diff --git a/plugin/forward/README.md b/plugin/forward/README.md index 359fd3827..52625249c 100644 --- a/plugin/forward/README.md +++ b/plugin/forward/README.md @@ -88,7 +88,7 @@ forward FROM TO... { * `no_rec` - optional argument that sets the RecursionDesired-flag of the dns-query used in health checking to `false`. The flag is default `true`. * `max_concurrent` **MAX** will limit the number of concurrent queries to **MAX**. Any new query that would - raise the number of concurrent queries above the **MAX** will result in a SERVFAIL response. This + raise the number of concurrent queries above the **MAX** will result in a REFUSED response. This response does not count as a health failure. When choosing a value for **MAX**, pick a number at least greater than the expected *upstream query rate* * *latency* of the upstream servers. As an upper bound for **MAX**, consider that each concurrent query will use about 2kb of memory. diff --git a/plugin/forward/forward.go b/plugin/forward/forward.go index eff8f7030..5f7d343de 100644 --- a/plugin/forward/forward.go +++ b/plugin/forward/forward.go @@ -83,7 +83,7 @@ func (f *Forward) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg defer atomic.AddInt64(&(f.concurrent), -1) if count > f.maxConcurrent { MaxConcurrentRejectCount.Add(1) - return dns.RcodeServerFailure, f.ErrLimitExceeded + return dns.RcodeRefused, f.ErrLimitExceeded } } diff --git a/plugin/pkg/response/typify_test.go b/plugin/pkg/response/typify_test.go index fca6ba100..3d9abdf7c 100644 --- a/plugin/pkg/response/typify_test.go +++ b/plugin/pkg/response/typify_test.go @@ -60,6 +60,16 @@ func TestTypifyImpossible(t *testing.T) { } } +func TestTypifyRefused(t *testing.T) { + m := new(dns.Msg) + m.SetQuestion("foo.example.org.", dns.TypeA) + m.Rcode = dns.RcodeRefused + mt, _ := Typify(m, time.Now().UTC()) + if mt != OtherError { + t.Errorf("Refused message not typified as OtherError, got %s", mt) + } +} + func delegationMsg() *dns.Msg { return &dns.Msg{ Ns: []dns.RR{