Skip to content

Commit

Permalink
respond with REFUSED when max_concurrent is exceeded to avoid caching…
Browse files Browse the repository at this point in the history 
… it (coredns#4326)

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
  • Loading branch information
@chrisohaver
chrisohaver authored Dec 15, 2020
1 parent 45bf23f commit 9cb5348
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
2 changes: 1 addition & 1 deletion plugin/forward/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ forward FROM TO... {
* `no_rec` - optional argument that sets the RecursionDesired-flag of the dns-query used in health checking to `false`.
The flag is default `true`.
* `max_concurrent` **MAX** will limit the number of concurrent queries to **MAX**. Any new query that would
raise the number of concurrent queries above the **MAX** will result in a SERVFAIL response. This
raise the number of concurrent queries above the **MAX** will result in a REFUSED response. This
response does not count as a health failure. When choosing a value for **MAX**, pick a number
at least greater than the expected *upstream query rate* * *latency* of the upstream servers.
As an upper bound for **MAX**, consider that each concurrent query will use about 2kb of memory.
Expand Down
2 changes: 1 addition & 1 deletion plugin/forward/forward.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func (f *Forward) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
defer atomic.AddInt64(&(f.concurrent), -1)
if count > f.maxConcurrent {
MaxConcurrentRejectCount.Add(1)
return dns.RcodeServerFailure, f.ErrLimitExceeded
return dns.RcodeRefused, f.ErrLimitExceeded
}
}

Expand Down
10 changes: 10 additions & 0 deletions plugin/pkg/response/typify_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,16 @@ func TestTypifyImpossible(t *testing.T) {
}
}

func TestTypifyRefused(t *testing.T) {
m := new(dns.Msg)
m.SetQuestion("foo.example.org.", dns.TypeA)
m.Rcode = dns.RcodeRefused
mt, _ := Typify(m, time.Now().UTC())
if mt != OtherError {
t.Errorf("Refused message not typified as OtherError, got %s", mt)
}
}

func delegationMsg() *dns.Msg {
return &dns.Msg{
Ns: []dns.RR{
Expand Down

0 comments on commit 9cb5348

Please sign in to comment.