1 files changed, 18 insertions, 4 deletions

diff --git a/man/coredns-autopath.7 b/man/coredns-autopath.7
index 4bacee73f..f94c48b47 100644
--- a/man/coredns-autopath.7
+++ b/man/coredns-autopath.7
@@ -1,5 +1,5 @@
 .\" Generated by Mmark Markdown Processer - mmark.miek.nl
-.TH "COREDNS-AUTOPATH" 7 "January 2020" "CoreDNS" "CoreDNS Plugins"
+.TH "COREDNS-AUTOPATH" 7 "March 2020" "CoreDNS" "CoreDNS Plugins"
 
 .SH "NAME"
 .PP
@@ -13,6 +13,9 @@ failures, the original reply is returned. Because \fIautopath\fP returns a reply
 the original question it will add a CNAME that points from the original name (with the search path
 element in it) to the name of this answer.
 
+.PP
+\fBNote\fP: There are several known issues.  See section below.
+
 .SH "SYNTAX"
 .PP
 .RS
@@ -39,7 +42,7 @@ If a plugin implements the \fB\fCAutoPather\fR interface then it can be used.
 If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric is exported:
 
 .IP \(bu 4
-\fB\fCcoredns_autopath_success_count_total{server}\fR - counter of successfully autopath-ed queries.
+\fB\fCcoredns_autopath_success_total{server}\fR - counter of successfully autopath-ed queries.
 
 
 .PP
@@ -73,8 +76,19 @@ Use the search path dynamically retrieved from the \fIkubernetes\fP plugin.
 
 .SH "KNOWN ISSUES"
 .PP
-In Kubernetes, \fIautopath\fP is not compatible with pods running from Windows nodes.
+In Kubernetes, \fIautopath\fP can derive the wrong namespace of a client Pod (and therefore wrong search path)
+in the following case.  To properly build the search path of a client \fIautopath\fP needs to
+know the namespace of the a Pod making a DNS request. To do this, it relies on the
+\fIkubernetes\fP plugin's Pod cache to resolve the client's IP address to a Pod.  The Pod cache is maintained by
+an API watch on Pods.  When Pod IP assignments change, the Kubernetes API notifies CoreDNS via the API watch.
+However, that notification is not instantaneous. In the case that a Pod is deleted, and it's IP is
+immediately provisioned to a Pod in another namespace, and that new Pod make a DNS lookup \fIbefore\fP the API watch
+can notify CoreDNS of the change, \fIautopath\fP will resolve the IP to the previous Pod's namespace.
+
+.PP
+In Kubernetes, \fIautopath\fP is not compatible with Pods running from Windows nodes.
 
 .PP
-If the server side search ultimately results in a negative answer (e.g. \fB\fCNXDOMAIN\fR), then the client will fruitlessly search all paths manually, thus negating the \fIautopath\fP optimization.
+If the server side search ultimately results in a negative answer (e.g. \fB\fCNXDOMAIN\fR), then the client will
+fruitlessly search all paths manually, thus negating the \fIautopath\fP optimization.