Setting respect_dns_ttl to `true` may result in excessive dns requests when hosts/endpoints DNS returns an NXDOMAIN

[cetanu]

We've noticed inside our org after adding respect_dns_ttl to all clusters globally, that when Envoy finds a host that results in an NXDOMAIN on an attempted DNS lookup, Envoy appears to continue to retry the lookup infinitely, to excess.

I think that the following config is sufficient to reproduce the issue:

static_resources:
  clusters:
  - name: test
    connect_timeout: 5s
    type: STRICT_DNS
    lb_policy: ROUND_ROBIN
    respect_dns_ttl: true
    load_assignment:
      cluster_name: test
      endpoints:
        - lb_endpoints:
            - endpoint:
                address:
                  socket_address:
                    address: does-not-exist-asdkjashdaskfhasalsfhas.com
                    port_value: 8080

I think this logic starts somewhere here

envoy/source/common/upstream/strict_dns_cluster.cc

Line 14 in e0e7628

dns_refresh_rate_ms_(

and I think it would be good if this fell back on the default DNS refresh rate in the case of an NXDOMAIN or similar error resulting in a lack of a TTL

[mattklein123]

@crazyxy can you take a look please? Thank you.

[yxue]

I will fix the bug. @mattklein123 Please assign the bug to me. Thanks!

[mattklein123]

Thank you @crazyxy!

[cetanu]

Thank you for your fast work on this 😄 ❤️

[mattklein123]

Fixed