Yes. You can do exactly what you're looking to do. I currently have my remote access set up the way you want to for your network. I have one domain registered with DynDNS and another with ChangeIP. The service I am tacking advantage of is called dynamic DNS. DynDNS used to offer this service for free. ChangeIP is currently offering this service for free. I paid the special rate for users being migrated from the free service with DynDNS as it's been rock solid over the years. Until I get the same experience with ChangeIP, I'll have both running in parallel. I use the DynDNS domain for all my personal/business stuff. I hand out the ChangeIP domain to my family members who want to access my baby cam to see my daughter. In actuality, you can access all the same services I use on DynDNS with the ChangeIP domain. I haven't dug into whether my SonicWall can do content filtering based on incoming domain.
An alternative is to use only a single domain and then have a SSL VPN device do all the access controls to the content on your network. I have a Aventail SonicWall SSL VPN appliance which I use to remote into my network. You can set accesses based on username. The usernames can be set up on the local database of the SSL VPN appliance or the appliance can connect to an AD or LDAP server for authentication. Based on the username, you then create access rules. Or you can do this based on groups which then propagates down to users added to the group. There are two methods of access. One requires a full client to be installed on your remote device; laptop or mobile device (phone/tablet). If the permissions are fully unlocked, the full client access will allow you to access the network like you are directly connected to it locally. The other method is a clientless setup. The SSL VPN appliance will act as a proxy to your internal network. The remote client won't need to install anything for access. You can create custom pages when the user connects in where the user sees a custom web delivered desktop. This desktop will contain icons/links for resources this user has permissions to access.
In summary, to do what you're asking, I would use a single domain and then restrict access based on username with a SSL VPN device. To make the use of dynamic DNS seamless, you'll want a firewall/router which has built in support for the dynamic DNS client needed to report back to the service what your public IP is; unless you're fortunate enough to have a static public IP.
An alternative is to use only a single domain and then have a SSL VPN device do all the access controls to the content on your network. I have a Aventail SonicWall SSL VPN appliance which I use to remote into my network. You can set accesses based on username. The usernames can be set up on the local database of the SSL VPN appliance or the appliance can connect to an AD or LDAP server for authentication. Based on the username, you then create access rules. Or you can do this based on groups which then propagates down to users added to the group. There are two methods of access. One requires a full client to be installed on your remote device; laptop or mobile device (phone/tablet). If the permissions are fully unlocked, the full client access will allow you to access the network like you are directly connected to it locally. The other method is a clientless setup. The SSL VPN appliance will act as a proxy to your internal network. The remote client won't need to install anything for access. You can create custom pages when the user connects in where the user sees a custom web delivered desktop. This desktop will contain icons/links for resources this user has permissions to access.
In summary, to do what you're asking, I would use a single domain and then restrict access based on username with a SSL VPN device. To make the use of dynamic DNS seamless, you'll want a firewall/router which has built in support for the dynamic DNS client needed to report back to the service what your public IP is; unless you're fortunate enough to have a static public IP.
