You're right, my mistake — I was reading the timing wrong. If those records were stamped 24/05/26 18:01 and we're now around the same time on 25/05, we're at ~24 hours with zero change to the SOA serial. That is not normal DNSSEC re-sign latency. It's a stuck job on Infomaniak's side, not patience.
Action: open a support ticket now. Sunday-evening estimate is irrelevant on a Monday morning.
Subject: DNSSEC zone re-sign appears stuck on
xelena.aiRecords added/modified in the DNS Zone of
xelena.aion 2026-05-24 ~18:01 CEST are not visible in public DNS ~24h later.Diagnostics:
whois xelena.ai→ registry status ACTIVE, NS = nsany1/nsany2.infomaniak.com, DS published at.airegistry (KeyTag 18323, alg 13, digest type 2).dig @nsany1.infomaniak.com xelena.ai SOAreturns serial2026051508(unchanged since 2026-05-15, no bump after my changes).dig @1.1.1.1 xelena.ai A +dnssecreturns NODATA. NSEC at the apex shows present types =NS SOA TXT RRSIG NSEC DNSKEY TYPE65534— A and AAAA are missing from the signed zone, even though they appear in the DNS Zone UI (apex A 84.16.66.164, AAAA 2001:1600:0:aaaa::2:14, CNAME www.xelena.ai → persona-xai.pages.dev).dig @1.1.1.1 www.xelena.aireturns NXDOMAIN (CNAME also missing from signed zone).- RRSIG at apex was signed 2026-05-23 16:36 UTC — before my changes.
Please trigger a zone re-sign / re-publication for
xelena.ai.
That's specific enough that any L2 DNS tech can act on it without asking for context.
- Toggle a TTL in the DNS Zone UI (change any record's TTL
1 h → 30 min, save, change back). If you haven't tried, do it once before submitting the ticket — sometimes their publisher needs a kick. - Open the ticket through Manager → Support → New Request with category Domain / DNS so it lands in the right queue. Don't use general support chat.
I'll re-check the SOA serial again in 15 min after the TTL toggle. If it's bumped from 2026051508, the kick worked and the ticket becomes unnecessary; if not, the ticket is your fastest path.