0X000025ED

Fix DNS CNAME collision error 0X000025ED quickly

Network & Connectivity Intermediate 👁 1 views 📅 May 27, 2026

This error hits when you try to add a CNAME but an A record already uses that name. The fix is deleting the A record or changing the record type. Simple.

The 30-second fix: Check for stale records

First, confirm the error is actually what you think it is. Open DNS Manager (dnsmgmt.msc), right-click your zone, and select New Host (A or AAAA). If you get 0X000025ED again, then yeah — there's a collision.

The fastest fix: delete the existing A record that's blocking you. Here's how:

  1. In DNS Manager, browse to the zone where you're adding the CNAME.
  2. Look for an A or AAAA record with the exact same name. If it's www and you're trying to create a CNAME for www, that A record has to go.
  3. Right-click that A record and choose Delete.
  4. Now create your CNAME record. It'll work.

Don't bother checking replication status first — if you can see the record in DNS Manager, it's the A record that's the problem. The culprit here is almost always a stale A record left over from a web server migration or an old DHCP lease.

If that's not it, or you're sure the A record should stay, move to the next step.

The 5-minute fix: Check for hidden records or scavenging issues

Sometimes the A record is hidden from standard view. Run this from an elevated PowerShell or command prompt:

dnscmd /enumrecords [zonename] .

Replace [zonename] with your zone, like contoso.local. This dumps every record. Look for the name in question. If you see both an A and a CNAME with the same name, the A is the blocker.

Now, why does this happen? Two common reasons:

  • Stale DNS scavenging is off. If scavenging never runs, old records pile up. Enable it. Right-click the zone > Properties > General > Aging. Check Scavenge stale resource records. Set a refresh interval of 7 days and a no-refresh of 7 days. Then set the server-level scavenging interval under Server Properties > Advanced.
  • DHCP is registering the record dynamically. If the client gets its IP from DHCP and has DNS registration enabled, it'll create an A record. Disable that in the DHCP scope properties under DNS. Uncheck Enable DNS dynamic updates according to the settings below for that specific scope, or set the DHCP server to only register with the proxy.

If you're in Active Directory, also check if the record is a DnsNode object with multiple record types. Open ADSI Edit, go to CN=MicrosoftDNS, CN=System, DC=[yourdomain], and look for the node. If it has both an A and a CNAME, you're in collision territory. Delete the A record from that node.

The 15+ minute fix: Deep cleanup and scripting

If the above didn't work, you've got a more stubborn issue. Here's the drill:

Check replication conflicts

If you're running a multi-DC environment, a lingering A record on one DC can cause this. Run this on each DNS server:

dnscmd /zoneresetsecondaries [zonename] /secure

Then force replication:

repadmin /syncall /AdeP

Wait 15 minutes. Try the CNAME again.

Use PowerShell to nuke the collision

This script removes the A record and creates the CNAME in one shot. Run as admin:

$zone = "contoso.local"
$name = "www"
$cnameTarget = "web.contoso.local"
$dnsServer = "dc01"

Remove-DnsServerResourceRecord -ZoneName $zone -Name $name -RRType A -Force -ComputerName $dnsServer
Add-DnsServerResourceRecordCName -ZoneName $zone -Name $name -HostNameAlias $cnameTarget -ComputerName $dnsServer

If Remove-DnsServerResourceRecord fails, it means the record is protected. In that case, use dnscmd directly:

dnscmd $dnsServer /recorddelete $zone $name A /f
dnscmd $dnsServer /recordadd $zone $name CNAME $cnameTarget

When to just rebuild the zone

If you've got a corrupted zone where records refuse to delete, export the zone, delete it, and reimport. On the primary DNS server:

dnscmd /zoneexport $zone c:\temp\zone.txt
# Delete the zone manually in DNS Manager
# Recreate the zone as primary, then:
dnscmd /zoneadd $zone /primary /file zone.txt /load

This wipes out all collisions but also deletes dynamic records that need re-registration. Clients will re-register within 24 hours, or you can force it with ipconfig /registerdns.

Quick reference table

SymptomMost likely causeFix
CNAME creation fails with 0X000025EDA record with same name existsDelete the A record
Can't delete the A recordProtected record or replication issueUse dnscmd /recorddelete with /f
Enabling scavenging doesn't helpScavenging interval too long or not setSet 7-day refresh, 7-day no-refresh
DHCP keeps recreating the A recordDHCP scope DNS updates enabledDisable DNS updates in scope props

One last thing

I've seen this error pop up when someone tries to create a CNAME for an existing NS record too. The fix is the same — delete the NS record if you can. But be careful: NS records are critical for delegation. Make sure you're not breaking your zone's delegation structure before deleting it. If you're not sure, just leave that record alone and pick a different name for your CNAME.

That's it. Start with the 30-second fix. Nine times out of ten, that's all you need.

Was this solution helpful?

DNS error 0X000025ED CNAME collision A record already exists DNS record conflict Windows Server DNS DNS troubleshooting CNAME record error DNS record collision fix Active Directory DNS duplicate DNS record DNS not updating DNS error code 0X000025ED fix DNS record type conflict DNS collision resolution