From 6fe2b2c0f3d0bb16d21652e01c87b8d4fe5d97f5 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Thu, 6 Oct 2011 17:53:03 -0700
Subject: [PATCH] DNS now raises DPD events.

Closes #577.
---
 src/DNS.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/DNS.cc b/src/DNS.cc
index 8259a547bb..c93ea6973d 100644
--- a/src/DNS.cc
+++ b/src/DNS.cc
@@ -44,6 +44,7 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 	// This should weed out most of it.
 	if ( dns_max_queries > 0 && msg.qdcount > dns_max_queries )
 		{
+		analyzer->ProtocolViolation("DNS_Conn_count_too_large");
 		analyzer->Weird("DNS_Conn_count_too_large");
 		EndMessage(&msg);
 		return 0;
@@ -67,6 +68,8 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 		return 0;
 		}
 
+	analyzer->ProtocolConfirmation();
+
 	AddrVal server(analyzer->Conn()->RespAddr());
 
 	int skip_auth = dns_skip_all_auth;