You can run two forests in a single VNET but you need to use your DC's as DNS. When a DC in a domain starts it uses DNS to find all the DC in the domain. If you are using a single DNS like Azure DNS to manage your vnet names, then one forest will not work correctly.
I would love to understand the business case for doing it that way. Is it simply to avoid paying for more than on VPN Gateway? Even if you needed those two domains to talk to each other you could do VNET peering to allow that to take place. You could certainly manage the DNS on the NIC's themselves in the VM's but that is not best practice. Also depending on how many resources you deploy that could get tricky to manage. I would suggest deploying a second VNET to accomplish this over managing the DNS at the VM level and even over a second subnet on the same VNET. @Admin O365