Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords)

(Suricata version 6.0.4 RELEASE)
I am trying to combine matching on tcp and dns in the same rule.
Suricata accepts rule:
“pass tcp 2.2.2.2/32 any → any any (app-layer-protocol:dns; sid:99; seq:0; ack:0; window:!65535; flags:!A; tcp.mss:<64; flow:established;)”
although on combining tcp keywords with dns like:
“pass tcp 2.2.2.2/32 any → any any (app-layer-protocol:dns; sid:99; dns.opcode:4; seq:0; ack:0; window:!65535; flags:!A; tcp.mss:<64; flow:established;)”
Throws error:
“Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords)”
Is it possible to bypass this and match on combined properties of both protocols in the same rule?