doc: Replace dns_query with dns.query.

diff --git a/doc/userguide/rules/dns-keywords.rst b/doc/userguide/rules/dns-keywords.rst
index 8149cebda538afe6b12a795fff68ec4898691fb7..675d8ea5e13bdba72f3e53c8e5a5c489cc206b88 100644 (file)
--- a/doc/userguide/rules/dns-keywords.rst
+++ b/doc/userguide/rules/dns-keywords.rst
@@ -6,22 +6,23 @@ content modifiers, please visit the page :doc:`payload-keywords` These
 ones make sure the signature checks a specific part of the
 network-traffic.
 
-
-dns_query
+dns.query
 ---------
 
-With **dns_query** the DNS request queries are inspected. The dns_query
+With **dns.query** the DNS request queries are inspected. The dns.query
 keyword works a bit different from the normal content modifiers. When
 used in a rule all contents following it are affected by it.  Example:
 
-  alert dns any any -> any any (msg:"Test dns_query option";
-  dns_query; content:"google"; nocase; sid:1;)
+  alert dns any any -> any any (msg:"Test dns.query option";
+  dns.query; content:"google"; nocase; sid:1;)
 
 .. image:: dns-keywords/dns_query.png
 
-The dns_query keyword affects all following contents, until pkt_data
+The **dns.query** keyword affects all following contents, until pkt_data
 is used or it reaches the end of the rule.
 
+.. note:: **dns.query** is equivalent to the older **dns_query**.
+
 Normalized Buffer
 ~~~~~~~~~~~~~~~~~
 
@@ -40,6 +41,6 @@ DNS query on the wire (snippet)::
 
     |04|mail|06|google|03|com|00|
 
-``dns_query`` buffer::
+``dns.query`` buffer::
 
     mail.google.com