diff --git a/modules/dns/README.md b/modules/dns/README.md
index 8739bbb0..9195c417 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -163,7 +163,7 @@ module "public-dns" {
| [force_destroy](variables.tf#L23) | Set this to true to delete all records in the zone upon zone destruction. | bool | | null |
| [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | null |
| [recordsets](variables.tf#L45) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} |
-| [zone_config](variables.tf#L89) | DNS zone configuration. | object({…}) | | null |
+| [zone_config](variables.tf#L102) | DNS zone configuration. | object({…}) | | null |
## Outputs
diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
index d23d949a..27d9c79d 100644
--- a/modules/dns/variables.tf
+++ b/modules/dns/variables.tf
@@ -84,6 +84,19 @@ variable "recordsets" {
])
error_message = "Only one of records, wrr_routing or geo_routing can be defined for each recordset."
}
+ validation {
+ condition = alltrue(flatten([
+ for k, v in coalesce(var.recordsets, {}) : [
+ for r in try(v.geo_routing.health_checked_targets, []) : [
+ contains(
+ ["regionalL4ilb", "regionalL7ilb", "globalL7ilb", null],
+ try(r.load_balancer_type, null)
+ )
+ ]
+ ]
+ ]))
+ error_message = "Invalid load balancer type for health checked target."
+ }
}
variable "zone_config" {