I’ll try my best to answer these for you.
1. Yes, you would need two domains though. A lot of management would be involved though.
2. No, because you do not have a Domain controller to cover the Primary Domain Controller when it is down. I would set up another box, run DCPROMO on it and make it a DC, then setup the DC as a secondary DNS server so when the master goes down users can still authenticate. If you are on the same subnet, you may not need DNS but I would set it up anyway. You could also make one of the member servers a DC also.
3/4. Here is a good website on security: SearchSecurity