respond with REFUSED when max_concurrent is exceeded to avoid caching it (#4326)

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>

2 files changed, 2 insertions, 2 deletions

diff --git a/plugin/forward/README.md b/plugin/forward/README.md
index 359fd3827..52625249c 100644
--- a/plugin/forward/README.md
+++ b/plugin/forward/README.md
@@ -88,7 +88,7 @@ forward FROM TO... {
   * `no_rec` - optional argument that sets the RecursionDesired-flag of the dns-query used in health checking to `false`.
     The flag is default `true`.
 * `max_concurrent` **MAX** will limit the number of concurrent queries to **MAX**.  Any new query that would
-  raise the number of concurrent queries above the **MAX** will result in a SERVFAIL response. This
+  raise the number of concurrent queries above the **MAX** will result in a REFUSED response. This
   response does not count as a health failure. When choosing a value for **MAX**, pick a number
   at least greater than the expected *upstream query rate* * *latency* of the upstream servers.
   As an upper bound for **MAX**, consider that each concurrent query will use about 2kb of memory.
diff --git a/plugin/forward/forward.go b/plugin/forward/forward.go
index eff8f7030..5f7d343de 100644
--- a/plugin/forward/forward.go
+++ b/plugin/forward/forward.go
@@ -83,7 +83,7 @@ func (f *Forward) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
 		defer atomic.AddInt64(&(f.concurrent), -1)
 		if count > f.maxConcurrent {
 			MaxConcurrentRejectCount.Add(1)
-			return dns.RcodeServerFailure, f.ErrLimitExceeded
+			return dns.RcodeRefused, f.ErrLimitExceeded
 		}
 	}