1 /*
2 * configparser.y -- yacc grammar for unbound configuration files
3 *
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5 *
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
7 *
8 * This software is open source.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 *
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
20 *
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 %{
39 #include "config.h"
40
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60
61 #if 0
62 #define OUTYY(s) printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66
67 %}
68 %union {
69 char* str;
70 };
71
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_DNSTAP_SAMPLE_RATE
141 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
142 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
143 %token VAR_IP_DSCP
144 %token VAR_DISABLE_DNSSEC_LAME_CHECK
145 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
146 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
147 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
148 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
149 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
150 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
151 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
152 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
153 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
154 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
155 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
156 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
157 %token VAR_CACHE_MIN_NEGATIVE_TTL
158 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
159 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
160 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
161 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
162 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
163 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
164 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
165 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
166 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
167 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
168 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
169 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
170 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
171 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
172 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
173 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
174 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
175 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
176 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
177 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
178 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
179 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
180 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
181 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
182 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISREPLICAHOST
183 %token VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISREPLICAPORT
184 %token VAR_CACHEDB_REDISTIMEOUT VAR_CACHEDB_REDISREPLICATIMEOUT
185 %token VAR_CACHEDB_REDISEXPIRERECORDS
186 %token VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISREPLICAPATH
187 %token VAR_CACHEDB_REDISPASSWORD VAR_CACHEDB_REDISREPLICAPASSWORD
188 %token VAR_CACHEDB_REDISLOGICALDB VAR_CACHEDB_REDISREPLICALOGICALDB
189 %token VAR_CACHEDB_REDISCOMMANDTIMEOUT VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT
190 %token VAR_CACHEDB_REDISCONNECTTIMEOUT VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT
191 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
192 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
193 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
194 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
195 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
196 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
197 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
198 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
199 %token VAR_DISCARD_TIMEOUT VAR_WAIT_LIMIT VAR_WAIT_LIMIT_COOKIE
200 %token VAR_WAIT_LIMIT_NETBLOCK VAR_WAIT_LIMIT_COOKIE_NETBLOCK
201 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
202 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
203 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
204 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
205 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
206 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
207 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
208 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
209 %token VAR_DNS_ERROR_REPORTING
210 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
211 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
212 %token VAR_QUIC_PORT VAR_QUIC_SIZE
213 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
214 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
215 %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
216 %token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME
217 %token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO
218 %token VAR_ITER_SCRUB_PROMISCUOUS
219
220 %%
221 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
222 toplevelvar: serverstart contents_server | stub_clause |
223 forward_clause | pythonstart contents_py |
224 rcstart contents_rc | dtstart contents_dt | view_clause |
225 dnscstart contents_dnsc | cachedbstart contents_cachedb |
226 ipsetstart contents_ipset | authstart contents_auth |
227 rpzstart contents_rpz | dynlibstart contents_dl |
228 force_toplevel
229 ;
230 force_toplevel: VAR_FORCE_TOPLEVEL
231 {
232 OUTYY(("\nP(force-toplevel)\n"));
233 cfg_parser->started_toplevel = 0;
234 }
235 ;
236 /* server: declaration */
237 serverstart: VAR_SERVER
238 {
239 OUTYY(("\nP(server:)\n"));
240 cfg_parser->started_toplevel = 1;
241 }
242 ;
243 contents_server: contents_server content_server
244 | ;
245 content_server: server_num_threads | server_verbosity | server_port |
246 server_outgoing_range | server_do_ip4 |
247 server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
248 server_prefer_ip6 | server_do_udp | server_do_tcp |
249 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
250 server_tcp_keepalive | server_tcp_keepalive_timeout |
251 server_sock_queue_timeout |
252 server_interface | server_chroot | server_username |
253 server_directory | server_logfile | server_pidfile |
254 server_msg_cache_size | server_msg_cache_slabs |
255 server_num_queries_per_thread | server_rrset_cache_size |
256 server_rrset_cache_slabs | server_outgoing_num_tcp |
257 server_infra_host_ttl | server_infra_lame_ttl |
258 server_infra_cache_slabs | server_infra_cache_numhosts |
259 server_infra_cache_lame_size | server_target_fetch_policy |
260 server_harden_short_bufsize | server_harden_large_queries |
261 server_do_not_query_address | server_hide_identity |
262 server_hide_version | server_identity | server_version |
263 server_hide_http_user_agent | server_http_user_agent |
264 server_harden_glue | server_module_conf | server_trust_anchor_file |
265 server_trust_anchor | server_val_override_date | server_bogus_ttl |
266 server_val_clean_additional | server_val_permissive_mode |
267 server_incoming_num_tcp | server_msg_buffer_size |
268 server_key_cache_size | server_key_cache_slabs |
269 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
270 server_use_syslog | server_outgoing_interface | server_root_hints |
271 server_do_not_query_localhost | server_cache_max_ttl |
272 server_harden_dnssec_stripped | server_access_control |
273 server_local_zone | server_local_data | server_interface_automatic |
274 server_statistics_interval | server_do_daemonize |
275 server_use_caps_for_id | server_statistics_cumulative |
276 server_outgoing_port_permit | server_outgoing_port_avoid |
277 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
278 server_harden_referral_path | server_private_address |
279 server_private_domain | server_extended_statistics |
280 server_local_data_ptr | server_jostle_timeout |
281 server_unwanted_reply_threshold | server_log_time_ascii |
282 server_domain_insecure | server_val_sig_skew_min |
283 server_val_sig_skew_max | server_val_max_restart |
284 server_cache_min_ttl | server_val_log_level |
285 server_auto_trust_anchor_file | server_add_holddown |
286 server_del_holddown | server_keep_missing | server_so_rcvbuf |
287 server_edns_buffer_size | server_prefetch | server_prefetch_key |
288 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
289 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
290 server_log_local_actions |
291 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
292 server_https_port | server_http_endpoint | server_http_max_streams |
293 server_http_query_buffer_size | server_http_response_buffer_size |
294 server_http_nodelay | server_http_notls_downstream |
295 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
296 server_so_reuseport | server_delay_close | server_udp_connect |
297 server_unblock_lan_zones | server_insecure_lan_zones |
298 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
299 server_nat64_prefix |
300 server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
301 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
302 server_ip_dscp | server_infra_keep_probing |
303 server_ip_ratelimit_slabs | server_ratelimit_slabs |
304 server_ip_ratelimit_size | server_ratelimit_size |
305 server_ratelimit_for_domain |
306 server_ratelimit_below_domain | server_ratelimit_factor |
307 server_ip_ratelimit_factor | server_ratelimit_backoff |
308 server_ip_ratelimit_backoff | server_outbound_msg_retry |
309 server_max_sent_count | server_max_query_restarts |
310 server_send_client_subnet | server_client_subnet_zone |
311 server_client_subnet_always_forward | server_client_subnet_opcode |
312 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
313 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
314 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
315 server_caps_whitelist | server_cache_max_negative_ttl |
316 server_cache_min_negative_ttl |
317 server_permit_small_holddown | server_qname_minimisation |
318 server_ip_freebind | server_define_tag | server_local_zone_tag |
319 server_disable_dnssec_lame_check | server_access_control_tag |
320 server_local_zone_override | server_access_control_tag_action |
321 server_access_control_tag_data | server_access_control_view |
322 server_interface_action | server_interface_view | server_interface_tag |
323 server_interface_tag_action | server_interface_tag_data |
324 server_qname_minimisation_strict |
325 server_pad_responses | server_pad_responses_block_size |
326 server_pad_queries | server_pad_queries_block_size |
327 server_serve_expired |
328 server_serve_expired_ttl | server_serve_expired_ttl_reset |
329 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
330 server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
331 server_log_identity | server_use_systemd |
332 server_response_ip_tag | server_response_ip | server_response_ip_data |
333 server_shm_enable | server_shm_key | server_fake_sha1 |
334 server_hide_trustanchor | server_trust_anchor_signaling |
335 server_root_key_sentinel |
336 server_ipsecmod_enabled | server_ipsecmod_hook |
337 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
338 server_ipsecmod_whitelist | server_ipsecmod_strict |
339 server_udp_upstream_without_downstream | server_aggressive_nsec |
340 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
341 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
342 server_tcp_connection_limit | server_log_servfail | server_deny_any |
343 server_unknown_server_time_limit | server_log_tag_queryreply |
344 server_discard_timeout | server_wait_limit | server_wait_limit_cookie |
345 server_wait_limit_netblock | server_wait_limit_cookie_netblock |
346 server_stream_wait_size | server_tls_ciphers |
347 server_tls_ciphersuites | server_tls_session_ticket_keys |
348 server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
349 server_tls_use_sni | server_edns_client_string |
350 server_edns_client_string_opcode | server_nsid |
351 server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
352 server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
353 server_quic_port | server_quic_size |
354 server_interface_automatic_ports | server_ede |
355 server_dns_error_reporting |
356 server_proxy_protocol_port | server_statistics_inhibit_zero |
357 server_harden_unknown_additional | server_disable_edns_do |
358 server_log_destaddr | server_cookie_secret_file |
359 server_iter_scrub_ns | server_iter_scrub_cname | server_max_global_quota |
360 server_harden_unverified_glue | server_log_time_iso | server_iter_scrub_promiscuous
361 ;
362 stub_clause: stubstart contents_stub
363 {
364 /* stub end */
365 if(cfg_parser->cfg->stubs &&
366 !cfg_parser->cfg->stubs->name)
367 yyerror("stub-zone without name");
368 }
369 ;
370 stubstart: VAR_STUB_ZONE
371 {
372 struct config_stub* s;
373 OUTYY(("\nP(stub_zone:)\n"));
374 cfg_parser->started_toplevel = 1;
375 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
376 if(s) {
377 s->next = cfg_parser->cfg->stubs;
378 cfg_parser->cfg->stubs = s;
379 } else {
380 yyerror("out of memory");
381 }
382 }
383 ;
384 contents_stub: contents_stub content_stub
385 | ;
386 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
387 stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
388 ;
389 forward_clause: forwardstart contents_forward
390 {
391 /* forward end */
392 if(cfg_parser->cfg->forwards &&
393 !cfg_parser->cfg->forwards->name)
394 yyerror("forward-zone without name");
395 }
396 ;
397 forwardstart: VAR_FORWARD_ZONE
398 {
399 struct config_stub* s;
400 OUTYY(("\nP(forward_zone:)\n"));
401 cfg_parser->started_toplevel = 1;
402 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
403 if(s) {
404 s->next = cfg_parser->cfg->forwards;
405 cfg_parser->cfg->forwards = s;
406 } else {
407 yyerror("out of memory");
408 }
409 }
410 ;
411 contents_forward: contents_forward content_forward
412 | ;
413 content_forward: forward_name | forward_host | forward_addr | forward_first |
414 forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
415 ;
416 view_clause: viewstart contents_view
417 {
418 /* view end */
419 if(cfg_parser->cfg->views &&
420 !cfg_parser->cfg->views->name)
421 yyerror("view without name");
422 }
423 ;
424 viewstart: VAR_VIEW
425 {
426 struct config_view* s;
427 OUTYY(("\nP(view:)\n"));
428 cfg_parser->started_toplevel = 1;
429 s = (struct config_view*)calloc(1, sizeof(struct config_view));
430 if(s) {
431 s->next = cfg_parser->cfg->views;
432 cfg_parser->cfg->views = s;
433 } else {
434 yyerror("out of memory");
435 }
436 }
437 ;
438 contents_view: contents_view content_view
439 | ;
440 content_view: view_name | view_local_zone | view_local_data | view_first |
441 view_response_ip | view_response_ip_data | view_local_data_ptr
442 ;
443 authstart: VAR_AUTH_ZONE
444 {
445 struct config_auth* s;
446 OUTYY(("\nP(auth_zone:)\n"));
447 cfg_parser->started_toplevel = 1;
448 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
449 if(s) {
450 s->next = cfg_parser->cfg->auths;
451 cfg_parser->cfg->auths = s;
452 /* defaults for auth zone */
453 s->for_downstream = 1;
454 s->for_upstream = 1;
455 s->fallback_enabled = 0;
456 s->zonemd_check = 0;
457 s->zonemd_reject_absence = 0;
458 s->isrpz = 0;
459 } else {
460 yyerror("out of memory");
461 }
462 }
463 ;
464 contents_auth: contents_auth content_auth
465 | ;
466 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
467 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
468 auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
469 ;
470
471 rpz_tag: VAR_TAGS STRING_ARG
472 {
473 uint8_t* bitlist;
474 size_t len = 0;
475 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
476 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
477 &len);
478 free($2);
479 if(!bitlist) {
480 yyerror("could not parse tags, (define-tag them first)");
481 }
482 if(bitlist) {
483 cfg_parser->cfg->auths->rpz_taglist = bitlist;
484 cfg_parser->cfg->auths->rpz_taglistlen = len;
485
486 }
487 }
488 ;
489
490 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
491 {
492 OUTYY(("P(rpz_action_override:%s)\n", $2));
493 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
494 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
495 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
496 yyerror("rpz-action-override action: expected nxdomain, "
497 "nodata, passthru, drop, cname or disabled");
498 free($2);
499 cfg_parser->cfg->auths->rpz_action_override = NULL;
500 }
501 else {
502 cfg_parser->cfg->auths->rpz_action_override = $2;
503 }
504 }
505 ;
506
507 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
508 {
509 OUTYY(("P(rpz_cname_override:%s)\n", $2));
510 free(cfg_parser->cfg->auths->rpz_cname);
511 cfg_parser->cfg->auths->rpz_cname = $2;
512 }
513 ;
514
515 rpz_log: VAR_RPZ_LOG STRING_ARG
516 {
517 OUTYY(("P(rpz_log:%s)\n", $2));
518 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
519 yyerror("expected yes or no.");
520 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
521 free($2);
522 }
523 ;
524
525 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
526 {
527 OUTYY(("P(rpz_log_name:%s)\n", $2));
528 free(cfg_parser->cfg->auths->rpz_log_name);
529 cfg_parser->cfg->auths->rpz_log_name = $2;
530 }
531 ;
532 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
533 {
534 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
535 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
536 yyerror("expected yes or no.");
537 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
538 free($2);
539 }
540 ;
541
542 rpzstart: VAR_RPZ
543 {
544 struct config_auth* s;
545 OUTYY(("\nP(rpz:)\n"));
546 cfg_parser->started_toplevel = 1;
547 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
548 if(s) {
549 s->next = cfg_parser->cfg->auths;
550 cfg_parser->cfg->auths = s;
551 /* defaults for RPZ auth zone */
552 s->for_downstream = 0;
553 s->for_upstream = 0;
554 s->fallback_enabled = 0;
555 s->isrpz = 1;
556 } else {
557 yyerror("out of memory");
558 }
559 }
560 ;
561 contents_rpz: contents_rpz content_rpz
562 | ;
563 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
564 auth_allow_notify | rpz_action_override | rpz_cname_override |
565 rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
566 ;
567 server_num_threads: VAR_NUM_THREADS STRING_ARG
568 {
569 OUTYY(("P(server_num_threads:%s)\n", $2));
570 if(atoi($2) == 0 && strcmp($2, "0") != 0)
571 yyerror("number expected");
572 else cfg_parser->cfg->num_threads = atoi($2);
573 free($2);
574 }
575 ;
576 server_verbosity: VAR_VERBOSITY STRING_ARG
577 {
578 OUTYY(("P(server_verbosity:%s)\n", $2));
579 if(atoi($2) == 0 && strcmp($2, "0") != 0)
580 yyerror("number expected");
581 else cfg_parser->cfg->verbosity = atoi($2);
582 free($2);
583 }
584 ;
585 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
586 {
587 OUTYY(("P(server_statistics_interval:%s)\n", $2));
588 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
589 cfg_parser->cfg->stat_interval = 0;
590 else if(atoi($2) == 0)
591 yyerror("number expected");
592 else cfg_parser->cfg->stat_interval = atoi($2);
593 free($2);
594 }
595 ;
596 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
597 {
598 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
599 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
600 yyerror("expected yes or no.");
601 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
602 free($2);
603 }
604 ;
605 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
606 {
607 OUTYY(("P(server_extended_statistics:%s)\n", $2));
608 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
609 yyerror("expected yes or no.");
610 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
611 free($2);
612 }
613 ;
614 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
615 {
616 OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
617 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
618 yyerror("expected yes or no.");
619 else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
620 free($2);
621 }
622 ;
623 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
624 {
625 OUTYY(("P(server_shm_enable:%s)\n", $2));
626 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
627 yyerror("expected yes or no.");
628 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
629 free($2);
630 }
631 ;
632 server_shm_key: VAR_SHM_KEY STRING_ARG
633 {
634 OUTYY(("P(server_shm_key:%s)\n", $2));
635 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
636 cfg_parser->cfg->shm_key = 0;
637 else if(atoi($2) == 0)
638 yyerror("number expected");
639 else cfg_parser->cfg->shm_key = atoi($2);
640 free($2);
641 }
642 ;
643 server_port: VAR_PORT STRING_ARG
644 {
645 OUTYY(("P(server_port:%s)\n", $2));
646 if(atoi($2) == 0)
647 yyerror("port number expected");
648 else cfg_parser->cfg->port = atoi($2);
649 free($2);
650 }
651 ;
652 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
653 {
654 #ifdef CLIENT_SUBNET
655 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
656 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
657 fatal_exit("out of memory adding client-subnet");
658 #else
659 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
660 free($2);
661 #endif
662 }
663 ;
664 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
665 {
666 #ifdef CLIENT_SUBNET
667 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
668 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
669 $2))
670 fatal_exit("out of memory adding client-subnet-zone");
671 #else
672 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
673 free($2);
674 #endif
675 }
676 ;
677 server_client_subnet_always_forward:
678 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
679 {
680 #ifdef CLIENT_SUBNET
681 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
682 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
683 yyerror("expected yes or no.");
684 else
685 cfg_parser->cfg->client_subnet_always_forward =
686 (strcmp($2, "yes")==0);
687 #else
688 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
689 #endif
690 free($2);
691 }
692 ;
693 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
694 {
695 #ifdef CLIENT_SUBNET
696 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
697 OUTYY(("P(Deprecated option, ignoring)\n"));
698 #else
699 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
700 #endif
701 free($2);
702 }
703 ;
704 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
705 {
706 #ifdef CLIENT_SUBNET
707 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
708 if(atoi($2) == 0 && strcmp($2, "0") != 0)
709 yyerror("IPv4 subnet length expected");
710 else if (atoi($2) > 32)
711 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
712 else if (atoi($2) < 0)
713 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
714 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
715 #else
716 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
717 #endif
718 free($2);
719 }
720 ;
721 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
722 {
723 #ifdef CLIENT_SUBNET
724 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
725 if(atoi($2) == 0 && strcmp($2, "0") != 0)
726 yyerror("Ipv6 subnet length expected");
727 else if (atoi($2) > 128)
728 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
729 else if (atoi($2) < 0)
730 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
731 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
732 #else
733 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
734 #endif
735 free($2);
736 }
737 ;
738 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
739 {
740 #ifdef CLIENT_SUBNET
741 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
742 if(atoi($2) == 0 && strcmp($2, "0") != 0)
743 yyerror("IPv4 subnet length expected");
744 else if (atoi($2) > 32)
745 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
746 else if (atoi($2) < 0)
747 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
748 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
749 #else
750 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
751 #endif
752 free($2);
753 }
754 ;
755 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
756 {
757 #ifdef CLIENT_SUBNET
758 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
759 if(atoi($2) == 0 && strcmp($2, "0") != 0)
760 yyerror("Ipv6 subnet length expected");
761 else if (atoi($2) > 128)
762 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
763 else if (atoi($2) < 0)
764 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
765 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
766 #else
767 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
768 #endif
769 free($2);
770 }
771 ;
772 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
773 {
774 #ifdef CLIENT_SUBNET
775 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
776 if(atoi($2) == 0 && strcmp($2, "0") != 0)
777 yyerror("IPv4 ECS tree size expected");
778 else if (atoi($2) < 0)
779 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
780 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
781 #else
782 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
783 #endif
784 free($2);
785 }
786 ;
787 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
788 {
789 #ifdef CLIENT_SUBNET
790 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
791 if(atoi($2) == 0 && strcmp($2, "0") != 0)
792 yyerror("IPv6 ECS tree size expected");
793 else if (atoi($2) < 0)
794 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
795 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
796 #else
797 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
798 #endif
799 free($2);
800 }
801 ;
802 server_interface: VAR_INTERFACE STRING_ARG
803 {
804 OUTYY(("P(server_interface:%s)\n", $2));
805 if(cfg_parser->cfg->num_ifs == 0)
806 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
807 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
808 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
809 if(!cfg_parser->cfg->ifs)
810 yyerror("out of memory");
811 else
812 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
813 }
814 ;
815 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
816 {
817 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
818 if(cfg_parser->cfg->num_out_ifs == 0)
819 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
820 else cfg_parser->cfg->out_ifs = realloc(
821 cfg_parser->cfg->out_ifs,
822 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
823 if(!cfg_parser->cfg->out_ifs)
824 yyerror("out of memory");
825 else
826 cfg_parser->cfg->out_ifs[
827 cfg_parser->cfg->num_out_ifs++] = $2;
828 }
829 ;
830 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
831 {
832 OUTYY(("P(server_outgoing_range:%s)\n", $2));
833 if(atoi($2) == 0)
834 yyerror("number expected");
835 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
836 free($2);
837 }
838 ;
839 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
840 {
841 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
842 if(!cfg_mark_ports($2, 1,
843 cfg_parser->cfg->outgoing_avail_ports, 65536))
844 yyerror("port number or range (\"low-high\") expected");
845 free($2);
846 }
847 ;
848 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
849 {
850 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
851 if(!cfg_mark_ports($2, 0,
852 cfg_parser->cfg->outgoing_avail_ports, 65536))
853 yyerror("port number or range (\"low-high\") expected");
854 free($2);
855 }
856 ;
857 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
858 {
859 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
860 if(atoi($2) == 0 && strcmp($2, "0") != 0)
861 yyerror("number expected");
862 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
863 free($2);
864 }
865 ;
866 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
867 {
868 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
869 if(atoi($2) == 0 && strcmp($2, "0") != 0)
870 yyerror("number expected");
871 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
872 free($2);
873 }
874 ;
875 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
876 {
877 OUTYY(("P(server_interface_automatic:%s)\n", $2));
878 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
879 yyerror("expected yes or no.");
880 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
881 free($2);
882 }
883 ;
884 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
885 {
886 OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
887 free(cfg_parser->cfg->if_automatic_ports);
888 cfg_parser->cfg->if_automatic_ports = $2;
889 }
890 ;
891 server_do_ip4: VAR_DO_IP4 STRING_ARG
892 {
893 OUTYY(("P(server_do_ip4:%s)\n", $2));
894 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
895 yyerror("expected yes or no.");
896 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
897 free($2);
898 }
899 ;
900 server_do_ip6: VAR_DO_IP6 STRING_ARG
901 {
902 OUTYY(("P(server_do_ip6:%s)\n", $2));
903 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
904 yyerror("expected yes or no.");
905 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
906 free($2);
907 }
908 ;
909 server_do_nat64: VAR_DO_NAT64 STRING_ARG
910 {
911 OUTYY(("P(server_do_nat64:%s)\n", $2));
912 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
913 yyerror("expected yes or no.");
914 else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
915 free($2);
916 }
917 ;
918 server_do_udp: VAR_DO_UDP STRING_ARG
919 {
920 OUTYY(("P(server_do_udp:%s)\n", $2));
921 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
922 yyerror("expected yes or no.");
923 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
924 free($2);
925 }
926 ;
927 server_do_tcp: VAR_DO_TCP STRING_ARG
928 {
929 OUTYY(("P(server_do_tcp:%s)\n", $2));
930 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
931 yyerror("expected yes or no.");
932 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
933 free($2);
934 }
935 ;
936 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
937 {
938 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
939 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
940 yyerror("expected yes or no.");
941 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
942 free($2);
943 }
944 ;
945 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
946 {
947 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
948 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
949 yyerror("expected yes or no.");
950 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
951 free($2);
952 }
953 ;
954 server_tcp_mss: VAR_TCP_MSS STRING_ARG
955 {
956 OUTYY(("P(server_tcp_mss:%s)\n", $2));
957 if(atoi($2) == 0 && strcmp($2, "0") != 0)
958 yyerror("number expected");
959 else cfg_parser->cfg->tcp_mss = atoi($2);
960 free($2);
961 }
962 ;
963 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
964 {
965 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
966 if(atoi($2) == 0 && strcmp($2, "0") != 0)
967 yyerror("number expected");
968 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
969 free($2);
970 }
971 ;
972 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
973 {
974 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
975 if(atoi($2) == 0 && strcmp($2, "0") != 0)
976 yyerror("number expected");
977 else if (atoi($2) > 120000)
978 cfg_parser->cfg->tcp_idle_timeout = 120000;
979 else if (atoi($2) < 1)
980 cfg_parser->cfg->tcp_idle_timeout = 1;
981 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
982 free($2);
983 }
984 ;
985 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
986 {
987 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
988 if(atoi($2) == 0 && strcmp($2, "0") != 0)
989 yyerror("number expected");
990 else if (atoi($2) < 1)
991 cfg_parser->cfg->max_reuse_tcp_queries = 0;
992 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
993 free($2);
994 }
995 ;
996 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
997 {
998 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
999 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1000 yyerror("number expected");
1001 else if (atoi($2) < 1)
1002 cfg_parser->cfg->tcp_reuse_timeout = 0;
1003 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
1004 free($2);
1005 }
1006 ;
1007 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
1008 {
1009 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
1010 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1011 yyerror("number expected");
1012 else if (atoi($2) < 1)
1013 cfg_parser->cfg->tcp_auth_query_timeout = 0;
1014 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
1015 free($2);
1016 }
1017 ;
1018 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
1019 {
1020 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
1021 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1022 yyerror("expected yes or no.");
1023 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
1024 free($2);
1025 }
1026 ;
1027 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
1028 {
1029 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
1030 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1031 yyerror("number expected");
1032 else if (atoi($2) > 6553500)
1033 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
1034 else if (atoi($2) < 1)
1035 cfg_parser->cfg->tcp_keepalive_timeout = 0;
1036 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
1037 free($2);
1038 }
1039 ;
1040 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
1041 {
1042 OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
1043 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1044 yyerror("number expected");
1045 else if (atoi($2) > 6553500)
1046 cfg_parser->cfg->sock_queue_timeout = 6553500;
1047 else if (atoi($2) < 1)
1048 cfg_parser->cfg->sock_queue_timeout = 0;
1049 else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1050 free($2);
1051 }
1052 ;
1053 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1054 {
1055 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1056 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1057 yyerror("expected yes or no.");
1058 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1059 free($2);
1060 }
1061 ;
1062 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1063 {
1064 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1065 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1066 yyerror("expected yes or no.");
1067 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1068 free($2);
1069 }
1070 ;
1071 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1072 {
1073 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1074 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1075 yyerror("expected yes or no.");
1076 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1077 free($2);
1078 }
1079 ;
1080 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1081 {
1082 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1083 free(cfg_parser->cfg->ssl_service_key);
1084 cfg_parser->cfg->ssl_service_key = $2;
1085 }
1086 ;
1087 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1088 {
1089 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1090 free(cfg_parser->cfg->ssl_service_pem);
1091 cfg_parser->cfg->ssl_service_pem = $2;
1092 }
1093 ;
1094 server_ssl_port: VAR_SSL_PORT STRING_ARG
1095 {
1096 OUTYY(("P(server_ssl_port:%s)\n", $2));
1097 if(atoi($2) == 0)
1098 yyerror("port number expected");
1099 else cfg_parser->cfg->ssl_port = atoi($2);
1100 free($2);
1101 }
1102 ;
1103 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1104 {
1105 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1106 free(cfg_parser->cfg->tls_cert_bundle);
1107 cfg_parser->cfg->tls_cert_bundle = $2;
1108 }
1109 ;
1110 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1111 {
1112 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1113 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1114 yyerror("expected yes or no.");
1115 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1116 free($2);
1117 }
1118 ;
1119 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1120 {
1121 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1122 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1123 $2))
1124 yyerror("out of memory");
1125 }
1126 ;
1127 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1128 {
1129 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1130 free(cfg_parser->cfg->tls_ciphers);
1131 cfg_parser->cfg->tls_ciphers = $2;
1132 }
1133 ;
1134 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1135 {
1136 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1137 free(cfg_parser->cfg->tls_ciphersuites);
1138 cfg_parser->cfg->tls_ciphersuites = $2;
1139 }
1140 ;
1141 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1142 {
1143 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1144 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1145 $2))
1146 yyerror("out of memory");
1147 }
1148 ;
1149 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1150 {
1151 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1152 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1153 yyerror("expected yes or no.");
1154 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1155 free($2);
1156 }
1157 ;
1158 server_https_port: VAR_HTTPS_PORT STRING_ARG
1159 {
1160 OUTYY(("P(server_https_port:%s)\n", $2));
1161 if(atoi($2) == 0)
1162 yyerror("port number expected");
1163 else cfg_parser->cfg->https_port = atoi($2);
1164 free($2);
1165 };
1166 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1167 {
1168 OUTYY(("P(server_http_endpoint:%s)\n", $2));
1169 free(cfg_parser->cfg->http_endpoint);
1170 if($2 && $2[0] != '/') {
1171 cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1172 if(cfg_parser->cfg->http_endpoint) {
1173 cfg_parser->cfg->http_endpoint[0] = '/';
1174 memmove(cfg_parser->cfg->http_endpoint+1, $2,
1175 strlen($2)+1);
1176 } else {
1177 yyerror("out of memory");
1178 }
1179 free($2);
1180 } else {
1181 cfg_parser->cfg->http_endpoint = $2;
1182 }
1183 };
1184 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1185 {
1186 OUTYY(("P(server_http_max_streams:%s)\n", $2));
1187 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1188 yyerror("number expected");
1189 else cfg_parser->cfg->http_max_streams = atoi($2);
1190 free($2);
1191 };
1192 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1193 {
1194 OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1195 if(!cfg_parse_memsize($2,
1196 &cfg_parser->cfg->http_query_buffer_size))
1197 yyerror("memory size expected");
1198 free($2);
1199 };
1200 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1201 {
1202 OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1203 if(!cfg_parse_memsize($2,
1204 &cfg_parser->cfg->http_response_buffer_size))
1205 yyerror("memory size expected");
1206 free($2);
1207 };
1208 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1209 {
1210 OUTYY(("P(server_http_nodelay:%s)\n", $2));
1211 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1212 yyerror("expected yes or no.");
1213 else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1214 free($2);
1215 };
1216 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1217 {
1218 OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1219 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1220 yyerror("expected yes or no.");
1221 else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1222 free($2);
1223 };
1224 server_quic_port: VAR_QUIC_PORT STRING_ARG
1225 {
1226 OUTYY(("P(server_quic_port:%s)\n", $2));
1227 #ifndef HAVE_NGTCP2
1228 log_warn("%s:%d: Unbound is not compiled with "
1229 "ngtcp2. This is required to use DNS "
1230 "over QUIC.", cfg_parser->filename, cfg_parser->line);
1231 #endif
1232 if(atoi($2) == 0)
1233 yyerror("port number expected");
1234 else cfg_parser->cfg->quic_port = atoi($2);
1235 free($2);
1236 };
1237 server_quic_size: VAR_QUIC_SIZE STRING_ARG
1238 {
1239 OUTYY(("P(server_quic_size:%s)\n", $2));
1240 if(!cfg_parse_memsize($2, &cfg_parser->cfg->quic_size))
1241 yyerror("memory size expected");
1242 free($2);
1243 };
1244 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1245 {
1246 OUTYY(("P(server_use_systemd:%s)\n", $2));
1247 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1248 yyerror("expected yes or no.");
1249 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1250 free($2);
1251 }
1252 ;
1253 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1254 {
1255 OUTYY(("P(server_do_daemonize:%s)\n", $2));
1256 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1257 yyerror("expected yes or no.");
1258 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1259 free($2);
1260 }
1261 ;
1262 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1263 {
1264 OUTYY(("P(server_use_syslog:%s)\n", $2));
1265 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1266 yyerror("expected yes or no.");
1267 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1268 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1269 if(strcmp($2, "yes") == 0)
1270 yyerror("no syslog services are available. "
1271 "(reconfigure and compile to add)");
1272 #endif
1273 free($2);
1274 }
1275 ;
1276 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1277 {
1278 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1279 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1280 yyerror("expected yes or no.");
1281 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1282 free($2);
1283 }
1284 ;
1285 server_log_time_iso: VAR_LOG_TIME_ISO STRING_ARG
1286 {
1287 OUTYY(("P(server_log_time_iso:%s)\n", $2));
1288 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1289 yyerror("expected yes or no.");
1290 else cfg_parser->cfg->log_time_iso = (strcmp($2, "yes")==0);
1291 free($2);
1292 }
1293 ;
1294 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1295 {
1296 OUTYY(("P(server_log_queries:%s)\n", $2));
1297 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1298 yyerror("expected yes or no.");
1299 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1300 free($2);
1301 }
1302 ;
1303 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1304 {
1305 OUTYY(("P(server_log_replies:%s)\n", $2));
1306 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1307 yyerror("expected yes or no.");
1308 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1309 free($2);
1310 }
1311 ;
1312 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1313 {
1314 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1315 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1316 yyerror("expected yes or no.");
1317 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1318 free($2);
1319 }
1320 ;
1321 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1322 {
1323 OUTYY(("P(server_log_servfail:%s)\n", $2));
1324 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1325 yyerror("expected yes or no.");
1326 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1327 free($2);
1328 }
1329 ;
1330 server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG
1331 {
1332 OUTYY(("P(server_log_destaddr:%s)\n", $2));
1333 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1334 yyerror("expected yes or no.");
1335 else cfg_parser->cfg->log_destaddr = (strcmp($2, "yes")==0);
1336 free($2);
1337 }
1338 ;
1339 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1340 {
1341 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1342 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1343 yyerror("expected yes or no.");
1344 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1345 free($2);
1346 }
1347 ;
1348 server_chroot: VAR_CHROOT STRING_ARG
1349 {
1350 OUTYY(("P(server_chroot:%s)\n", $2));
1351 free(cfg_parser->cfg->chrootdir);
1352 cfg_parser->cfg->chrootdir = $2;
1353 }
1354 ;
1355 server_username: VAR_USERNAME STRING_ARG
1356 {
1357 OUTYY(("P(server_username:%s)\n", $2));
1358 free(cfg_parser->cfg->username);
1359 cfg_parser->cfg->username = $2;
1360 }
1361 ;
1362 server_directory: VAR_DIRECTORY STRING_ARG
1363 {
1364 OUTYY(("P(server_directory:%s)\n", $2));
1365 free(cfg_parser->cfg->directory);
1366 cfg_parser->cfg->directory = $2;
1367 /* change there right away for includes relative to this */
1368 if($2[0]) {
1369 char* d;
1370 #ifdef UB_ON_WINDOWS
1371 w_config_adjust_directory(cfg_parser->cfg);
1372 #endif
1373 d = cfg_parser->cfg->directory;
1374 /* adjust directory if we have already chroot,
1375 * like, we reread after sighup */
1376 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1377 strncmp(d, cfg_parser->chroot, strlen(
1378 cfg_parser->chroot)) == 0)
1379 d += strlen(cfg_parser->chroot);
1380 if(d[0]) {
1381 if(chdir(d))
1382 log_err("cannot chdir to directory: %s (%s)",
1383 d, strerror(errno));
1384 }
1385 }
1386 }
1387 ;
1388 server_logfile: VAR_LOGFILE STRING_ARG
1389 {
1390 OUTYY(("P(server_logfile:%s)\n", $2));
1391 free(cfg_parser->cfg->logfile);
1392 cfg_parser->cfg->logfile = $2;
1393 cfg_parser->cfg->use_syslog = 0;
1394 }
1395 ;
1396 server_pidfile: VAR_PIDFILE STRING_ARG
1397 {
1398 OUTYY(("P(server_pidfile:%s)\n", $2));
1399 free(cfg_parser->cfg->pidfile);
1400 cfg_parser->cfg->pidfile = $2;
1401 }
1402 ;
1403 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1404 {
1405 OUTYY(("P(server_root_hints:%s)\n", $2));
1406 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1407 yyerror("out of memory");
1408 }
1409 ;
1410 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1411 {
1412 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1413 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1414 free($2);
1415 }
1416 ;
1417 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1418 {
1419 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1420 log_warn("option dlv-anchor ignored: DLV is decommissioned");
1421 free($2);
1422 }
1423 ;
1424 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1425 {
1426 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1427 if(!cfg_strlist_insert(&cfg_parser->cfg->
1428 auto_trust_anchor_file_list, $2))
1429 yyerror("out of memory");
1430 }
1431 ;
1432 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1433 {
1434 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1435 if(!cfg_strlist_insert(&cfg_parser->cfg->
1436 trust_anchor_file_list, $2))
1437 yyerror("out of memory");
1438 }
1439 ;
1440 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1441 {
1442 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1443 if(!cfg_strlist_insert(&cfg_parser->cfg->
1444 trusted_keys_file_list, $2))
1445 yyerror("out of memory");
1446 }
1447 ;
1448 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1449 {
1450 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1451 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1452 yyerror("out of memory");
1453 }
1454 ;
1455 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1456 {
1457 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1458 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1459 yyerror("expected yes or no.");
1460 else
1461 cfg_parser->cfg->trust_anchor_signaling =
1462 (strcmp($2, "yes")==0);
1463 free($2);
1464 }
1465 ;
1466 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1467 {
1468 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1469 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1470 yyerror("expected yes or no.");
1471 else
1472 cfg_parser->cfg->root_key_sentinel =
1473 (strcmp($2, "yes")==0);
1474 free($2);
1475 }
1476 ;
1477 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1478 {
1479 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1480 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1481 yyerror("out of memory");
1482 }
1483 ;
1484 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1485 {
1486 OUTYY(("P(server_hide_identity:%s)\n", $2));
1487 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1488 yyerror("expected yes or no.");
1489 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1490 free($2);
1491 }
1492 ;
1493 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1494 {
1495 OUTYY(("P(server_hide_version:%s)\n", $2));
1496 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1497 yyerror("expected yes or no.");
1498 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1499 free($2);
1500 }
1501 ;
1502 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1503 {
1504 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1505 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1506 yyerror("expected yes or no.");
1507 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1508 free($2);
1509 }
1510 ;
1511 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1512 {
1513 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1514 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1515 yyerror("expected yes or no.");
1516 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1517 free($2);
1518 }
1519 ;
1520 server_identity: VAR_IDENTITY STRING_ARG
1521 {
1522 OUTYY(("P(server_identity:%s)\n", $2));
1523 free(cfg_parser->cfg->identity);
1524 cfg_parser->cfg->identity = $2;
1525 }
1526 ;
1527 server_version: VAR_VERSION STRING_ARG
1528 {
1529 OUTYY(("P(server_version:%s)\n", $2));
1530 free(cfg_parser->cfg->version);
1531 cfg_parser->cfg->version = $2;
1532 }
1533 ;
1534 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1535 {
1536 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1537 free(cfg_parser->cfg->http_user_agent);
1538 cfg_parser->cfg->http_user_agent = $2;
1539 }
1540 ;
1541 server_nsid: VAR_NSID STRING_ARG
1542 {
1543 OUTYY(("P(server_nsid:%s)\n", $2));
1544 free(cfg_parser->cfg->nsid_cfg_str);
1545 cfg_parser->cfg->nsid_cfg_str = $2;
1546 free(cfg_parser->cfg->nsid);
1547 cfg_parser->cfg->nsid = NULL;
1548 cfg_parser->cfg->nsid_len = 0;
1549 if (*$2 == 0)
1550 ; /* pass; empty string is not setting nsid */
1551 else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1552 $2, &cfg_parser->cfg->nsid_len)))
1553 yyerror("the NSID must be either a hex string or an "
1554 "ascii character string prepended with ascii_.");
1555 }
1556 ;
1557 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1558 {
1559 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1560 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1561 yyerror("buffer size expected");
1562 free($2);
1563 }
1564 ;
1565 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1566 {
1567 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1568 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1569 yyerror("buffer size expected");
1570 free($2);
1571 }
1572 ;
1573 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1574 {
1575 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1576 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1577 yyerror("expected yes or no.");
1578 else cfg_parser->cfg->so_reuseport =
1579 (strcmp($2, "yes")==0);
1580 free($2);
1581 }
1582 ;
1583 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1584 {
1585 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1586 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1587 yyerror("expected yes or no.");
1588 else cfg_parser->cfg->ip_transparent =
1589 (strcmp($2, "yes")==0);
1590 free($2);
1591 }
1592 ;
1593 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1594 {
1595 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1596 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1597 yyerror("expected yes or no.");
1598 else cfg_parser->cfg->ip_freebind =
1599 (strcmp($2, "yes")==0);
1600 free($2);
1601 }
1602 ;
1603 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1604 {
1605 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1606 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1607 yyerror("number expected");
1608 else if (atoi($2) > 63)
1609 yyerror("value too large (max 63)");
1610 else if (atoi($2) < 0)
1611 yyerror("value too small (min 0)");
1612 else
1613 cfg_parser->cfg->ip_dscp = atoi($2);
1614 free($2);
1615 }
1616 ;
1617 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1618 {
1619 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1620 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1621 yyerror("memory size expected");
1622 free($2);
1623 }
1624 ;
1625 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1626 {
1627 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1628 if(atoi($2) == 0)
1629 yyerror("number expected");
1630 else if (atoi($2) < 12)
1631 yyerror("edns buffer size too small");
1632 else if (atoi($2) > 65535)
1633 cfg_parser->cfg->edns_buffer_size = 65535;
1634 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1635 free($2);
1636 }
1637 ;
1638 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1639 {
1640 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1641 if(atoi($2) == 0)
1642 yyerror("number expected");
1643 else if (atoi($2) < 4096)
1644 yyerror("message buffer size too small (use 4096)");
1645 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1646 free($2);
1647 }
1648 ;
1649 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1650 {
1651 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1652 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1653 yyerror("memory size expected");
1654 free($2);
1655 }
1656 ;
1657 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1658 {
1659 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1660 if(atoi($2) == 0) {
1661 yyerror("number expected");
1662 } else {
1663 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1664 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1665 yyerror("must be a power of 2");
1666 }
1667 free($2);
1668 }
1669 ;
1670 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1671 {
1672 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1673 if(atoi($2) == 0)
1674 yyerror("number expected");
1675 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1676 free($2);
1677 }
1678 ;
1679 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1680 {
1681 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1682 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1683 yyerror("number expected");
1684 else cfg_parser->cfg->jostle_time = atoi($2);
1685 free($2);
1686 }
1687 ;
1688 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1689 {
1690 OUTYY(("P(server_delay_close:%s)\n", $2));
1691 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1692 yyerror("number expected");
1693 else cfg_parser->cfg->delay_close = atoi($2);
1694 free($2);
1695 }
1696 ;
1697 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1698 {
1699 OUTYY(("P(server_udp_connect:%s)\n", $2));
1700 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1701 yyerror("expected yes or no.");
1702 else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1703 free($2);
1704 }
1705 ;
1706 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1707 {
1708 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1709 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1710 yyerror("expected yes or no.");
1711 else cfg_parser->cfg->unblock_lan_zones =
1712 (strcmp($2, "yes")==0);
1713 free($2);
1714 }
1715 ;
1716 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1717 {
1718 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1719 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1720 yyerror("expected yes or no.");
1721 else cfg_parser->cfg->insecure_lan_zones =
1722 (strcmp($2, "yes")==0);
1723 free($2);
1724 }
1725 ;
1726 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1727 {
1728 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1729 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1730 yyerror("memory size expected");
1731 free($2);
1732 }
1733 ;
1734 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1735 {
1736 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1737 if(atoi($2) == 0) {
1738 yyerror("number expected");
1739 } else {
1740 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1741 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1742 yyerror("must be a power of 2");
1743 }
1744 free($2);
1745 }
1746 ;
1747 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1748 {
1749 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1750 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1751 yyerror("number expected");
1752 else cfg_parser->cfg->host_ttl = atoi($2);
1753 free($2);
1754 }
1755 ;
1756 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1757 {
1758 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1759 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1760 "removed, use infra-host-ttl)", $2);
1761 free($2);
1762 }
1763 ;
1764 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1765 {
1766 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1767 if(atoi($2) == 0)
1768 yyerror("number expected");
1769 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1770 free($2);
1771 }
1772 ;
1773 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1774 {
1775 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1776 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1777 "(option removed, use infra-cache-numhosts)", $2);
1778 free($2);
1779 }
1780 ;
1781 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1782 {
1783 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1784 if(atoi($2) == 0) {
1785 yyerror("number expected");
1786 } else {
1787 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1788 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1789 yyerror("must be a power of 2");
1790 }
1791 free($2);
1792 }
1793 ;
1794 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1795 {
1796 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1797 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1798 yyerror("number expected");
1799 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1800 free($2);
1801 }
1802 ;
1803 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1804 {
1805 OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1806 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1807 yyerror("number expected");
1808 else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1809 free($2);
1810 }
1811 ;
1812 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1813 {
1814 OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1815 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1816 yyerror("expected yes or no.");
1817 else cfg_parser->cfg->infra_keep_probing =
1818 (strcmp($2, "yes")==0);
1819 free($2);
1820 }
1821 ;
1822 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1823 {
1824 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1825 free(cfg_parser->cfg->target_fetch_policy);
1826 cfg_parser->cfg->target_fetch_policy = $2;
1827 }
1828 ;
1829 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1830 {
1831 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1832 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1833 yyerror("expected yes or no.");
1834 else cfg_parser->cfg->harden_short_bufsize =
1835 (strcmp($2, "yes")==0);
1836 free($2);
1837 }
1838 ;
1839 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1840 {
1841 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1842 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1843 yyerror("expected yes or no.");
1844 else cfg_parser->cfg->harden_large_queries =
1845 (strcmp($2, "yes")==0);
1846 free($2);
1847 }
1848 ;
1849 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1850 {
1851 OUTYY(("P(server_harden_glue:%s)\n", $2));
1852 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1853 yyerror("expected yes or no.");
1854 else cfg_parser->cfg->harden_glue =
1855 (strcmp($2, "yes")==0);
1856 free($2);
1857 }
1858 ;
1859 server_harden_unverified_glue: VAR_HARDEN_UNVERIFIED_GLUE STRING_ARG
1860 {
1861 OUTYY(("P(server_harden_unverified_glue:%s)\n", $2));
1862 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1863 yyerror("expected yes or no.");
1864 else cfg_parser->cfg->harden_unverified_glue =
1865 (strcmp($2, "yes")==0);
1866 free($2);
1867 }
1868 ;
1869 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1870 {
1871 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1872 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1873 yyerror("expected yes or no.");
1874 else cfg_parser->cfg->harden_dnssec_stripped =
1875 (strcmp($2, "yes")==0);
1876 free($2);
1877 }
1878 ;
1879 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1880 {
1881 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1882 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1883 yyerror("expected yes or no.");
1884 else cfg_parser->cfg->harden_below_nxdomain =
1885 (strcmp($2, "yes")==0);
1886 free($2);
1887 }
1888 ;
1889 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1890 {
1891 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1892 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1893 yyerror("expected yes or no.");
1894 else cfg_parser->cfg->harden_referral_path =
1895 (strcmp($2, "yes")==0);
1896 free($2);
1897 }
1898 ;
1899 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1900 {
1901 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1902 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1903 yyerror("expected yes or no.");
1904 else cfg_parser->cfg->harden_algo_downgrade =
1905 (strcmp($2, "yes")==0);
1906 free($2);
1907 }
1908 ;
1909 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1910 {
1911 OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1912 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1913 yyerror("expected yes or no.");
1914 else cfg_parser->cfg->harden_unknown_additional =
1915 (strcmp($2, "yes")==0);
1916 free($2);
1917 }
1918 ;
1919 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1920 {
1921 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1922 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1923 yyerror("expected yes or no.");
1924 else cfg_parser->cfg->use_caps_bits_for_id =
1925 (strcmp($2, "yes")==0);
1926 free($2);
1927 }
1928 ;
1929 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1930 {
1931 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1932 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1933 yyerror("out of memory");
1934 }
1935 ;
1936 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1937 {
1938 OUTYY(("P(server_private_address:%s)\n", $2));
1939 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1940 yyerror("out of memory");
1941 }
1942 ;
1943 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1944 {
1945 OUTYY(("P(server_private_domain:%s)\n", $2));
1946 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1947 yyerror("out of memory");
1948 }
1949 ;
1950 server_prefetch: VAR_PREFETCH STRING_ARG
1951 {
1952 OUTYY(("P(server_prefetch:%s)\n", $2));
1953 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1954 yyerror("expected yes or no.");
1955 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1956 free($2);
1957 }
1958 ;
1959 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1960 {
1961 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1962 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1963 yyerror("expected yes or no.");
1964 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1965 free($2);
1966 }
1967 ;
1968 server_deny_any: VAR_DENY_ANY STRING_ARG
1969 {
1970 OUTYY(("P(server_deny_any:%s)\n", $2));
1971 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1972 yyerror("expected yes or no.");
1973 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1974 free($2);
1975 }
1976 ;
1977 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1978 {
1979 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1980 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1981 yyerror("number expected");
1982 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1983 free($2);
1984 }
1985 ;
1986 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1987 {
1988 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1989 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1990 yyerror("out of memory");
1991 }
1992 ;
1993 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1994 {
1995 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1996 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1997 yyerror("expected yes or no.");
1998 else cfg_parser->cfg->donotquery_localhost =
1999 (strcmp($2, "yes")==0);
2000 free($2);
2001 }
2002 ;
2003 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
2004 {
2005 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
2006 validate_acl_action($3);
2007 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
2008 fatal_exit("out of memory adding acl");
2009 }
2010 ;
2011 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
2012 {
2013 OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
2014 validate_acl_action($3);
2015 if(!cfg_str2list_insert(
2016 &cfg_parser->cfg->interface_actions, $2, $3))
2017 fatal_exit("out of memory adding acl");
2018 }
2019 ;
2020 server_module_conf: VAR_MODULE_CONF STRING_ARG
2021 {
2022 OUTYY(("P(server_module_conf:%s)\n", $2));
2023 free(cfg_parser->cfg->module_conf);
2024 cfg_parser->cfg->module_conf = $2;
2025 }
2026 ;
2027 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
2028 {
2029 OUTYY(("P(server_val_override_date:%s)\n", $2));
2030 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2031 cfg_parser->cfg->val_date_override = 0;
2032 } else if(strlen($2) == 14) {
2033 cfg_parser->cfg->val_date_override =
2034 cfg_convert_timeval($2);
2035 if(!cfg_parser->cfg->val_date_override)
2036 yyerror("bad date/time specification");
2037 } else {
2038 if(atoi($2) == 0)
2039 yyerror("number expected");
2040 cfg_parser->cfg->val_date_override = atoi($2);
2041 }
2042 free($2);
2043 }
2044 ;
2045 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
2046 {
2047 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
2048 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2049 cfg_parser->cfg->val_sig_skew_min = 0;
2050 } else {
2051 cfg_parser->cfg->val_sig_skew_min = atoi($2);
2052 if(!cfg_parser->cfg->val_sig_skew_min)
2053 yyerror("number expected");
2054 }
2055 free($2);
2056 }
2057 ;
2058 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
2059 {
2060 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
2061 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2062 cfg_parser->cfg->val_sig_skew_max = 0;
2063 } else {
2064 cfg_parser->cfg->val_sig_skew_max = atoi($2);
2065 if(!cfg_parser->cfg->val_sig_skew_max)
2066 yyerror("number expected");
2067 }
2068 free($2);
2069 }
2070 ;
2071 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
2072 {
2073 OUTYY(("P(server_val_max_restart:%s)\n", $2));
2074 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2075 cfg_parser->cfg->val_max_restart = 0;
2076 } else {
2077 cfg_parser->cfg->val_max_restart = atoi($2);
2078 if(!cfg_parser->cfg->val_max_restart)
2079 yyerror("number expected");
2080 }
2081 free($2);
2082 }
2083 ;
2084 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
2085 {
2086 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
2087 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2088 yyerror("number expected");
2089 else cfg_parser->cfg->max_ttl = atoi($2);
2090 free($2);
2091 }
2092 ;
2093 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
2094 {
2095 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2096 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2097 yyerror("number expected");
2098 else cfg_parser->cfg->max_negative_ttl = atoi($2);
2099 free($2);
2100 }
2101 ;
2102 server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG
2103 {
2104 OUTYY(("P(server_cache_min_negative_ttl:%s)\n", $2));
2105 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2106 yyerror("number expected");
2107 else cfg_parser->cfg->min_negative_ttl = atoi($2);
2108 free($2);
2109 }
2110 ;
2111 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2112 {
2113 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2114 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2115 yyerror("number expected");
2116 else cfg_parser->cfg->min_ttl = atoi($2);
2117 free($2);
2118 }
2119 ;
2120 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2121 {
2122 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2123 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2124 yyerror("number expected");
2125 else cfg_parser->cfg->bogus_ttl = atoi($2);
2126 free($2);
2127 }
2128 ;
2129 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2130 {
2131 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2132 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2133 yyerror("expected yes or no.");
2134 else cfg_parser->cfg->val_clean_additional =
2135 (strcmp($2, "yes")==0);
2136 free($2);
2137 }
2138 ;
2139 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2140 {
2141 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2142 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2143 yyerror("expected yes or no.");
2144 else cfg_parser->cfg->val_permissive_mode =
2145 (strcmp($2, "yes")==0);
2146 free($2);
2147 }
2148 ;
2149 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2150 {
2151 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2152 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2153 yyerror("expected yes or no.");
2154 else
2155 cfg_parser->cfg->aggressive_nsec =
2156 (strcmp($2, "yes")==0);
2157 free($2);
2158 }
2159 ;
2160 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2161 {
2162 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2163 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2164 yyerror("expected yes or no.");
2165 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2166 free($2);
2167 }
2168 ;
2169 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2170 {
2171 OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2172 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2173 yyerror("expected yes or no.");
2174 else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2175 free($2);
2176 }
2177 ;
2178 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2179 {
2180 OUTYY(("P(server_serve_expired:%s)\n", $2));
2181 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2182 yyerror("expected yes or no.");
2183 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2184 free($2);
2185 }
2186 ;
2187 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2188 {
2189 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2190 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2191 yyerror("number expected");
2192 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2193 free($2);
2194 }
2195 ;
2196 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2197 {
2198 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2199 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2200 yyerror("expected yes or no.");
2201 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2202 free($2);
2203 }
2204 ;
2205 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2206 {
2207 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2208 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2209 yyerror("number expected");
2210 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2211 free($2);
2212 }
2213 ;
2214 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2215 {
2216 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2217 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2218 yyerror("number expected");
2219 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2220 free($2);
2221 }
2222 ;
2223 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2224 {
2225 OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2226 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2227 yyerror("expected yes or no.");
2228 else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2229 free($2);
2230 }
2231 ;
2232 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2233 {
2234 OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2235 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2236 yyerror("expected yes or no.");
2237 else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2238 free($2);
2239 }
2240 ;
2241 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2242 {
2243 OUTYY(("P(server_fake_dsa:%s)\n", $2));
2244 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2245 yyerror("expected yes or no.");
2246 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2247 else fake_dsa = (strcmp($2, "yes")==0);
2248 if(fake_dsa)
2249 log_warn("test option fake_dsa is enabled");
2250 #endif
2251 free($2);
2252 }
2253 ;
2254 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2255 {
2256 OUTYY(("P(server_fake_sha1:%s)\n", $2));
2257 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2258 yyerror("expected yes or no.");
2259 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2260 else fake_sha1 = (strcmp($2, "yes")==0);
2261 if(fake_sha1)
2262 log_warn("test option fake_sha1 is enabled");
2263 #endif
2264 free($2);
2265 }
2266 ;
2267 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2268 {
2269 OUTYY(("P(server_val_log_level:%s)\n", $2));
2270 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2271 yyerror("number expected");
2272 else cfg_parser->cfg->val_log_level = atoi($2);
2273 free($2);
2274 }
2275 ;
2276 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2277 {
2278 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2279 free(cfg_parser->cfg->val_nsec3_key_iterations);
2280 cfg_parser->cfg->val_nsec3_key_iterations = $2;
2281 }
2282 ;
2283 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2284 {
2285 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2286 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2287 yyerror("expected yes or no.");
2288 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2289 free($2);
2290 }
2291 ;
2292 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2293 {
2294 OUTYY(("P(server_add_holddown:%s)\n", $2));
2295 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2296 yyerror("number expected");
2297 else cfg_parser->cfg->add_holddown = atoi($2);
2298 free($2);
2299 }
2300 ;
2301 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2302 {
2303 OUTYY(("P(server_del_holddown:%s)\n", $2));
2304 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2305 yyerror("number expected");
2306 else cfg_parser->cfg->del_holddown = atoi($2);
2307 free($2);
2308 }
2309 ;
2310 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2311 {
2312 OUTYY(("P(server_keep_missing:%s)\n", $2));
2313 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2314 yyerror("number expected");
2315 else cfg_parser->cfg->keep_missing = atoi($2);
2316 free($2);
2317 }
2318 ;
2319 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2320 {
2321 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2322 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2323 yyerror("expected yes or no.");
2324 else cfg_parser->cfg->permit_small_holddown =
2325 (strcmp($2, "yes")==0);
2326 free($2);
2327 }
2328 ;
2329 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2330 {
2331 OUTYY(("P(server_key_cache_size:%s)\n", $2));
2332 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2333 yyerror("memory size expected");
2334 free($2);
2335 }
2336 ;
2337 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2338 {
2339 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2340 if(atoi($2) == 0) {
2341 yyerror("number expected");
2342 } else {
2343 cfg_parser->cfg->key_cache_slabs = atoi($2);
2344 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2345 yyerror("must be a power of 2");
2346 }
2347 free($2);
2348 }
2349 ;
2350 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2351 {
2352 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2353 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2354 yyerror("memory size expected");
2355 free($2);
2356 }
2357 ;
2358 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2359 {
2360 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2361 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2362 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2363 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2364 && strcmp($3, "typetransparent")!=0
2365 && strcmp($3, "always_transparent")!=0
2366 && strcmp($3, "block_a")!=0
2367 && strcmp($3, "always_refuse")!=0
2368 && strcmp($3, "always_nxdomain")!=0
2369 && strcmp($3, "always_nodata")!=0
2370 && strcmp($3, "always_deny")!=0
2371 && strcmp($3, "always_null")!=0
2372 && strcmp($3, "noview")!=0
2373 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2374 && strcmp($3, "inform_redirect") != 0
2375 && strcmp($3, "ipset") != 0) {
2376 yyerror("local-zone type: expected static, deny, "
2377 "refuse, redirect, transparent, "
2378 "typetransparent, inform, inform_deny, "
2379 "inform_redirect, always_transparent, block_a,"
2380 "always_refuse, always_nxdomain, "
2381 "always_nodata, always_deny, always_null, "
2382 "noview, nodefault or ipset");
2383 free($2);
2384 free($3);
2385 } else if(strcmp($3, "nodefault")==0) {
2386 if(!cfg_strlist_insert(&cfg_parser->cfg->
2387 local_zones_nodefault, $2))
2388 fatal_exit("out of memory adding local-zone");
2389 free($3);
2390 #ifdef USE_IPSET
2391 } else if(strcmp($3, "ipset")==0) {
2392 size_t len = strlen($2);
2393 /* Make sure to add the trailing dot.
2394 * These are str compared to domain names. */
2395 if($2[len-1] != '.') {
2396 if(!($2 = realloc($2, len+2))) {
2397 fatal_exit("out of memory adding local-zone");
2398 }
2399 $2[len] = '.';
2400 $2[len+1] = 0;
2401 }
2402 if(!cfg_strlist_insert(&cfg_parser->cfg->
2403 local_zones_ipset, $2))
2404 fatal_exit("out of memory adding local-zone");
2405 free($3);
2406 #endif
2407 } else {
2408 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2409 $2, $3))
2410 fatal_exit("out of memory adding local-zone");
2411 }
2412 }
2413 ;
2414 server_local_data: VAR_LOCAL_DATA STRING_ARG
2415 {
2416 OUTYY(("P(server_local_data:%s)\n", $2));
2417 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2418 fatal_exit("out of memory adding local-data");
2419 }
2420 ;
2421 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2422 {
2423 char* ptr;
2424 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2425 ptr = cfg_ptr_reverse($2);
2426 free($2);
2427 if(ptr) {
2428 if(!cfg_strlist_insert(&cfg_parser->cfg->
2429 local_data, ptr))
2430 fatal_exit("out of memory adding local-data");
2431 } else {
2432 yyerror("local-data-ptr could not be reversed");
2433 }
2434 }
2435 ;
2436 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2437 {
2438 OUTYY(("P(server_minimal_responses:%s)\n", $2));
2439 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2440 yyerror("expected yes or no.");
2441 else cfg_parser->cfg->minimal_responses =
2442 (strcmp($2, "yes")==0);
2443 free($2);
2444 }
2445 ;
2446 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2447 {
2448 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2449 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2450 yyerror("expected yes or no.");
2451 else cfg_parser->cfg->rrset_roundrobin =
2452 (strcmp($2, "yes")==0);
2453 free($2);
2454 }
2455 ;
2456 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2457 {
2458 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2459 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2460 free($2);
2461 }
2462 ;
2463 server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG
2464 {
2465 OUTYY(("P(server_discard_timeout:%s)\n", $2));
2466 cfg_parser->cfg->discard_timeout = atoi($2);
2467 free($2);
2468 }
2469 ;
2470 server_wait_limit: VAR_WAIT_LIMIT STRING_ARG
2471 {
2472 OUTYY(("P(server_wait_limit:%s)\n", $2));
2473 cfg_parser->cfg->wait_limit = atoi($2);
2474 free($2);
2475 }
2476 ;
2477 server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG
2478 {
2479 OUTYY(("P(server_wait_limit_cookie:%s)\n", $2));
2480 cfg_parser->cfg->wait_limit_cookie = atoi($2);
2481 free($2);
2482 }
2483 ;
2484 server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG
2485 {
2486 OUTYY(("P(server_wait_limit_netblock:%s %s)\n", $2, $3));
2487 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2488 yyerror("number expected");
2489 free($2);
2490 free($3);
2491 } else {
2492 if(!cfg_str2list_insert(&cfg_parser->cfg->
2493 wait_limit_netblock, $2, $3))
2494 fatal_exit("out of memory adding "
2495 "wait-limit-netblock");
2496 }
2497 }
2498 ;
2499 server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG
2500 {
2501 OUTYY(("P(server_wait_limit_cookie_netblock:%s %s)\n", $2, $3));
2502 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2503 yyerror("number expected");
2504 free($2);
2505 free($3);
2506 } else {
2507 if(!cfg_str2list_insert(&cfg_parser->cfg->
2508 wait_limit_cookie_netblock, $2, $3))
2509 fatal_exit("out of memory adding "
2510 "wait-limit-cookie-netblock");
2511 }
2512 }
2513 ;
2514 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2515 {
2516 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2517 cfg_parser->cfg->max_udp_size = atoi($2);
2518 free($2);
2519 }
2520 ;
2521 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2522 {
2523 OUTYY(("P(dns64_prefix:%s)\n", $2));
2524 free(cfg_parser->cfg->dns64_prefix);
2525 cfg_parser->cfg->dns64_prefix = $2;
2526 }
2527 ;
2528 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2529 {
2530 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2531 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2532 yyerror("expected yes or no.");
2533 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2534 free($2);
2535 }
2536 ;
2537 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2538 {
2539 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2540 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2541 $2))
2542 fatal_exit("out of memory adding dns64-ignore-aaaa");
2543 }
2544 ;
2545 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2546 {
2547 OUTYY(("P(nat64_prefix:%s)\n", $2));
2548 free(cfg_parser->cfg->nat64_prefix);
2549 cfg_parser->cfg->nat64_prefix = $2;
2550 }
2551 ;
2552 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2553 {
2554 char* p, *s = $2;
2555 OUTYY(("P(server_define_tag:%s)\n", $2));
2556 while((p=strsep(&s, " \t\n")) != NULL) {
2557 if(*p) {
2558 if(!config_add_tag(cfg_parser->cfg, p))
2559 yyerror("could not define-tag, "
2560 "out of memory");
2561 }
2562 }
2563 free($2);
2564 }
2565 ;
2566 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2567 {
2568 size_t len = 0;
2569 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2570 &len);
2571 free($3);
2572 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2573 if(!bitlist) {
2574 yyerror("could not parse tags, (define-tag them first)");
2575 free($2);
2576 }
2577 if(bitlist) {
2578 if(!cfg_strbytelist_insert(
2579 &cfg_parser->cfg->local_zone_tags,
2580 $2, bitlist, len)) {
2581 yyerror("out of memory");
2582 free($2);
2583 }
2584 }
2585 }
2586 ;
2587 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2588 {
2589 size_t len = 0;
2590 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2591 &len);
2592 free($3);
2593 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2594 if(!bitlist) {
2595 yyerror("could not parse tags, (define-tag them first)");
2596 free($2);
2597 }
2598 if(bitlist) {
2599 if(!cfg_strbytelist_insert(
2600 &cfg_parser->cfg->acl_tags,
2601 $2, bitlist, len)) {
2602 yyerror("out of memory");
2603 free($2);
2604 }
2605 }
2606 }
2607 ;
2608 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2609 {
2610 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2611 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2612 $2, $3, $4)) {
2613 yyerror("out of memory");
2614 free($2);
2615 free($3);
2616 free($4);
2617 }
2618 }
2619 ;
2620 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2621 {
2622 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2623 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2624 $2, $3, $4)) {
2625 yyerror("out of memory");
2626 free($2);
2627 free($3);
2628 free($4);
2629 }
2630 }
2631 ;
2632 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2633 {
2634 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2635 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2636 $2, $3, $4)) {
2637 yyerror("out of memory");
2638 free($2);
2639 free($3);
2640 free($4);
2641 }
2642 }
2643 ;
2644 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2645 {
2646 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2647 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2648 $2, $3)) {
2649 yyerror("out of memory");
2650 }
2651 }
2652 ;
2653 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2654 {
2655 size_t len = 0;
2656 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2657 &len);
2658 free($3);
2659 OUTYY(("P(server_interface_tag:%s)\n", $2));
2660 if(!bitlist) {
2661 yyerror("could not parse tags, (define-tag them first)");
2662 free($2);
2663 }
2664 if(bitlist) {
2665 if(!cfg_strbytelist_insert(
2666 &cfg_parser->cfg->interface_tags,
2667 $2, bitlist, len)) {
2668 yyerror("out of memory");
2669 free($2);
2670 }
2671 }
2672 }
2673 ;
2674 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2675 {
2676 OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2677 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2678 $2, $3, $4)) {
2679 yyerror("out of memory");
2680 free($2);
2681 free($3);
2682 free($4);
2683 }
2684 }
2685 ;
2686 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2687 {
2688 OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2689 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2690 $2, $3, $4)) {
2691 yyerror("out of memory");
2692 free($2);
2693 free($3);
2694 free($4);
2695 }
2696 }
2697 ;
2698 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2699 {
2700 OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2701 if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2702 $2, $3)) {
2703 yyerror("out of memory");
2704 }
2705 }
2706 ;
2707 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2708 {
2709 size_t len = 0;
2710 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2711 &len);
2712 free($3);
2713 OUTYY(("P(response_ip_tag:%s)\n", $2));
2714 if(!bitlist) {
2715 yyerror("could not parse tags, (define-tag them first)");
2716 free($2);
2717 }
2718 if(bitlist) {
2719 if(!cfg_strbytelist_insert(
2720 &cfg_parser->cfg->respip_tags,
2721 $2, bitlist, len)) {
2722 yyerror("out of memory");
2723 free($2);
2724 }
2725 }
2726 }
2727 ;
2728 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2729 {
2730 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2731 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2732 yyerror("number expected");
2733 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2734 free($2);
2735 }
2736 ;
2737 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2738 {
2739 OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2740 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2741 yyerror("number expected");
2742 else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2743 free($2);
2744 }
2745 ;
2746 server_ratelimit: VAR_RATELIMIT STRING_ARG
2747 {
2748 OUTYY(("P(server_ratelimit:%s)\n", $2));
2749 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2750 yyerror("number expected");
2751 else cfg_parser->cfg->ratelimit = atoi($2);
2752 free($2);
2753 }
2754 ;
2755 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2756 {
2757 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2758 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2759 yyerror("memory size expected");
2760 free($2);
2761 }
2762 ;
2763 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2764 {
2765 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2766 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2767 yyerror("memory size expected");
2768 free($2);
2769 }
2770 ;
2771 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2772 {
2773 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2774 if(atoi($2) == 0) {
2775 yyerror("number expected");
2776 } else {
2777 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2778 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2779 yyerror("must be a power of 2");
2780 }
2781 free($2);
2782 }
2783 ;
2784 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2785 {
2786 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2787 if(atoi($2) == 0) {
2788 yyerror("number expected");
2789 } else {
2790 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2791 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2792 yyerror("must be a power of 2");
2793 }
2794 free($2);
2795 }
2796 ;
2797 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2798 {
2799 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2800 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2801 yyerror("number expected");
2802 free($2);
2803 free($3);
2804 } else {
2805 if(!cfg_str2list_insert(&cfg_parser->cfg->
2806 ratelimit_for_domain, $2, $3))
2807 fatal_exit("out of memory adding "
2808 "ratelimit-for-domain");
2809 }
2810 }
2811 ;
2812 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2813 {
2814 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2815 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2816 yyerror("number expected");
2817 free($2);
2818 free($3);
2819 } else {
2820 if(!cfg_str2list_insert(&cfg_parser->cfg->
2821 ratelimit_below_domain, $2, $3))
2822 fatal_exit("out of memory adding "
2823 "ratelimit-below-domain");
2824 }
2825 }
2826 ;
2827 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2828 {
2829 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2830 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2831 yyerror("number expected");
2832 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2833 free($2);
2834 }
2835 ;
2836 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2837 {
2838 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2839 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2840 yyerror("number expected");
2841 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2842 free($2);
2843 }
2844 ;
2845 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2846 {
2847 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2848 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2849 yyerror("expected yes or no.");
2850 else cfg_parser->cfg->ip_ratelimit_backoff =
2851 (strcmp($2, "yes")==0);
2852 free($2);
2853 }
2854 ;
2855 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2856 {
2857 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2858 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2859 yyerror("expected yes or no.");
2860 else cfg_parser->cfg->ratelimit_backoff =
2861 (strcmp($2, "yes")==0);
2862 free($2);
2863 }
2864 ;
2865 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2866 {
2867 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2868 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2869 yyerror("number expected");
2870 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2871 free($2);
2872 }
2873 ;
2874 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2875 {
2876 OUTYY(("P(server_max_sent_count:%s)\n", $2));
2877 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2878 yyerror("number expected");
2879 else cfg_parser->cfg->max_sent_count = atoi($2);
2880 free($2);
2881 }
2882 ;
2883 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2884 {
2885 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2886 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2887 yyerror("number expected");
2888 else cfg_parser->cfg->max_query_restarts = atoi($2);
2889 free($2);
2890 }
2891 ;
2892 server_low_rtt: VAR_LOW_RTT STRING_ARG
2893 {
2894 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2895 free($2);
2896 }
2897 ;
2898 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2899 {
2900 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2901 if(atoi($2) <= 0)
2902 yyerror("number expected");
2903 else cfg_parser->cfg->fast_server_num = atoi($2);
2904 free($2);
2905 }
2906 ;
2907 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2908 {
2909 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2910 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2911 yyerror("number expected");
2912 else cfg_parser->cfg->fast_server_permil = atoi($2);
2913 free($2);
2914 }
2915 ;
2916 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2917 {
2918 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2919 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2920 yyerror("expected yes or no.");
2921 else cfg_parser->cfg->qname_minimisation =
2922 (strcmp($2, "yes")==0);
2923 free($2);
2924 }
2925 ;
2926 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2927 {
2928 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2929 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2930 yyerror("expected yes or no.");
2931 else cfg_parser->cfg->qname_minimisation_strict =
2932 (strcmp($2, "yes")==0);
2933 free($2);
2934 }
2935 ;
2936 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2937 {
2938 OUTYY(("P(server_pad_responses:%s)\n", $2));
2939 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2940 yyerror("expected yes or no.");
2941 else cfg_parser->cfg->pad_responses =
2942 (strcmp($2, "yes")==0);
2943 free($2);
2944 }
2945 ;
2946 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2947 {
2948 OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2949 if(atoi($2) == 0)
2950 yyerror("number expected");
2951 else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2952 free($2);
2953 }
2954 ;
2955 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2956 {
2957 OUTYY(("P(server_pad_queries:%s)\n", $2));
2958 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2959 yyerror("expected yes or no.");
2960 else cfg_parser->cfg->pad_queries =
2961 (strcmp($2, "yes")==0);
2962 free($2);
2963 }
2964 ;
2965 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2966 {
2967 OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2968 if(atoi($2) == 0)
2969 yyerror("number expected");
2970 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2971 free($2);
2972 }
2973 ;
2974 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2975 {
2976 #ifdef USE_IPSECMOD
2977 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2978 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2979 yyerror("expected yes or no.");
2980 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2981 #else
2982 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2983 #endif
2984 free($2);
2985 }
2986 ;
2987 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2988 {
2989 #ifdef USE_IPSECMOD
2990 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2991 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2992 yyerror("expected yes or no.");
2993 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2994 #else
2995 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2996 #endif
2997 free($2);
2998 }
2999 ;
3000 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
3001 {
3002 #ifdef USE_IPSECMOD
3003 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
3004 free(cfg_parser->cfg->ipsecmod_hook);
3005 cfg_parser->cfg->ipsecmod_hook = $2;
3006 #else
3007 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3008 free($2);
3009 #endif
3010 }
3011 ;
3012 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
3013 {
3014 #ifdef USE_IPSECMOD
3015 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
3016 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3017 yyerror("number expected");
3018 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
3019 free($2);
3020 #else
3021 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3022 free($2);
3023 #endif
3024 }
3025 ;
3026 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
3027 {
3028 #ifdef USE_IPSECMOD
3029 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
3030 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
3031 yyerror("out of memory");
3032 #else
3033 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3034 free($2);
3035 #endif
3036 }
3037 ;
3038 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
3039 {
3040 #ifdef USE_IPSECMOD
3041 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
3042 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3043 yyerror("expected yes or no.");
3044 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
3045 free($2);
3046 #else
3047 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3048 free($2);
3049 #endif
3050 }
3051 ;
3052 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
3053 {
3054 OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
3055 if(!cfg_str2list_insert(
3056 &cfg_parser->cfg->edns_client_strings, $2, $3))
3057 fatal_exit("out of memory adding "
3058 "edns-client-string");
3059 }
3060 ;
3061 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
3062 {
3063 OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
3064 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3065 yyerror("option code expected");
3066 else if(atoi($2) > 65535 || atoi($2) < 0)
3067 yyerror("option code must be in interval [0, 65535]");
3068 else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
3069 free($2);
3070 }
3071 ;
3072 server_ede: VAR_EDE STRING_ARG
3073 {
3074 OUTYY(("P(server_ede:%s)\n", $2));
3075 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3076 yyerror("expected yes or no.");
3077 else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
3078 free($2);
3079 }
3080 ;
3081 server_dns_error_reporting: VAR_DNS_ERROR_REPORTING STRING_ARG
3082 {
3083 OUTYY(("P(server_dns_error_reporting:%s)\n", $2));
3084 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3085 yyerror("expected yes or no.");
3086 else cfg_parser->cfg->dns_error_reporting = (strcmp($2, "yes")==0);
3087 free($2);
3088 }
3089 ;
3090 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
3091 {
3092 OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
3093 if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
3094 yyerror("out of memory");
3095 }
3096 ;
3097 stub_name: VAR_NAME STRING_ARG
3098 {
3099 OUTYY(("P(name:%s)\n", $2));
3100 if(cfg_parser->cfg->stubs->name)
3101 yyerror("stub name override, there must be one name "
3102 "for one stub-zone");
3103 free(cfg_parser->cfg->stubs->name);
3104 cfg_parser->cfg->stubs->name = $2;
3105 }
3106 ;
3107 stub_host: VAR_STUB_HOST STRING_ARG
3108 {
3109 OUTYY(("P(stub-host:%s)\n", $2));
3110 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
3111 yyerror("out of memory");
3112 }
3113 ;
3114 stub_addr: VAR_STUB_ADDR STRING_ARG
3115 {
3116 OUTYY(("P(stub-addr:%s)\n", $2));
3117 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
3118 yyerror("out of memory");
3119 }
3120 ;
3121 stub_first: VAR_STUB_FIRST STRING_ARG
3122 {
3123 OUTYY(("P(stub-first:%s)\n", $2));
3124 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3125 yyerror("expected yes or no.");
3126 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
3127 free($2);
3128 }
3129 ;
3130 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
3131 {
3132 OUTYY(("P(stub-no-cache:%s)\n", $2));
3133 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3134 yyerror("expected yes or no.");
3135 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
3136 free($2);
3137 }
3138 ;
3139 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
3140 {
3141 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
3142 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3143 yyerror("expected yes or no.");
3144 else cfg_parser->cfg->stubs->ssl_upstream =
3145 (strcmp($2, "yes")==0);
3146 free($2);
3147 }
3148 ;
3149 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
3150 {
3151 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
3152 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3153 yyerror("expected yes or no.");
3154 else cfg_parser->cfg->stubs->tcp_upstream =
3155 (strcmp($2, "yes")==0);
3156 free($2);
3157 }
3158 ;
3159 stub_prime: VAR_STUB_PRIME STRING_ARG
3160 {
3161 OUTYY(("P(stub-prime:%s)\n", $2));
3162 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3163 yyerror("expected yes or no.");
3164 else cfg_parser->cfg->stubs->isprime =
3165 (strcmp($2, "yes")==0);
3166 free($2);
3167 }
3168 ;
3169 forward_name: VAR_NAME STRING_ARG
3170 {
3171 OUTYY(("P(name:%s)\n", $2));
3172 if(cfg_parser->cfg->forwards->name)
3173 yyerror("forward name override, there must be one "
3174 "name for one forward-zone");
3175 free(cfg_parser->cfg->forwards->name);
3176 cfg_parser->cfg->forwards->name = $2;
3177 }
3178 ;
3179 forward_host: VAR_FORWARD_HOST STRING_ARG
3180 {
3181 OUTYY(("P(forward-host:%s)\n", $2));
3182 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3183 yyerror("out of memory");
3184 }
3185 ;
3186 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3187 {
3188 OUTYY(("P(forward-addr:%s)\n", $2));
3189 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3190 yyerror("out of memory");
3191 }
3192 ;
3193 forward_first: VAR_FORWARD_FIRST STRING_ARG
3194 {
3195 OUTYY(("P(forward-first:%s)\n", $2));
3196 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3197 yyerror("expected yes or no.");
3198 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3199 free($2);
3200 }
3201 ;
3202 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3203 {
3204 OUTYY(("P(forward-no-cache:%s)\n", $2));
3205 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3206 yyerror("expected yes or no.");
3207 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3208 free($2);
3209 }
3210 ;
3211 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3212 {
3213 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3214 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3215 yyerror("expected yes or no.");
3216 else cfg_parser->cfg->forwards->ssl_upstream =
3217 (strcmp($2, "yes")==0);
3218 free($2);
3219 }
3220 ;
3221 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3222 {
3223 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3224 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3225 yyerror("expected yes or no.");
3226 else cfg_parser->cfg->forwards->tcp_upstream =
3227 (strcmp($2, "yes")==0);
3228 free($2);
3229 }
3230 ;
3231 auth_name: VAR_NAME STRING_ARG
3232 {
3233 OUTYY(("P(name:%s)\n", $2));
3234 if(cfg_parser->cfg->auths->name)
3235 yyerror("auth name override, there must be one name "
3236 "for one auth-zone");
3237 free(cfg_parser->cfg->auths->name);
3238 cfg_parser->cfg->auths->name = $2;
3239 }
3240 ;
3241 auth_zonefile: VAR_ZONEFILE STRING_ARG
3242 {
3243 OUTYY(("P(zonefile:%s)\n", $2));
3244 free(cfg_parser->cfg->auths->zonefile);
3245 cfg_parser->cfg->auths->zonefile = $2;
3246 }
3247 ;
3248 auth_master: VAR_MASTER STRING_ARG
3249 {
3250 OUTYY(("P(master:%s)\n", $2));
3251 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3252 yyerror("out of memory");
3253 }
3254 ;
3255 auth_url: VAR_URL STRING_ARG
3256 {
3257 OUTYY(("P(url:%s)\n", $2));
3258 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3259 yyerror("out of memory");
3260 }
3261 ;
3262 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3263 {
3264 OUTYY(("P(allow-notify:%s)\n", $2));
3265 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3266 $2))
3267 yyerror("out of memory");
3268 }
3269 ;
3270 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3271 {
3272 OUTYY(("P(zonemd-check:%s)\n", $2));
3273 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3274 yyerror("expected yes or no.");
3275 else cfg_parser->cfg->auths->zonemd_check =
3276 (strcmp($2, "yes")==0);
3277 free($2);
3278 }
3279 ;
3280 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3281 {
3282 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3283 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3284 yyerror("expected yes or no.");
3285 else cfg_parser->cfg->auths->zonemd_reject_absence =
3286 (strcmp($2, "yes")==0);
3287 free($2);
3288 }
3289 ;
3290 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3291 {
3292 OUTYY(("P(for-downstream:%s)\n", $2));
3293 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3294 yyerror("expected yes or no.");
3295 else cfg_parser->cfg->auths->for_downstream =
3296 (strcmp($2, "yes")==0);
3297 free($2);
3298 }
3299 ;
3300 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3301 {
3302 OUTYY(("P(for-upstream:%s)\n", $2));
3303 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3304 yyerror("expected yes or no.");
3305 else cfg_parser->cfg->auths->for_upstream =
3306 (strcmp($2, "yes")==0);
3307 free($2);
3308 }
3309 ;
3310 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3311 {
3312 OUTYY(("P(fallback-enabled:%s)\n", $2));
3313 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3314 yyerror("expected yes or no.");
3315 else cfg_parser->cfg->auths->fallback_enabled =
3316 (strcmp($2, "yes")==0);
3317 free($2);
3318 }
3319 ;
3320 view_name: VAR_NAME STRING_ARG
3321 {
3322 OUTYY(("P(name:%s)\n", $2));
3323 if(cfg_parser->cfg->views->name)
3324 yyerror("view name override, there must be one "
3325 "name for one view");
3326 free(cfg_parser->cfg->views->name);
3327 cfg_parser->cfg->views->name = $2;
3328 }
3329 ;
3330 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3331 {
3332 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3333 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3334 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3335 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3336 && strcmp($3, "typetransparent")!=0
3337 && strcmp($3, "always_transparent")!=0
3338 && strcmp($3, "always_refuse")!=0
3339 && strcmp($3, "always_nxdomain")!=0
3340 && strcmp($3, "always_nodata")!=0
3341 && strcmp($3, "always_deny")!=0
3342 && strcmp($3, "always_null")!=0
3343 && strcmp($3, "noview")!=0
3344 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3345 && strcmp($3, "inform_redirect") != 0
3346 && strcmp($3, "ipset") != 0) {
3347 yyerror("local-zone type: expected static, deny, "
3348 "refuse, redirect, transparent, "
3349 "typetransparent, inform, inform_deny, "
3350 "inform_redirect, always_transparent, "
3351 "always_refuse, always_nxdomain, "
3352 "always_nodata, always_deny, always_null, "
3353 "noview, nodefault or ipset");
3354 free($2);
3355 free($3);
3356 } else if(strcmp($3, "nodefault")==0) {
3357 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3358 local_zones_nodefault, $2))
3359 fatal_exit("out of memory adding local-zone");
3360 free($3);
3361 #ifdef USE_IPSET
3362 } else if(strcmp($3, "ipset")==0) {
3363 size_t len = strlen($2);
3364 /* Make sure to add the trailing dot.
3365 * These are str compared to domain names. */
3366 if($2[len-1] != '.') {
3367 if(!($2 = realloc($2, len+2))) {
3368 fatal_exit("out of memory adding local-zone");
3369 }
3370 $2[len] = '.';
3371 $2[len+1] = 0;
3372 }
3373 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3374 local_zones_ipset, $2))
3375 fatal_exit("out of memory adding local-zone");
3376 free($3);
3377 #endif
3378 } else {
3379 if(!cfg_str2list_insert(
3380 &cfg_parser->cfg->views->local_zones,
3381 $2, $3))
3382 fatal_exit("out of memory adding local-zone");
3383 }
3384 }
3385 ;
3386 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3387 {
3388 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3389 validate_respip_action($3);
3390 if(!cfg_str2list_insert(
3391 &cfg_parser->cfg->views->respip_actions, $2, $3))
3392 fatal_exit("out of memory adding per-view "
3393 "response-ip action");
3394 }
3395 ;
3396 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3397 {
3398 OUTYY(("P(view_response_ip_data:%s)\n", $2));
3399 if(!cfg_str2list_insert(
3400 &cfg_parser->cfg->views->respip_data, $2, $3))
3401 fatal_exit("out of memory adding response-ip-data");
3402 }
3403 ;
3404 view_local_data: VAR_LOCAL_DATA STRING_ARG
3405 {
3406 OUTYY(("P(view_local_data:%s)\n", $2));
3407 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3408 fatal_exit("out of memory adding local-data");
3409 }
3410 }
3411 ;
3412 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3413 {
3414 char* ptr;
3415 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3416 ptr = cfg_ptr_reverse($2);
3417 free($2);
3418 if(ptr) {
3419 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3420 local_data, ptr))
3421 fatal_exit("out of memory adding local-data");
3422 } else {
3423 yyerror("local-data-ptr could not be reversed");
3424 }
3425 }
3426 ;
3427 view_first: VAR_VIEW_FIRST STRING_ARG
3428 {
3429 OUTYY(("P(view-first:%s)\n", $2));
3430 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3431 yyerror("expected yes or no.");
3432 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3433 free($2);
3434 }
3435 ;
3436 rcstart: VAR_REMOTE_CONTROL
3437 {
3438 OUTYY(("\nP(remote-control:)\n"));
3439 cfg_parser->started_toplevel = 1;
3440 }
3441 ;
3442 contents_rc: contents_rc content_rc
3443 | ;
3444 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3445 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3446 rc_control_cert_file | rc_control_use_cert
3447 ;
3448 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3449 {
3450 OUTYY(("P(control_enable:%s)\n", $2));
3451 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3452 yyerror("expected yes or no.");
3453 else cfg_parser->cfg->remote_control_enable =
3454 (strcmp($2, "yes")==0);
3455 free($2);
3456 }
3457 ;
3458 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3459 {
3460 OUTYY(("P(control_port:%s)\n", $2));
3461 if(atoi($2) == 0)
3462 yyerror("control port number expected");
3463 else cfg_parser->cfg->control_port = atoi($2);
3464 free($2);
3465 }
3466 ;
3467 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3468 {
3469 OUTYY(("P(control_interface:%s)\n", $2));
3470 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3471 yyerror("out of memory");
3472 }
3473 ;
3474 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3475 {
3476 OUTYY(("P(control_use_cert:%s)\n", $2));
3477 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3478 free($2);
3479 }
3480 ;
3481 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3482 {
3483 OUTYY(("P(rc_server_key_file:%s)\n", $2));
3484 free(cfg_parser->cfg->server_key_file);
3485 cfg_parser->cfg->server_key_file = $2;
3486 }
3487 ;
3488 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3489 {
3490 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3491 free(cfg_parser->cfg->server_cert_file);
3492 cfg_parser->cfg->server_cert_file = $2;
3493 }
3494 ;
3495 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3496 {
3497 OUTYY(("P(rc_control_key_file:%s)\n", $2));
3498 free(cfg_parser->cfg->control_key_file);
3499 cfg_parser->cfg->control_key_file = $2;
3500 }
3501 ;
3502 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3503 {
3504 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3505 free(cfg_parser->cfg->control_cert_file);
3506 cfg_parser->cfg->control_cert_file = $2;
3507 }
3508 ;
3509 dtstart: VAR_DNSTAP
3510 {
3511 OUTYY(("\nP(dnstap:)\n"));
3512 cfg_parser->started_toplevel = 1;
3513 }
3514 ;
3515 contents_dt: contents_dt content_dt
3516 | ;
3517 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3518 dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3519 dt_dnstap_tls_cert_bundle |
3520 dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3521 dt_dnstap_send_identity | dt_dnstap_send_version |
3522 dt_dnstap_identity | dt_dnstap_version |
3523 dt_dnstap_log_resolver_query_messages |
3524 dt_dnstap_log_resolver_response_messages |
3525 dt_dnstap_log_client_query_messages |
3526 dt_dnstap_log_client_response_messages |
3527 dt_dnstap_log_forwarder_query_messages |
3528 dt_dnstap_log_forwarder_response_messages |
3529 dt_dnstap_sample_rate
3530 ;
3531 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3532 {
3533 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3534 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3535 yyerror("expected yes or no.");
3536 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3537 free($2);
3538 }
3539 ;
3540 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3541 {
3542 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3543 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3544 yyerror("expected yes or no.");
3545 else cfg_parser->cfg->dnstap_bidirectional =
3546 (strcmp($2, "yes")==0);
3547 free($2);
3548 }
3549 ;
3550 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3551 {
3552 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3553 free(cfg_parser->cfg->dnstap_socket_path);
3554 cfg_parser->cfg->dnstap_socket_path = $2;
3555 }
3556 ;
3557 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3558 {
3559 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3560 free(cfg_parser->cfg->dnstap_ip);
3561 cfg_parser->cfg->dnstap_ip = $2;
3562 }
3563 ;
3564 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3565 {
3566 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3567 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3568 yyerror("expected yes or no.");
3569 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3570 free($2);
3571 }
3572 ;
3573 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3574 {
3575 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3576 free(cfg_parser->cfg->dnstap_tls_server_name);
3577 cfg_parser->cfg->dnstap_tls_server_name = $2;
3578 }
3579 ;
3580 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3581 {
3582 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3583 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3584 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3585 }
3586 ;
3587 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3588 {
3589 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3590 free(cfg_parser->cfg->dnstap_tls_client_key_file);
3591 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3592 }
3593 ;
3594 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3595 {
3596 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3597 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3598 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3599 }
3600 ;
3601 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3602 {
3603 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3604 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3605 yyerror("expected yes or no.");
3606 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3607 free($2);
3608 }
3609 ;
3610 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3611 {
3612 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3613 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3614 yyerror("expected yes or no.");
3615 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3616 free($2);
3617 }
3618 ;
3619 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3620 {
3621 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3622 free(cfg_parser->cfg->dnstap_identity);
3623 cfg_parser->cfg->dnstap_identity = $2;
3624 }
3625 ;
3626 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3627 {
3628 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3629 free(cfg_parser->cfg->dnstap_version);
3630 cfg_parser->cfg->dnstap_version = $2;
3631 }
3632 ;
3633 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3634 {
3635 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3636 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3637 yyerror("expected yes or no.");
3638 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3639 (strcmp($2, "yes")==0);
3640 free($2);
3641 }
3642 ;
3643 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3644 {
3645 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3646 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3647 yyerror("expected yes or no.");
3648 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3649 (strcmp($2, "yes")==0);
3650 free($2);
3651 }
3652 ;
3653 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3654 {
3655 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3656 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3657 yyerror("expected yes or no.");
3658 else cfg_parser->cfg->dnstap_log_client_query_messages =
3659 (strcmp($2, "yes")==0);
3660 free($2);
3661 }
3662 ;
3663 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3664 {
3665 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3666 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3667 yyerror("expected yes or no.");
3668 else cfg_parser->cfg->dnstap_log_client_response_messages =
3669 (strcmp($2, "yes")==0);
3670 free($2);
3671 }
3672 ;
3673 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3674 {
3675 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3676 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3677 yyerror("expected yes or no.");
3678 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3679 (strcmp($2, "yes")==0);
3680 free($2);
3681 }
3682 ;
3683 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3684 {
3685 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3686 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3687 yyerror("expected yes or no.");
3688 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3689 (strcmp($2, "yes")==0);
3690 free($2);
3691 }
3692 ;
3693 dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG
3694 {
3695 OUTYY(("P(dt_dnstap_sample_rate:%s)\n", $2));
3696 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3697 yyerror("number expected");
3698 else if(atoi($2) < 0)
3699 yyerror("dnstap sample rate too small");
3700 else cfg_parser->cfg->dnstap_sample_rate = atoi($2);
3701 free($2);
3702 }
3703 ;
3704 pythonstart: VAR_PYTHON
3705 {
3706 OUTYY(("\nP(python:)\n"));
3707 cfg_parser->started_toplevel = 1;
3708 }
3709 ;
3710 contents_py: contents_py content_py
3711 | ;
3712 content_py: py_script
3713 ;
3714 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3715 {
3716 OUTYY(("P(python-script:%s)\n", $2));
3717 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3718 yyerror("out of memory");
3719 }
3720 ;
3721 dynlibstart: VAR_DYNLIB
3722 {
3723 OUTYY(("\nP(dynlib:)\n"));
3724 cfg_parser->started_toplevel = 1;
3725 }
3726 ;
3727 contents_dl: contents_dl content_dl
3728 | ;
3729 content_dl: dl_file
3730 ;
3731 dl_file: VAR_DYNLIB_FILE STRING_ARG
3732 {
3733 OUTYY(("P(dynlib-file:%s)\n", $2));
3734 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3735 yyerror("out of memory");
3736 }
3737 ;
3738 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3739 {
3740 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3741 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3742 yyerror("expected yes or no.");
3743 else cfg_parser->cfg->disable_dnssec_lame_check =
3744 (strcmp($2, "yes")==0);
3745 free($2);
3746 }
3747 ;
3748 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3749 {
3750 OUTYY(("P(server_log_identity:%s)\n", $2));
3751 free(cfg_parser->cfg->log_identity);
3752 cfg_parser->cfg->log_identity = $2;
3753 }
3754 ;
3755 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3756 {
3757 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3758 validate_respip_action($3);
3759 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3760 $2, $3))
3761 fatal_exit("out of memory adding response-ip");
3762 }
3763 ;
3764 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3765 {
3766 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3767 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3768 $2, $3))
3769 fatal_exit("out of memory adding response-ip-data");
3770 }
3771 ;
3772 dnscstart: VAR_DNSCRYPT
3773 {
3774 OUTYY(("\nP(dnscrypt:)\n"));
3775 cfg_parser->started_toplevel = 1;
3776 }
3777 ;
3778 contents_dnsc: contents_dnsc content_dnsc
3779 | ;
3780 content_dnsc:
3781 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3782 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3783 dnsc_dnscrypt_provider_cert_rotated |
3784 dnsc_dnscrypt_shared_secret_cache_size |
3785 dnsc_dnscrypt_shared_secret_cache_slabs |
3786 dnsc_dnscrypt_nonce_cache_size |
3787 dnsc_dnscrypt_nonce_cache_slabs
3788 ;
3789 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3790 {
3791 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3792 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3793 yyerror("expected yes or no.");
3794 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3795 free($2);
3796 }
3797 ;
3798 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3799 {
3800 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3801 if(atoi($2) == 0)
3802 yyerror("port number expected");
3803 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3804 free($2);
3805 }
3806 ;
3807 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3808 {
3809 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3810 free(cfg_parser->cfg->dnscrypt_provider);
3811 cfg_parser->cfg->dnscrypt_provider = $2;
3812 }
3813 ;
3814 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3815 {
3816 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3817 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3818 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3819 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3820 fatal_exit("out of memory adding dnscrypt-provider-cert");
3821 }
3822 ;
3823 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3824 {
3825 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3826 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3827 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3828 }
3829 ;
3830 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3831 {
3832 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3833 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3834 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3835 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3836 fatal_exit("out of memory adding dnscrypt-secret-key");
3837 }
3838 ;
3839 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3840 {
3841 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3842 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3843 yyerror("memory size expected");
3844 free($2);
3845 }
3846 ;
3847 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3848 {
3849 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3850 if(atoi($2) == 0) {
3851 yyerror("number expected");
3852 } else {
3853 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3854 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3855 yyerror("must be a power of 2");
3856 }
3857 free($2);
3858 }
3859 ;
3860 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3861 {
3862 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3863 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3864 yyerror("memory size expected");
3865 free($2);
3866 }
3867 ;
3868 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3869 {
3870 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3871 if(atoi($2) == 0) {
3872 yyerror("number expected");
3873 } else {
3874 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3875 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3876 yyerror("must be a power of 2");
3877 }
3878 free($2);
3879 }
3880 ;
3881 cachedbstart: VAR_CACHEDB
3882 {
3883 OUTYY(("\nP(cachedb:)\n"));
3884 cfg_parser->started_toplevel = 1;
3885 }
3886 ;
3887 contents_cachedb: contents_cachedb content_cachedb
3888 | ;
3889 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3890 redis_server_host | redis_replica_server_host |
3891 redis_server_port | redis_replica_server_port |
3892 redis_timeout | redis_replica_timeout |
3893 redis_command_timeout | redis_replica_command_timeout |
3894 redis_connect_timeout | redis_replica_connect_timeout |
3895 redis_server_path | redis_replica_server_path |
3896 redis_server_password | redis_replica_server_password |
3897 redis_logical_db | redis_replica_logical_db |
3898 cachedb_no_store | redis_expire_records |
3899 cachedb_check_when_serve_expired
3900 ;
3901 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3902 {
3903 #ifdef USE_CACHEDB
3904 OUTYY(("P(backend:%s)\n", $2));
3905 free(cfg_parser->cfg->cachedb_backend);
3906 cfg_parser->cfg->cachedb_backend = $2;
3907 #else
3908 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3909 free($2);
3910 #endif
3911 }
3912 ;
3913 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3914 {
3915 #ifdef USE_CACHEDB
3916 OUTYY(("P(secret-seed:%s)\n", $2));
3917 free(cfg_parser->cfg->cachedb_secret);
3918 cfg_parser->cfg->cachedb_secret = $2;
3919 #else
3920 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3921 free($2);
3922 #endif
3923 }
3924 ;
3925 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3926 {
3927 #ifdef USE_CACHEDB
3928 OUTYY(("P(cachedb_no_store:%s)\n", $2));
3929 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3930 yyerror("expected yes or no.");
3931 else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3932 #else
3933 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3934 #endif
3935 free($2);
3936 }
3937 ;
3938 cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG
3939 {
3940 #ifdef USE_CACHEDB
3941 OUTYY(("P(cachedb_check_when_serve_expired:%s)\n", $2));
3942 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3943 yyerror("expected yes or no.");
3944 else cfg_parser->cfg->cachedb_check_when_serve_expired = (strcmp($2, "yes")==0);
3945 #else
3946 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3947 #endif
3948 free($2);
3949 }
3950 ;
3951 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3952 {
3953 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3954 OUTYY(("P(redis_server_host:%s)\n", $2));
3955 free(cfg_parser->cfg->redis_server_host);
3956 cfg_parser->cfg->redis_server_host = $2;
3957 #else
3958 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3959 free($2);
3960 #endif
3961 }
3962 ;
3963 redis_replica_server_host: VAR_CACHEDB_REDISREPLICAHOST STRING_ARG
3964 {
3965 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3966 OUTYY(("P(redis_replica_server_host:%s)\n", $2));
3967 free(cfg_parser->cfg->redis_replica_server_host);
3968 cfg_parser->cfg->redis_replica_server_host = $2;
3969 #else
3970 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3971 free($2);
3972 #endif
3973 }
3974 ;
3975 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3976 {
3977 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3978 int port;
3979 OUTYY(("P(redis_server_port:%s)\n", $2));
3980 port = atoi($2);
3981 if(port == 0 || port < 0 || port > 65535)
3982 yyerror("valid redis server port number expected");
3983 else cfg_parser->cfg->redis_server_port = port;
3984 #else
3985 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3986 #endif
3987 free($2);
3988 }
3989 ;
3990 redis_replica_server_port: VAR_CACHEDB_REDISREPLICAPORT STRING_ARG
3991 {
3992 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3993 int port;
3994 OUTYY(("P(redis_replica_server_port:%s)\n", $2));
3995 port = atoi($2);
3996 if(port == 0 || port < 0 || port > 65535)
3997 yyerror("valid redis server port number expected");
3998 else cfg_parser->cfg->redis_replica_server_port = port;
3999 #else
4000 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4001 #endif
4002 free($2);
4003 }
4004 ;
4005 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
4006 {
4007 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4008 OUTYY(("P(redis_server_path:%s)\n", $2));
4009 free(cfg_parser->cfg->redis_server_path);
4010 cfg_parser->cfg->redis_server_path = $2;
4011 #else
4012 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4013 free($2);
4014 #endif
4015 }
4016 ;
4017 redis_replica_server_path: VAR_CACHEDB_REDISREPLICAPATH STRING_ARG
4018 {
4019 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4020 OUTYY(("P(redis_replica_server_path:%s)\n", $2));
4021 free(cfg_parser->cfg->redis_replica_server_path);
4022 cfg_parser->cfg->redis_replica_server_path = $2;
4023 #else
4024 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4025 free($2);
4026 #endif
4027 }
4028 ;
4029 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
4030 {
4031 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4032 OUTYY(("P(redis_server_password:%s)\n", $2));
4033 free(cfg_parser->cfg->redis_server_password);
4034 cfg_parser->cfg->redis_server_password = $2;
4035 #else
4036 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4037 free($2);
4038 #endif
4039 }
4040 ;
4041 redis_replica_server_password: VAR_CACHEDB_REDISREPLICAPASSWORD STRING_ARG
4042 {
4043 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4044 OUTYY(("P(redis_replica_server_password:%s)\n", $2));
4045 free(cfg_parser->cfg->redis_replica_server_password);
4046 cfg_parser->cfg->redis_replica_server_password = $2;
4047 #else
4048 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4049 free($2);
4050 #endif
4051 }
4052 ;
4053 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
4054 {
4055 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4056 OUTYY(("P(redis_timeout:%s)\n", $2));
4057 if(atoi($2) == 0)
4058 yyerror("redis timeout value expected");
4059 else cfg_parser->cfg->redis_timeout = atoi($2);
4060 #else
4061 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4062 #endif
4063 free($2);
4064 }
4065 ;
4066 redis_replica_timeout: VAR_CACHEDB_REDISREPLICATIMEOUT STRING_ARG
4067 {
4068 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4069 OUTYY(("P(redis_replica_timeout:%s)\n", $2));
4070 if(atoi($2) == 0)
4071 yyerror("redis timeout value expected");
4072 else cfg_parser->cfg->redis_replica_timeout = atoi($2);
4073 #else
4074 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4075 #endif
4076 free($2);
4077 }
4078 ;
4079 redis_command_timeout: VAR_CACHEDB_REDISCOMMANDTIMEOUT STRING_ARG
4080 {
4081 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4082 OUTYY(("P(redis_command_timeout:%s)\n", $2));
4083 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4084 yyerror("redis command timeout value expected");
4085 else cfg_parser->cfg->redis_command_timeout = atoi($2);
4086 #else
4087 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4088 #endif
4089 free($2);
4090 }
4091 ;
4092 redis_replica_command_timeout: VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT STRING_ARG
4093 {
4094 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4095 OUTYY(("P(redis_replica_command_timeout:%s)\n", $2));
4096 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4097 yyerror("redis command timeout value expected");
4098 else cfg_parser->cfg->redis_replica_command_timeout = atoi($2);
4099 #else
4100 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4101 #endif
4102 free($2);
4103 }
4104 ;
4105 redis_connect_timeout: VAR_CACHEDB_REDISCONNECTTIMEOUT STRING_ARG
4106 {
4107 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4108 OUTYY(("P(redis_connect_timeout:%s)\n", $2));
4109 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4110 yyerror("redis connect timeout value expected");
4111 else cfg_parser->cfg->redis_connect_timeout = atoi($2);
4112 #else
4113 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4114 #endif
4115 free($2);
4116 }
4117 ;
4118 redis_replica_connect_timeout: VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT STRING_ARG
4119 {
4120 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4121 OUTYY(("P(redis_replica_connect_timeout:%s)\n", $2));
4122 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4123 yyerror("redis connect timeout value expected");
4124 else cfg_parser->cfg->redis_replica_connect_timeout = atoi($2);
4125 #else
4126 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4127 #endif
4128 free($2);
4129 }
4130 ;
4131 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
4132 {
4133 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4134 OUTYY(("P(redis_expire_records:%s)\n", $2));
4135 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4136 yyerror("expected yes or no.");
4137 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
4138 #else
4139 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4140 #endif
4141 free($2);
4142 }
4143 ;
4144 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
4145 {
4146 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4147 int db;
4148 OUTYY(("P(redis_logical_db:%s)\n", $2));
4149 db = atoi($2);
4150 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
4151 yyerror("valid redis logical database index expected");
4152 else cfg_parser->cfg->redis_logical_db = db;
4153 #else
4154 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4155 #endif
4156 free($2);
4157 }
4158 ;
4159 redis_replica_logical_db: VAR_CACHEDB_REDISREPLICALOGICALDB STRING_ARG
4160 {
4161 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4162 int db;
4163 OUTYY(("P(redis_replica_logical_db:%s)\n", $2));
4164 db = atoi($2);
4165 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
4166 yyerror("valid redis logical database index expected");
4167 else cfg_parser->cfg->redis_replica_logical_db = db;
4168 #else
4169 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4170 #endif
4171 free($2);
4172 }
4173 ;
4174 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
4175 {
4176 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
4177 if (atoi($3) < 0)
4178 yyerror("positive number expected");
4179 else {
4180 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
4181 fatal_exit("out of memory adding tcp connection limit");
4182 }
4183 }
4184 ;
4185 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
4186 {
4187 OUTYY(("P(server_answer_cookie:%s)\n", $2));
4188 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4189 yyerror("expected yes or no.");
4190 else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
4191 free($2);
4192 }
4193 ;
4194 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
4195 {
4196 uint8_t secret[32];
4197 size_t secret_len = sizeof(secret);
4198
4199 OUTYY(("P(server_cookie_secret:%s)\n", $2));
4200 if(sldns_str2wire_hex_buf($2, secret, &secret_len)
4201 || (secret_len != 16))
4202 yyerror("expected 128 bit hex string");
4203 else {
4204 cfg_parser->cfg->cookie_secret_len = secret_len;
4205 memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
4206 }
4207 free($2);
4208 }
4209 ;
4210 server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG
4211 {
4212 OUTYY(("P(cookie_secret_file:%s)\n", $2));
4213 free(cfg_parser->cfg->cookie_secret_file);
4214 cfg_parser->cfg->cookie_secret_file = $2;
4215 }
4216 ;
4217 server_iter_scrub_ns: VAR_ITER_SCRUB_NS STRING_ARG
4218 {
4219 OUTYY(("P(server_iter_scrub_ns:%s)\n", $2));
4220 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4221 yyerror("number expected");
4222 else cfg_parser->cfg->iter_scrub_ns = atoi($2);
4223 free($2);
4224 }
4225 ;
4226 server_iter_scrub_cname: VAR_ITER_SCRUB_CNAME STRING_ARG
4227 {
4228 OUTYY(("P(server_iter_scrub_cname:%s)\n", $2));
4229 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4230 yyerror("number expected");
4231 else cfg_parser->cfg->iter_scrub_cname = atoi($2);
4232 free($2);
4233 }
4234 ;
4235 server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG
4236 {
4237 OUTYY(("P(server_max_global_quota:%s)\n", $2));
4238 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4239 yyerror("number expected");
4240 else cfg_parser->cfg->max_global_quota = atoi($2);
4241 free($2);
4242 }
4243 ;
4244 server_iter_scrub_promiscuous: VAR_ITER_SCRUB_PROMISCUOUS STRING_ARG
4245 {
4246 OUTYY(("P(server_iter_scrub_promiscuous:%s)\n", $2));
4247 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4248 yyerror("expected yes or no.");
4249 else cfg_parser->cfg->iter_scrub_promiscuous =
4250 (strcmp($2, "yes")==0);
4251 free($2);
4252 }
4253 ;
4254 ipsetstart: VAR_IPSET
4255 {
4256 OUTYY(("\nP(ipset:)\n"));
4257 cfg_parser->started_toplevel = 1;
4258 }
4259 ;
4260 contents_ipset: contents_ipset content_ipset
4261 | ;
4262 content_ipset: ipset_name_v4 | ipset_name_v6
4263 ;
4264 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
4265 {
4266 #ifdef USE_IPSET
4267 OUTYY(("P(name-v4:%s)\n", $2));
4268 if(cfg_parser->cfg->ipset_name_v4)
4269 yyerror("ipset name v4 override, there must be one "
4270 "name for ip v4");
4271 free(cfg_parser->cfg->ipset_name_v4);
4272 cfg_parser->cfg->ipset_name_v4 = $2;
4273 #else
4274 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4275 free($2);
4276 #endif
4277 }
4278 ;
4279 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
4280 {
4281 #ifdef USE_IPSET
4282 OUTYY(("P(name-v6:%s)\n", $2));
4283 if(cfg_parser->cfg->ipset_name_v6)
4284 yyerror("ipset name v6 override, there must be one "
4285 "name for ip v6");
4286 free(cfg_parser->cfg->ipset_name_v6);
4287 cfg_parser->cfg->ipset_name_v6 = $2;
4288 #else
4289 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4290 free($2);
4291 #endif
4292 }
4293 ;
4294 %%
4295
4296 /* parse helper routines could be here */
4297 static void
4298 validate_respip_action(const char* action)
4299 {
4300 if(strcmp(action, "deny")!=0 &&
4301 strcmp(action, "redirect")!=0 &&
4302 strcmp(action, "inform")!=0 &&
4303 strcmp(action, "inform_deny")!=0 &&
4304 strcmp(action, "always_transparent")!=0 &&
4305 strcmp(action, "always_refuse")!=0 &&
4306 strcmp(action, "always_nxdomain")!=0)
4307 {
4308 yyerror("response-ip action: expected deny, redirect, "
4309 "inform, inform_deny, always_transparent, "
4310 "always_refuse or always_nxdomain");
4311 }
4312 }
4313
4314 static void
validate_acl_action(const char * action)4315 validate_acl_action(const char* action)
4316 {
4317 if(strcmp(action, "deny")!=0 &&
4318 strcmp(action, "refuse")!=0 &&
4319 strcmp(action, "deny_non_local")!=0 &&
4320 strcmp(action, "refuse_non_local")!=0 &&
4321 strcmp(action, "allow_setrd")!=0 &&
4322 strcmp(action, "allow")!=0 &&
4323 strcmp(action, "allow_snoop")!=0 &&
4324 strcmp(action, "allow_cookie")!=0)
4325 {
4326 yyerror("expected deny, refuse, deny_non_local, "
4327 "refuse_non_local, allow, allow_setrd, "
4328 "allow_snoop or allow_cookie as access control action");
4329 }
4330 }
4331