Suricata

The this Z field is logged by Zeek: https://docs.zeek.org/en/master/logs/dns.html
And has shown good value to have in investigations, and there has been created a sigma rule that is based on this flag:
https://github.com/SigmaHQ/sigma/blob/master/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml

I think this should be pretty strightforward, so I will great a PR