From 4757bb1e21585e18ba6d9dea6aee6dc834c4b0f4 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Thu, 30 Apr 2026 08:48:49 +0700
Subject: [PATCH] Update rules section

---
 README.md | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 1f334e9..afd453b 100644
--- a/README.md
+++ b/README.md
@@ -69,20 +69,17 @@ happyDomain will delegate observation collection to this endpoint.
 
 ## Rules
 
-Each rule emits a finding code. Severity can be affected by the options above.
-
-| Code | Default severity | Condition |
-|------|-----------------|-----------|
-| `reverse_zone_not_arpa` | critical | The zone is not under `in-addr.arpa` or `ip6.arpa`. |
-| `reverse_zone.load_error` | error | A structural failure prevented observation collection. |
-| `reverse_zone_empty` | warning | The reverse zone declares no PTR records at all. |
-| `ptr_forward_mismatch` | critical / warning with `requireForwardMatch=false` | A PTR target's A/AAAA records do not include the original IP (FCrDNS mismatch). |
-| `ptr_target_unresolvable` | critical / warning with `requireForwardMatch=false` | A PTR target has no A or AAAA record in the forward DNS. |
-| `ptr_multiple` | warning | An IP owner carries more than one PTR record. Skipped when `allowMultiplePTR=true`. |
-| `ptr_target_invalid` | critical | A PTR target is not a syntactically valid hostname (RFC 952/1123). |
-| `ptr_generic_hostname` | warning | A PTR target embeds the IP address or matches common ISP auto-generated patterns. Skipped when `flagGenericPTR=false`. |
-| `ptr_low_ttl` | warning | A PTR record's TTL is below `minTTL`. |
-| `reverse_zone_truncated` | info | The zone has more PTR records than `maxPTRsToCheck`; only the first batch was inspected. |
+| Code                              | Description                                                                                       | Severity            |
+|-----------------------------------|---------------------------------------------------------------------------------------------------|---------------------|
+| `reverse_zone.is_reverse_arpa`    | Verifies the zone is under in-addr.arpa or ip6.arpa.                                              | CRITICAL            |
+| `reverse_zone.has_ptrs`           | Verifies the reverse zone declares at least one PTR record.                                       | WARNING             |
+| `reverse_zone.fcrdns`             | Verifies every PTR target's A/AAAA round-trips back to the original IP (Forward-Confirmed Reverse DNS). | CRITICAL      |
+| `reverse_zone.target_resolves`    | Verifies every PTR target resolves to at least one A or AAAA record.                              | CRITICAL            |
+| `reverse_zone.single_ptr_per_ip`  | Flags IPs with multiple PTR records (RFC 1912 §2.1 recommends exactly one).                       | WARNING             |
+| `reverse_zone.target_syntax`      | Verifies every PTR target is a syntactically valid hostname.                                      | CRITICAL            |
+| `reverse_zone.generic_hostname`   | Flags PTR targets that embed the IP or match common ISP auto-generated patterns.                  | WARNING             |
+| `reverse_zone.ttl_hygiene`        | Flags PTR records whose TTL is below the configured minimum.                                      | WARNING             |
+| `reverse_zone.truncated`          | Reports when the zone has more PTRs than the configured cap allows to inspect.                    | INFO                |
 
 ## License