND to prevent spoofing
DNS NS records. Also, older BIND servers reportedly will get caught in
an infinite query loop trying to figure out the address for the
aliased nameserver, causing a continuous stream of DNS requests to be
sent. --RFC1912
http://www.faqs.org/rfcs/rfc1912.html
Best Answer
First things first, if you only have two instances (one web and one DB), you're doing it wrong. You should be setting up an elastic load balancer with a minimum of two application server instances behind it. Instances can (and do) fail from time-to-time. And you really should be using RDS for your persistent data store.
You can, but it will frequently break stuff (esp email) in unexpected ways and shouldn't be done. This how I would do things: