0X00002558

DNS name has invalid character (0X00002558) fix

Network & Connectivity Intermediate 👁 0 views 📅 May 28, 2026

This error shows up when a DNS name has a character Windows can't handle. Most times it's an underscore in a hostname or a bad label length. Here's the fix.

1. Underscore in the hostname or DNS label

Nine times out of ten, this error comes from an underscore in a DNS name. Windows DNS servers follow RFC 952, which says hostnames can only have letters, digits, and hyphens. Underscores aren't allowed. You'll see this when you try to create an A record, CNAME, or SRV record that has a name like my_server.domain.com.

Here's the fix: rename the record to use a hyphen instead. If you're working with an SRV record, the service name (like _sip._tcp) has underscores — that's fine. The problem is the hostname after the underscore. Check the protocol's RFC, but for most home and small business setups, just replace the underscore with a hyphen.

To change it in the DNS Manager:

  1. Open DNS Manager (dnsmgmt.msc).
  2. Expand the server and the zone where the error appears.
  3. Right-click the record with the underscore and select Properties.
  4. In the Host or child domain field, change the underscore to a hyphen. For example, my_server becomes my-server.
  5. Click OK.

After you click OK, you should see the record update without the error message. If the error still shows up, close DNS Manager, reopen it, and check the event log for leftover errors.

Real-world trigger: I've seen this most often when someone sets up a Linux server named web_server and tries to add it to Windows DNS. The underscore is common in Linux hostnames but doesn't fly here.

2. DNS label too long (over 63 characters)

Every label in a DNS name — the part between dots — can't be longer than 63 characters. If you have a name like this-is-a-very-long-hostname-that-exceeds-sixty-three-characters, you'll hit error 0X00002558. I've seen this when someone uses a descriptive VM name that gets out of hand.

Check your record's name. Count the characters in the label before the first dot. If it's 64 or more, you need to shorten it.

To fix this:

  1. In DNS Manager, go to the record that's failing.
  2. Right-click and select Properties.
  3. Look at the Host or child domain field. Count the characters.
  4. Shorten it to 63 characters or fewer. Use abbreviations if needed. For example, production-database-server-west can become prod-db-west.
  5. Click OK. The record should save without error.

One more thing: the entire FQDN can be up to 253 characters including dots, but each label must be under 64. If you shorten the label and still get the error, check for hidden spaces. Some apps copy-paste a trailing space that you can't see. Delete the entire name and type it fresh.

Real-world trigger: This happens when someone creates a computer name using the asset tag plus a long description, like asset-12345-delivery-warehouse-south-branch. That label is way over 63 characters.

3. Hidden or special characters in the name

Sometimes the character isn't obvious. It could be a space, a tab, a Unicode character like an em dash, or even a null byte. I had a client once where the error kept showing up even after checking for underscores and label length. Turned out the name had a non-breaking space (character code 0xA0) that looked like a regular space.

To catch these, use the command line instead of the GUI. The GUI won't always show invisible characters.

  1. Open Command Prompt as administrator.
  2. Type this command to list the records in the zone: dnscmd [server] /enumrecords [zone] [node]. Replace [server] with your server name, [zone] with the zone like example.com, and [node] with @ or the node name. For example: dnscmd dc1 /enumrecords example.com @
  3. Look for the record that's causing the error. You'll see the exact bytes. If you see a space, it might be fine, but if you see something like 0xA0, you've found the problem.
  4. Delete the bad record. In DNS Manager, right-click the record and select Delete. Confirm.
  5. Create a new record with the correct name. Type it manually — don't copy and paste from the old source.

An alternative: use PowerShell. Run Get-DnsServerResourceRecord -ZoneName example.com -RRType A | Where-Object HostName -match '[^a-zA-Z0-9\-]'. That regex will find any record with characters that aren't letters, numbers, or hyphens. Pipe it to Remove-DnsServerResourceRecord to delete the bad ones. But be careful — test on a non-production server first.

Real-world trigger: This happens when someone copies a hostname from an email or a web form that uses smart quotes (curly quotes). The smart quote characters are Unicode and aren't valid in DNS.

Quick-reference summary table

CauseFixCommon scenario
Underscore in hostnameReplace underscore with hyphenLinux hostname like web_server
Label over 63 charactersShorten the labelLong descriptive name with asset tag
Hidden/special characterUse dnscmd or PowerShell to find and delete the record, then re-create it manuallyCopied name from email with smart quotes or non-breaking space

If none of these fix the error, check if you're using the correct characters in the DNS zone name itself. The zone name (like my-domain.com) should also follow the same rules. Also, if you're using DNSSEC, the signing process might reject names that the basic DNS check passes. In that case, remove the signing, fix the name, then re-sign.

Was this solution helpful?

DNS_ERROR_INVALID_NAME_CHAR 0X00002558 invalid character in DNS name underscore in DNS DNS name validation DNS label length Windows DNS error DNS fix DNS troubleshooting DNS name syntax