From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 16 Sep 2019 20:39:42 +0000 (-0600)
Subject: doc: Replace dns_query with dns.query.
X-Git-Tag: suricata-5.0.0-rc1~41
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=daed788d49f404400f6c0e48bb189b88fd94649d;p=thirdparty%2Fsuricata.git

doc: Replace dns_query with dns.query.
---

diff --git a/doc/userguide/rules/dns-keywords.rst b/doc/userguide/rules/dns-keywords.rst
index 8149cebda5..675d8ea5e1 100644
--- a/doc/userguide/rules/dns-keywords.rst
+++ b/doc/userguide/rules/dns-keywords.rst
@@ -6,22 +6,23 @@ content modifiers, please visit the page :doc:`payload-keywords` These
 ones make sure the signature checks a specific part of the
 network-traffic.
 
-
-dns_query
+dns.query
 ---------
 
-With **dns_query** the DNS request queries are inspected. The dns_query
+With **dns.query** the DNS request queries are inspected. The dns.query
 keyword works a bit different from the normal content modifiers. When
 used in a rule all contents following it are affected by it.  Example:
 
-  alert dns any any -> any any (msg:"Test dns_query option";
-  dns_query; content:"google"; nocase; sid:1;)
+  alert dns any any -> any any (msg:"Test dns.query option";
+  dns.query; content:"google"; nocase; sid:1;)
 
 .. image:: dns-keywords/dns_query.png
 
-The dns_query keyword affects all following contents, until pkt_data
+The **dns.query** keyword affects all following contents, until pkt_data
 is used or it reaches the end of the rule.
 
+.. note:: **dns.query** is equivalent to the older **dns_query**.
+
 Normalized Buffer
 ~~~~~~~~~~~~~~~~~
 
@@ -40,6 +41,6 @@ DNS query on the wire (snippet)::
 
     |04|mail|06|google|03|com|00|
 
-``dns_query`` buffer::
+``dns.query`` buffer::
 
     mail.google.com