1 files changed, 10 insertions, 8 deletions

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index f95ebbc36..7ee114579 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -126,8 +126,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	} else
 	  invalid = 1;
 	
-	if(ndpi_struct->dns_dissect_response)
-	  return; /* The response will set the verdict */
       } else {
 	/* DNS Reply */
 
@@ -198,11 +196,18 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 
 	off++;
       }
+
       flow->host_server_name[j] = '\0';
 
       flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries,
 	flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs);
 
+      if(j > 0)
+	ndpi_match_host_subprotocol(ndpi_struct, flow, 
+				    (char *)flow->host_server_name,
+				    strlen((const char*)flow->host_server_name),
+				    NDPI_PROTOCOL_DNS);
+
 #ifdef DNS_DEBUG		
       printf("[%s:%d] [num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n",
 	     __FILE__, __LINE__,
@@ -210,14 +215,11 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	     flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name
 	     );
 #endif
-
-      if(j > 0)
-	ndpi_match_host_subprotocol(ndpi_struct, flow, 
-				    (char *)flow->host_server_name,
-				    strlen((const char*)flow->host_server_name),
-				    NDPI_PROTOCOL_DNS);
     
       if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+	if(is_query && ndpi_struct->dns_dissect_response)
+	  return; /* The response will set the verdict */
+	
 	/**
 	   Do not set the protocol with DNS if ndpi_match_host_subprotocol() has
 	   matched a subprotocol