I'm attempting to determine whether it is possible to have two Active Directory domain controllers running on the same network, within the same subnet, with two separate domains. I do not want these two domain controllers to be linked in anyway (accounts, etc), except by the switch I have connecting them.
My current concern is in regards to DNS — as far as I am concerned, this is the main problem. Since I have one single DHCP server handling the entire network, I want to have one set of DNS server IP addresses handed out to all clients. However, the DNS server of DomainA won't be able to answer queries for DomainB, and so on.
I imagine this could be resolved via forwarders — IE, I could set the IP addresses of both DNS servers in my DHCP config and then tell DomainA to forward requests for *.DomainB to DomainB's DNS, and vice-versa. I could also use a single aggregation which properly forwards the requests to the individual servers.
However, I don't know if this will this work, or if there is there a better option. If this was a business network, I would go ahead and setup VLANS, multiple DHCP servers, etc. However, I'm looking for simplicity (as much simplicity as you can achieve with a domain controller in your house…)
The reason for running two domain controllers on the same network? I run a lab at my home and I've now convinced the person I live with to run a domain controller of their own. However, I want to keep everything segregated for security reasons.
Any assistance is appreciated.
Best Answer
The two domains will not interfere with each other on the same network. There will be no trust established between them unless you manually establish one.
The DHCP issue is a valid point, and your potential fix is correct - You can hand out the DNS address of one domain via DHCP, and use a forwarder to resolve the other domain's namespace. An alternative fix would be to manually configure networking for the clients on one of the domains, and point their DNS manually at the correct domain controller. You can leave the other domain's client working from DHCP.
We have a few subnets that are used for internal testing and have 5+ different domains running on them, no real issues to speak of.