docs: Add note on resource address match order (#6818)

Documents how overlapping addresses are matched. Draft until #6809 is merged and published. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
2026-01-27 18:18:55 +00:00 · 2024-09-27 17:19:41 -07:00
parent 6736bb7866
commit c10a457672
1 changed files with 20 additions and 0 deletions
--- a/website/src/app/kb/deploy/resources/readme.mdx
+++ b/website/src/app/kb/deploy/resources/readme.mdx
@@ -46,6 +46,26 @@ From there, you can select the type of Resource you want to create:
  Resource.
 </Alert>

+#### Routing order for overlapping addresses
+
+When multiple Resources' addresses overlap, the Resource with the more specific
+address will be used.
+
+For CIDR Resources, an address with a longer prefix is more specific than a
+shorter one. For example: `10.0.0.0/16` is more specific than `10.0.0.0/8`. IP
+Resources are essentially addresses with `/32` prefix and thus always more
+specific than any other CIDR.
+
+For DNS Resources, more specific loosely translates to less wildcards. In
+particular:
+
+- Resources without wildcards are always prioritized over wildcard domains: For
+  example, `app.example.com` is checked before `*.example.com`.
+- Single-char wildcards (`?`) take priority over label wildcards (`*`): For
+  example, `???.example.com` is checked before `*.example.com`.
+- Label wildcards (`*`) take priority over catch-all wildcards (`**`): For
+  example, `*.example.com` is checked before `**.example.com`.
+
 ### Address description

 When creating a Resource, you'll be given the option to add an