diff --git a/src/DNS.cc b/src/DNS.cc
index 8259a547bb..c93ea6973d 100644
--- a/src/DNS.cc
+++ b/src/DNS.cc
@@ -44,6 +44,7 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 	// This should weed out most of it.
 	if ( dns_max_queries > 0 && msg.qdcount > dns_max_queries )
 		{
+		analyzer->ProtocolViolation("DNS_Conn_count_too_large");
 		analyzer->Weird("DNS_Conn_count_too_large");
 		EndMessage(&msg);
 		return 0;
@@ -67,6 +68,8 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 		return 0;
 		}
 
+	analyzer->ProtocolConfirmation();
+
 	AddrVal server(analyzer->Conn()->RespAddr());
 
 	int skip_auth = dns_skip_all_auth;