From 6b0eb4dcd22bd4fe001672237c3962226451a52a Mon Sep 17 00:00:00 2001
From: Alex Simenduev <shamil.si@gmail.com>
Date: Wed, 26 Apr 2023 20:27:56 +0000
Subject: [PATCH 1/2] backport of commit
 74b15a66ac5a086a70b301402161c33c63e10603

---
 agent/dns.go      |  4 ++--
 agent/dns_test.go | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/agent/dns.go b/agent/dns.go
index 976b6dbdb97..c433a00061f 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -1020,8 +1020,8 @@ func (d *DNSServer) dispatch(remoteAddr net.Addr, req, resp *dns.Msg, maxRecursi
 }
 
 func (d *DNSServer) trimDomain(query string) string {
-	longer := d.domain
-	shorter := d.altDomain
+	longer := "." + strings.TrimLeft(d.domain, ".")
+	shorter := "." + strings.TrimLeft(d.altDomain, ".")
 
 	if len(shorter) > len(longer) {
 		longer, shorter = shorter, longer
diff --git a/agent/dns_test.go b/agent/dns_test.go
index e4880b1321e..01d08d67df6 100644
--- a/agent/dns_test.go
+++ b/agent/dns_test.go
@@ -7058,6 +7058,45 @@ func TestDNS_AltDomains_Overlap(t *testing.T) {
 	}
 }
 
+func TestDNS_AltDomain_DCName_Overlap(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	// this tests the DC name overlap with the consul domain/alt-domain
+	// we should get response when DC suffix is a prefix of consul alt-domain
+	t.Parallel()
+	a := NewTestAgent(t, `
+		datacenter = "dc-test"
+		node_name = "test-node"
+		alt_domain = "test.consul."
+	`)
+	defer a.Shutdown()
+	testrpc.WaitForLeader(t, a.RPC, "dc-test")
+
+	questions := []string{
+		"test-node.node.dc-test.consul.",
+		"test-node.node.dc-test.test.consul.",
+	}
+
+	for _, question := range questions {
+		m := new(dns.Msg)
+		m.SetQuestion(question, dns.TypeA)
+
+		c := new(dns.Client)
+		in, _, err := c.Exchange(m, a.DNSAddr())
+		if err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		require.Len(t, in.Answer, 1)
+
+		aRec, ok := in.Answer[0].(*dns.A)
+		require.True(t, ok)
+		require.Equal(t, aRec.A.To4().String(), "127.0.0.1")
+	}
+}
+
 func TestDNS_PreparedQuery_AllowStale(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")

From 50d1330b9ad182870154b5c453c84c66efb6bd7c Mon Sep 17 00:00:00 2001
From: Alex Simenduev <shamil.si@gmail.com>
Date: Thu, 27 Apr 2023 19:43:04 +0000
Subject: [PATCH 2/2] backport of commit
 b6c866e3649b25362c529af66ddda746ef4fc562

---
 agent/dns.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/agent/dns.go b/agent/dns.go
index c433a00061f..9ad005bf498 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -1020,14 +1020,14 @@ func (d *DNSServer) dispatch(remoteAddr net.Addr, req, resp *dns.Msg, maxRecursi
 }
 
 func (d *DNSServer) trimDomain(query string) string {
-	longer := "." + strings.TrimLeft(d.domain, ".")
-	shorter := "." + strings.TrimLeft(d.altDomain, ".")
+	longer := d.domain
+	shorter := d.altDomain
 
 	if len(shorter) > len(longer) {
 		longer, shorter = shorter, longer
 	}
 
-	if strings.HasSuffix(query, longer) {
+	if strings.HasSuffix(query, "."+strings.TrimLeft(longer, ".")) {
 		return strings.TrimSuffix(query, longer)
 	}
 	return strings.TrimSuffix(query, shorter)