Question on How to Run DNS as Domain User

I want to run our active directory DNS server behind our proxy server using
a domain user account instead of system. I created a new user, made that
identity a Domain Admin, and then attempted to start DNS server on the
Active Directory server using that new account. I get multiple errors:

1) In Eventviewer "DNS Server could not initialize RPC Service"

2) Then, when I get into the DNS Server configuration gui and try to update
the forwarders list, this fails with "Th server is unavailable" or something
like this.

Obviously I'm missing something here. How can I accomplish running the DNS
Server with anything other than the SYSTEM account?

The requirement for doing all of this is that I want the DNS server to use a
forwarder outside our network (our ISP) and our proxy server won't allow
unauthenticated requests out of the network.

--
Will
westes AT earthbroadcast.com

I don't think that will make a difference because the DNS service is what is
making the request and I don't think having a user attached to the service
will make it authenticate. Not 100% sure though. Can't you have the Proxy go
the ISP DNS and make the Internal DNS server Forward to the Proxy server?

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> I want to run our active directory DNS server behind our proxy server
using
> a domain user account instead of system. I created a new user, made that
> identity a Domain Admin, and then attempted to start DNS server on the
> Active Directory server using that new account. I get multiple errors:
>
> 1) In Eventviewer "DNS Server could not initialize RPC Service"
>
> 2) Then, when I get into the DNS Server configuration gui and try to
update
> the forwarders list, this fails with "Th server is unavailable" or
something
> like this.
>
> Obviously I'm missing something here. How can I accomplish running the
DNS
> Server with anything other than the SYSTEM account?
>
> The requirement for doing all of this is that I want the DNS server to use
a
> forwarder outside our network (our ISP) and our proxy server won't allow
> unauthenticated requests out of the network.
>
> --
> Will
> westes AT earthbroadcast.com
>
>

The proxy is configured to allow specific authenticated domain users to pass
through on specific protocols.

Of course we configured the proxy to allow the userid running the DNS server
to connect out on DNS UDP and to have return packets connect in on the same
UDP.

The second scenario you propose is what we are resorting to as plan B, but
we are having some routing problems running applications on the proxy
directly. It keeps trying to route Internet bound DNS requests to the
internal network and doesn't seem to respect the ICMP redirects that the
internal routers are sending it.

--
Will
westes AT earthbroadcast.com

"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:(E-Mail Removed)...
> I don't think that will make a difference because the DNS service is what
is
> making the request and I don't think having a user attached to the service
> will make it authenticate. Not 100% sure though. Can't you have the Proxy
go
> the ISP DNS and make the Internal DNS server Forward to the Proxy server?