From 7c6c1bb77c55d770f505654caf5da515644d168a Mon Sep 17 00:00:00 2001
From: Ross McFarland <rwmcfa1@gmail.com>
Date: Tue, 28 Mar 2023 20:13:03 -0700
Subject: [PATCH] Document the new dynamic rule validations, add changelog
 entry

---
 CHANGELOG.md            |  5 +++++
 docs/dynamic_records.md | 12 +++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 901681d..3a38abb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,11 @@
   longer as they were considered private/protected.
 * Beta support for auto-arpa has been added, See the
   [auto-arpa documentation](/docs/auto_arpa.md) for more information.
+* Enhanced validations on dynamic rules to encourage best practices
+   * The last rule should be a catch-all w/o any targeted geos
+   * Geos should not be repeated in multiple rules
+   * Geos in rules subsequent rules should be ordered most to least specific,
+     e.g. NA-US-TN must come before NA-US, which must occur before NA
 
 #### Stuff
 
diff --git a/docs/dynamic_records.md b/docs/dynamic_records.md
index e019c94..54b106f 100644
--- a/docs/dynamic_records.md
+++ b/docs/dynamic_records.md
@@ -39,15 +39,23 @@ test:
     rules:
     - geos:
       # Geos used in matching queries
+      - AF-ZA
       - AS
       - OC
       # The pool to service the query from
       pool: apac
     - geos:
+      # AF-ZA was sent to apac above and the rest of AF else goes to eu here,
+      # sub-locations (e.g. AF-ZA) should come before their parents (AF.) If a
+      # more specific geo occured after a general one requests in that
+      # location would have already matched the previous rule. For the same
+      # reasons locations may not be repeated in multiple rules.
       - AF
       - EU
       pool: eu
-    # No geos means match all queries
+    # No geos means match all queries, the final rule should generally be a
+    # "catch-all", served to any requests that didn't match the preceeding
+    # rules. The catch-all is the only case where a pool may be re-used.
     - pool: na
   ttl: 60
   type: A
@@ -58,6 +66,8 @@ test:
   - 7.7.7.7
 ```
 
+If you encounter validation errors in dynamic records suggesting best practices that you have specific reasons for not following see [docs/records.md#Lenience](/docs/records.md#Lenience) for how to turn the errors into warnings. Doing so is taking on the burden of thoroughly testing and verifying that what you're doing behaves the way you expect. You may well encounter situations where the octoDNS providers and/or the underlying DNS services do not behave as desired.
+
 #### Geo Codes
 
 Geo codes consist of one to three parts depending on the scope of the area being targeted. Examples of these look like: