From fa2ed61cc100e4f8bd7386d2e742a201a9ac22ba Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 23 Apr 2026 08:41:52 +0000
Subject: [PATCH 1/2] Initial plan


From b17acfd6bdacf2ca6dd973df7e9854bf20d4922f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 23 Apr 2026 08:46:23 +0000
Subject: [PATCH 2/2] dns_cache: simplify failure backoff floor - unconditional
 min_refresh_interval_ floor

Agent-Logs-Url: https://github.com/phlax/envoy/sessions/d98c4156-7c80-4fbc-9837-8fc816054e8c

Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
---
 .../dynamic_forward_proxy/dns_cache_impl.cc    | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/source/extensions/common/dynamic_forward_proxy/dns_cache_impl.cc b/source/extensions/common/dynamic_forward_proxy/dns_cache_impl.cc
index 98251e0041e41..fb782fe24f716 100644
--- a/source/extensions/common/dynamic_forward_proxy/dns_cache_impl.cc
+++ b/source/extensions/common/dynamic_forward_proxy/dns_cache_impl.cc
@@ -570,7 +570,6 @@ void DnsCacheImpl::finishResolve(const std::string& host,
       const auto elapsed = now - primary_host_info->host_info_->lastUsedTime();
       std::chrono::milliseconds refresh_interval(
           primary_host_info->failure_backoff_strategy_->nextBackOffMs());
-      const auto uncapped_refresh_interval = refresh_interval;
       if (elapsed >= host_ttl_) {
         refresh_interval = std::chrono::milliseconds(0);
       } else {
@@ -578,17 +577,12 @@ void DnsCacheImpl::finishResolve(const std::string& host,
             std::chrono::duration_cast<std::chrono::milliseconds>(host_ttl_ - elapsed);
         refresh_interval = std::min(refresh_interval, until_eviction);
       }
-      // If (and only if) the host_ttl cap above reduced the failure backoff, floor the
-      // resulting interval at min_refresh_interval_ (dns_min_refresh_rate). The cap bounds
-      // eviction delay; this floor prevents arming a ms-scale alarm that can kick rapid-fire
-      // resolves and race with dispatcher/resolver teardown in integration tests (observed
-      // as a LeakSanitizer leak in proxy_filter_integration_test DoubleResolution). When the
-      // cap does not kick in, the user-configured failure backoff is passed through unchanged.
-      if (refresh_interval < uncapped_refresh_interval) {
-        const auto min_refresh_ms =
-            std::chrono::duration_cast<std::chrono::milliseconds>(min_refresh_interval_);
-        refresh_interval = std::max(refresh_interval, min_refresh_ms);
-      }
+      // Floor the result at min_refresh_interval_ (dns_min_refresh_rate) to prevent arming
+      // a ms-scale alarm that can kick rapid-fire resolves and race with dispatcher/resolver
+      // teardown in integration tests (observed as a LeakSanitizer leak in
+      // proxy_filter_integration_test DoubleResolution).
+      refresh_interval = std::max(refresh_interval,
+          std::chrono::duration_cast<std::chrono::milliseconds>(min_refresh_interval_));
       primary_host_info->refresh_timer_->enableTimer(refresh_interval);
       ENVOY_LOG(debug, "DNS refresh rate reset for host '{}', (failure) refresh rate {} ms", host,
                 refresh_interval.count());