From 73d1856525d99a22328d50dc15a24940a3f86922 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 11 Feb 2025 13:50:00 +0100
Subject: DNS: disable subclassification by default (#2715)

Prelimary change to start supporting multiple DNS transactions on the
same flow
---
 doc/configuration_parameters.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md
index bb1e17a67..bb39280fd 100644
--- a/doc/configuration_parameters.md
+++ b/doc/configuration_parameters.md
@@ -67,7 +67,7 @@ List of the supported configuration options:
 | "stun"       | "metadata.attribute.relayed_address"      | enable        | NULL      | NULL      | Enable/disable extraction of (xor-)relayed-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster |
 | "stun"       | "metadata.attribute.peer_address"         | enable        | NULL      | NULL      | Enable/disable extraction of (xor-)peer-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster; however sub-classification capability might be negatively impacted |
 | "bittorrent" | "metadata.hash"                           | enable        | NULL      | NULL      | Enable/disable extraction of hash metadata for Bittorrent flows. |
-| "dns"        | "subclassification"                       | enable        | NULL      | NULL      | Enable/disable sub-classification of DNS flows (via query/response domain name). |
+| "dns"        | "subclassification"                       | disable       | NULL      | NULL      | Enable/disable sub-classification of DNS flows (via query/response domain name). |
 | "dns"        | "process_response"                        | enable        | NULL      | NULL      | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported |
 | "http"       | "process_response"                        | enable        | NULL      | NULL      | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported |
 | "http"       | "subclassification"                       | enable        | NULL      | NULL      | Enable/disable sub-classification of HTTP flows |
-- 
cgit v1.2.3