0X000025EC

Fix CNAME error 0X000025EC: Node is a DNS record

Network & Connectivity Intermediate 👁 0 views 📅 May 26, 2026

This error means you're trying to create a CNAME on a zone apex or where another record type exists. The fix is usually a quick DNS record cleanup or a switch to an ALIAS record.

What you're seeing

You try to add a CNAME record in DNS (Windows DNS Manager, or via PowerShell, or even on a BIND server) and get back error 0X000025EC with the message "Node is a DNS record". This is a polite way of saying "there's already something living at this name, and CNAMEs don't share well with others."

The culprit here is almost always one of two things: either you already have an A record, MX record, or NS record at the same name, or you're trying to put a CNAME at the root of the domain (the zone apex) — which the DNS specs explicitly forbid (RFC 1034, if you care).

I've seen this happen most often when someone builds a new web server and tries to add a CNAME for @ or example.com without realizing that the SOA and NS records already live there, or that they already have a mail exchanger pointed at the same name.

30-second fix: Find and remove the conflicting record

Don't overthink this. Open your DNS management console (or dig into the zone file if you're on Linux). Look at the exact name where the CNAME is failing. If you're adding www.example.com as a CNAME, check whether an A record or any other record type already exists at www.example.com.

In Windows DNS Manager: right-click the zone, select "New Host (A or AAAA)" — wait, no, just expand the zone and look. If you see an A record with the same name, delete it. CNAMEs cannot coexist with any other record type at the same node. Once the old record is gone, you can add the CNAME.

If the conflicting record is an MX or NS record at the root, you can't just delete it — you'll break email or resolution. That's the next section.

PowerShell quick check

Get-DnsServerResourceRecord -ZoneName "example.com" -Name "www"

If that returns anything, you've got a conflict. Remove the old A record with:

Remove-DnsServerResourceRecord -ZoneName "example.com" -Name "www" -RRType A -Force

5-minute fix: Rename the CNAME or use an ALIAS record

Sometimes the conflict is at the root (the zone apex). You can't put a CNAME at example.com because SOA and NS records live there. Don't try to delete them — that breaks your domain.

Option A: Use a different name. Instead of example.com as a CNAME, use www.example.com and redirect the bare domain via an HTTP redirect on your web server. This is the most common workaround and it works fine for 99% of use cases.

Option B: Use an ALIAS or ANAME record — if your DNS provider supports it. This is not a standard DNS record type (no RFC), but most modern hosted DNS providers (Cloudflare, AWS Route 53, DNS Made Easy, etc.) support it. An ALIAS record behaves like a CNAME but is allowed at the zone apex. Check your provider's docs. If you're running on-prem Windows DNS, sorry — no ALIAS support natively.

Option C: Static A record pointing to the IP. If the target IP doesn't change often, just use an A record. Harder to maintain but avoids the error entirely.

15-minute advanced fix: Re-architect the zone or use a forwarding workaround

If you absolutely need a CNAME at the root (some legacy apps insist on it), you're in for a longer session. Here's your options:

1. Stub zone or conditional forwarder (Windows DNS)

Create a new subdomain zone (like internal.example.com) and delegate it to a separate DNS server that doesn't have the SOA/NS conflict. Then point the CNAME at that subdomain. This is hacky but works.

In Windows DNS Manager: right-click the domain, choose "New Delegation", create a new zone on a separate server, and put your CNAME there.

2. Switch to a different DNS software

BIND 9 supports a minimal-any option and can handle some conflicts, but not the root CNAME issue. If you're stuck on Windows DNS, consider migrating to something like PowerDNS or Unbound that supports ALIAS-like functionality.

3. Write a script to synchronize A records

If the target IP changes frequently but you can't use ALIAS, write a PowerShell or cron script that runs every few minutes, resolves the target hostname, and updates the A record at the root. This is a band-aid, not a fix, but I've seen it in production more than once.

Prevention

Next time you build a DNS zone, plan ahead. Don't name a CNAME the same as an existing A record. And never try to CNAME the zone apex. If you need aliasing at the root, use an ALIAS record from the start.

Also, document your records. I can't tell you how many times I've seen a stale A record from 2008 blocking a CNAME in 2024. A simple audit every six months saves headaches.

Troubleshooting checklist

  1. Check for existing records at the target name (A, AAAA, MX, NS, TXT, SRV)
  2. If root — use ALIAS/ANAME or switch to www subdomain
  3. If not root — delete the conflicting record, then add CNAME
  4. Test resolution: nslookup -type=CNAME targetname dns-server
  5. Wait for TTL — changes aren't instant

Bottom line: error 0X000025EC is not a bug, it's DNS enforcement of the rules. Work with the rules, not against them, and you'll be done in minutes.

Was this solution helpful?

DNS CNAME error 0X000025EC node is a DNS record CNAME conflict fix DNS zone apex CNAME CNAME existing record DNS record types ALIAS record Windows DNS error AD DNS error CNAME creation failure