I have two servers. One of them has domain name olimpus.local. Another valhalla.local. Both servers have installed postfix service.I want to send mail between these to servers, but when I run command dig -t mx olimpus.local on first server I've got
When I run command dig -t mx valhalla.local on the same server I've got; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t mx olimpus.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12030
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;olimpus.local. IN MX
;; ANSWER SECTION:
olimpus.local. 172800 IN MX 10 delphos.olimpus.local.
;; AUTHORITY SECTION:
olimpus.local. 172800 IN NS prometheus.olimpus.local.
olimpus.local. 172800 IN NS delphos.olimpus.local.
;; ADDITIONAL SECTION:
delphos.olimpus.local. 172800 IN A 192.168.42.20
prometheus.olimpus.local. 172800 IN A 192.168.42.21
delphos.olimpus.local. 172800 IN AAAA fe80::20cfe78:4cb1
;; Query time: 3 msec
;; SERVER: 192.168.42.20#53(192.168.42.20)
;; WHEN: Mon Oct 28 12:09:34 EDT 2019
;; MSG SIZE rcvd: 165
This is configuration my first server:; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t mx valhalla.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1323
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;valhalla.local. IN MX
;; AUTHORITY SECTION:
. 10079 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019102800 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.42.20#53(192.168.42.20)
;; WHEN: Mon Oct 28 12:11:15 EDT 2019
;; MSG SIZE rcvd: 118
named.conf
olimpus.local.zone//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.42.20; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.42.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
forwarders {
8.8.8.8;
};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "olimpus.local" IN {
type master;
file "olimpus.local.zone";
notify yes;
};
zone "42.168.192.in-addr.arpa" IN {
type master;
file "192.168.42.zone";
notify yes;
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
192.168.42.zone;
;Data file for olimpus.local
;
$TTL 2D
olimpus.local. IN SOA olimpus.local. root.olimpus.local. (
2014090102; Serial
1D; Refresh
2H; Retry
1W; Expire
2D); Default TTL
@ IN NS delphos.olimpus.local.
@ IN NS prometheus.olimpus.local.
IN MX 10 delphos.olimpus.local.
@ IN A 192.168.42.20
@ IN A 192.168.42.21
@ IN A 192.168.42.22
delphos IN A 192.168.42.20
prometheus IN A 192.168.42.21
aphrodite IN A 192.168.42.22
vulcan IN A 192.168.42.23
delphos IN AAAA fe80::20cfe78:4cb1
dns IN CNAME delphos
mail IN CNAME prometheus
www IN CNAME delphos
resolv.conf$TTL 2D
42.168.192.in-addr.arpa. IN SOA delphos.olimpus.local. root.olimpus.local. (
2014090102 ;serial
259200 ;refresh(3 days)
14400 ;retry(4 hours)
18140 ;expire(3 weeks)
604800 ;minimum(1 week)
)
NS delphos.olimpus.local.
; NS prometheus.olimpus.local.
20 PTR delphos.olimpus.local.
;22 PTR vulcan.olimpus.local.
And this is configuration of my second server:# Generated by NetworkManager
search olimpus.local valhalla.local
nameserver 192.168.42.20
nameserver 8.8.8.8
named.conf
valhalla.local.zone//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.42.25; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.42.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
forwarders {
8.8.8.8;
};
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "valhalla.local" IN {
type master;
file "valhalla.local.zone";
};
/*zone "42.168.192.in-addr.arpa" {
type master;
file "192.168.42.zone";
};*/
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
resolv.conf$TTL 172800
valhalla.local. IN SOA valhalla.local. root.valhalla.local. (
20141203 ; serial
60 ; refresh (1 minute)
7200 ; retry (2 hours)
604800 ; expire (1 week)
17280 ; minimum (2 days)
);
NS odin.valhalla.local.
MX 10 odin.valhalla.local.
@ IN A 192.168.42.25
odin IN A 192.168.42.25
Of course mail sending don't work between servers. Only works within the same server.search valhalla.local olimpus.local
nameserver 192.168.42.25
nameserver 192.168.42.20