DNS tools

to check serial zone:
====================================================
dig +multi testing.org soa

; <<>> DiG 9.11.5-P1 <<>> +multi testing.org soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 28545="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b6fcdd45fb00359c3dcc25225c3d11bdcd75b2a4c9c328a5 (good)
;; QUESTION SECTION:
;testing.org.           IN SOA

;; ANSWER SECTION:
testing.org.            600 IN SOA ns39.domaincontrol.com. dns.jomax.net. (
                                2017081800 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                604800     ; expire (1 week)
                                600        ; minimum (10 minutes)
                                )

;; AUTHORITY SECTION:
.                       469713 IN NS a.root-servers.net.
.                       469713 IN NS f.root-servers.net.
.                       469713 IN NS g.root-servers.net.
.                       469713 IN NS i.root-servers.net.
.                       469713 IN NS m.root-servers.net.
.                       469713 IN NS j.root-servers.net.
.                       469713 IN NS h.root-servers.net.
.                       469713 IN NS e.root-servers.net.
.                       469713 IN NS k.root-servers.net.
.                       469713 IN NS d.root-servers.net.
.                       469713 IN NS l.root-servers.net.
.                       469713 IN NS c.root-servers.net.
.                       469713 IN NS b.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     556117 IN A 198.41.0.4
b.root-servers.net.     124117 IN A 199.9.14.201
c.root-servers.net.     124117 IN A 192.33.4.12
d.root-servers.net.     124117 IN A 199.7.91.13
e.root-servers.net.     124117 IN A 192.203.230.10
f.root-servers.net.     124117 IN A 192.5.5.241
g.root-servers.net.     124117 IN A 192.112.36.4
h.root-servers.net.     124117 IN A 198.97.190.53
i.root-servers.net.     124117 IN A 192.36.148.17
j.root-servers.net.     124117 IN A 192.58.128.30
k.root-servers.net.     124117 IN A 193.0.14.129
l.root-servers.net.     124117 IN A 199.7.83.42
m.root-servers.net.     124117 IN A 202.12.27.33
a.root-servers.net.     124117 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net.     124117 IN AAAA 2001:500:200::b
c.root-servers.net.     124117 IN AAAA 2001:500:2::c
d.root-servers.net.     124117 IN AAAA 2001:500:2d::d
e.root-servers.net.     124117 IN AAAA 2001:500:a8::e
f.root-servers.net.     124117 IN AAAA 2001:500:2f::f
g.root-servers.net.     124117 IN AAAA 2001:500:12::d0d
h.root-servers.net.     124117 IN AAAA 2001:500:1::53
i.root-servers.net.     124117 IN AAAA 2001:7fe::53
j.root-servers.net.     124117 IN AAAA 2001:503:c27::2:30
k.root-servers.net.     124117 IN AAAA 2001:7fd::1
l.root-servers.net.     124117 IN AAAA 2001:500:9f::42
m.root-servers.net.     124117 IN AAAA 2001:dc3::35

;; Query time: 61 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Tue Jan 15 00:48:29 EET 2019
;; MSG SIZE  rcvd: 919



to view mx
=====================================================
dig testing.org MX

; <<>> DiG 9.11.5-P1 <<>> testing.org MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 23162="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4acc3dbf0e65e9fef34cab265c3d120aea8ec3040158afe7 (good)
;; QUESTION SECTION:
;testing.org.                   IN      MX

;; ANSWER SECTION:
testing.org.            3600    IN      MX      10 aspmx2.googlemail.com.
testing.org.            3600    IN      MX      5 alt2.aspmx.l.google.com.
testing.org.            3600    IN      MX      5 alt1.aspmx.l.google.com.
testing.org.            3600    IN      MX      1 aspmx.l.google.com.
testing.org.            3600    IN      MX      10 aspmx3.googlemail.com.

;; AUTHORITY SECTION:
.                       469636  IN      NS      f.root-servers.net.
.                       469636  IN      NS      k.root-servers.net.
.                       469636  IN      NS      d.root-servers.net.
.                       469636  IN      NS      i.root-servers.net.
.                       469636  IN      NS      e.root-servers.net.
.                       469636  IN      NS      c.root-servers.net.
.                       469636  IN      NS      h.root-servers.net.
.                       469636  IN      NS      a.root-servers.net.
.                       469636  IN      NS      m.root-servers.net.
.                       469636  IN      NS      b.root-servers.net.
.                       469636  IN      NS      g.root-servers.net.
.                       469636  IN      NS      j.root-servers.net.
.                       469636  IN      NS      l.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     556040  IN      A       198.41.0.4
b.root-servers.net.     124040  IN      A       199.9.14.201
c.root-servers.net.     124040  IN      A       192.33.4.12
d.root-servers.net.     124040  IN      A       199.7.91.13
e.root-servers.net.     124040  IN      A       192.203.230.10
f.root-servers.net.     124040  IN      A       192.5.5.241
g.root-servers.net.     124040  IN      A       192.112.36.4
h.root-servers.net.     124040  IN      A       198.97.190.53
i.root-servers.net.     124040  IN      A       192.36.148.17
j.root-servers.net.     124040  IN      A       192.58.128.30
k.root-servers.net.     124040  IN      A       193.0.14.129
l.root-servers.net.     124040  IN      A       199.7.83.42
m.root-servers.net.     124040  IN      A       202.12.27.33
a.root-servers.net.     124040  IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     124040  IN      AAAA    2001:500:200::b
c.root-servers.net.     124040  IN      AAAA    2001:500:2::c
d.root-servers.net.     124040  IN      AAAA    2001:500:2d::d
e.root-servers.net.     124040  IN      AAAA    2001:500:a8::e
f.root-servers.net.     124040  IN      AAAA    2001:500:2f::f
g.root-servers.net.     124040  IN      AAAA    2001:500:12::d0d
h.root-servers.net.     124040  IN      AAAA    2001:500:1::53
i.root-servers.net.     124040  IN      AAAA    2001:7fe::53
j.root-servers.net.     124040  IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     124040  IN      AAAA    2001:7fd::1
l.root-servers.net.     124040  IN      AAAA    2001:500:9f::42
m.root-servers.net.     124040  IN      AAAA    2001:dc3::35

;; Query time: 67 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Tue Jan 15 00:49:46 EET 2019
;; MSG SIZE  rcvd: 984



to view general data
===============
dig testing.org

; <<>> DiG 9.11.5-P1 <<>> testing.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 51737="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8bf6f94ba2d476208e77567c5c3d124eac274e8a15e2a506 (good)
;; QUESTION SECTION:
;testing.org.                   IN      A

;; ANSWER SECTION:
testing.org.            600     IN      A       198.71.233.227

;; AUTHORITY SECTION:
.                       469568  IN      NS      l.root-servers.net.
.                       469568  IN      NS      e.root-servers.net.
.                       469568  IN      NS      d.root-servers.net.
.                       469568  IN      NS      k.root-servers.net.
.                       469568  IN      NS      j.root-servers.net.
.                       469568  IN      NS      m.root-servers.net.
.                       469568  IN      NS      c.root-servers.net.
.                       469568  IN      NS      g.root-servers.net.
.                       469568  IN      NS      f.root-servers.net.
.                       469568  IN      NS      h.root-servers.net.
.                       469568  IN      NS      b.root-servers.net.
.                       469568  IN      NS      a.root-servers.net.
.                       469568  IN      NS      i.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     555972  IN      A       198.41.0.4
b.root-servers.net.     123972  IN      A       199.9.14.201
c.root-servers.net.     123972  IN      A       192.33.4.12
d.root-servers.net.     123972  IN      A       199.7.91.13
e.root-servers.net.     123972  IN      A       192.203.230.10
f.root-servers.net.     123972  IN      A       192.5.5.241
g.root-servers.net.     123972  IN      A       192.112.36.4
h.root-servers.net.     123972  IN      A       198.97.190.53
i.root-servers.net.     123972  IN      A       192.36.148.17
j.root-servers.net.     123972  IN      A       192.58.128.30
k.root-servers.net.     123972  IN      A       193.0.14.129
l.root-servers.net.     123972  IN      A       199.7.83.42
m.root-servers.net.     123972  IN      A       202.12.27.33
a.root-servers.net.     123972  IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     123972  IN      AAAA    2001:500:200::b
c.root-servers.net.     123972  IN      AAAA    2001:500:2::c
d.root-servers.net.     123972  IN      AAAA    2001:500:2d::d
e.root-servers.net.     123972  IN      AAAA    2001:500:a8::e
f.root-servers.net.     123972  IN      AAAA    2001:500:2f::f
g.root-servers.net.     123972  IN      AAAA    2001:500:12::d0d
h.root-servers.net.     123972  IN      AAAA    2001:500:1::53
i.root-servers.net.     123972  IN      AAAA    2001:7fe::53
j.root-servers.net.     123972  IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     123972  IN      AAAA    2001:7fd::1
l.root-servers.net.     123972  IN      AAAA    2001:500:9f::42
m.root-servers.net.     123972  IN      AAAA    2001:dc3::35

;; Query time: 32 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Tue Jan 15 00:50:54 EET 2019
;; MSG SIZE  rcvd: 867




to check if zone exists on the server
###############################

dig @8.8.8.8 testing.org

; <<>> DiG 9.11.5-P1 <<>> @8.8.8.8 testing.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 5191="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;testing.org.                   IN      A

;; ANSWER SECTION:
testing.org.            599     IN      A       198.71.233.227

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jan 15 00:52:38 EET 2019
;; MSG SIZE  rcvd: 56

Openvpn SSL routines:SSL_CTX_use_certificate:ca md too weak

In new versions of openvpn you can have problems with older certificates (after upgrade). One of error is: SSL routines:SSL_CTX_use_certificate:ca md too weak.
In this case go to default_md directive from openssl.conf and modify from md5 to sha256. After that recreate all certificates and put again from server/clients.

How do I verify that a private key matches a certificate? (OpenSSL)

How do I verify that a private key matches a certificate?

To verify that a private key matches its certificate you need to compare the modulus of the certificate against the modulus of the private key.

Please follow the below command to view the modulus of the certificate.
openssl x509 -noout -modulus -in server.crt | openssl md5

Now you will receive the modulus something like a77c7953ea5283056a0c9ad75b274b96

Please follow the below command to view the modulus of the private key.
openssl rsa -noout -modulus -in myserver.key | openssl md5

Now you should get the modulus as same as certificate modulus above. i.e a77c7953ea5283056a0c9ad75b274b96

If the modulus of the certificate and the modulus of the private key do not match, then you're not using the right private key. You can either create a brand new key and CSR and send contact support or do a search for all private keys on the system and compare their modulus.

To check the health of your private key you could perform this command:

openssl rsa -noout -check -in privkey.pem

source