DNS analyzer does not generate events on most NXDOMAIN

[gregor]

With default settings the "old" DNS-Analyzer doesn't generate events on (most) NXDOMAINs because: most NXDOMAIN replies have additional (or authority) sections, dns_skip_all* is T by default, the dns_rejected event is only generated when all sections have zero count ==> no dns_rejeced event (because there's an additional) but the additional is not printed ==> no event is generated for this DNS reply.

Maybe solution:

a) generate a dns_rejected whenever RCode != 0 or
b) generate a dns_rejected when RCode!=0 && ancount==0

What do you think is the best semantic?

FYI: here's the code snippet from DNS.cc

  else if ( msg->QR == 1 &&
           msg->ancount == 0 && msg->nscount == 0 && msg->arcount == 0 )
       // Service rejected in some fashion, and it won't be reported
       // via a returned RR because there aren't any.
         dns_event = dns_rejected;