xref: /freebsd/contrib/unbound/util/configparser.y (revision 4f0c9b76cf75724ef0b9c59bb8c182be24361d7c)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_FORCE_TOPLEVEL
73 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
74 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
75 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
76 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
77 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
78 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
79 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
80 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
81 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
82 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
83 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
84 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
85 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
86 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
87 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
88 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
89 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
90 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
91 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
92 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
93 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
94 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
95 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
96 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
97 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
98 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
99 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
100 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
101 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
102 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
103 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
104 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
105 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
106 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
107 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
108 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
109 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
110 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
111 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
112 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
113 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
114 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
115 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
116 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
117 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
118 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
119 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
120 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
121 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
122 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
123 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
124 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
125 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
126 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
127 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
128 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
129 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
130 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
131 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
132 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
133 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
134 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
136 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
137 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
138 %token VAR_IP_DSCP
139 %token VAR_DISABLE_DNSSEC_LAME_CHECK
140 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
141 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
142 %token VAR_OUTBOUND_MSG_RETRY
143 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
144 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
145 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
146 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
147 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
148 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
149 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
150 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
151 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
152 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
153 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
154 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
155 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
156 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
157 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
158 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
159 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
160 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
161 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
162 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
163 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
164 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
165 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
166 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
167 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
168 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
169 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
170 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
171 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
172 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
173 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
174 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
175 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
176 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
177 %token VAR_CACHEDB_REDISEXPIRERECORDS
178 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
179 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
180 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
181 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
182 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
183 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
184 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
185 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
186 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
187 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
188 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
189 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
190 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
191 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
192 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
193 
194 %%
195 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
196 toplevelvar: serverstart contents_server | stubstart contents_stub |
197 	forwardstart contents_forward | pythonstart contents_py |
198 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
199 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
200 	ipsetstart contents_ipset | authstart contents_auth |
201 	rpzstart contents_rpz | dynlibstart contents_dl |
202 	force_toplevel
203 	;
204 force_toplevel: VAR_FORCE_TOPLEVEL
205 	{
206 		OUTYY(("\nP(force-toplevel)\n"));
207 	}
208 	;
209 /* server: declaration */
210 serverstart: VAR_SERVER
211 	{
212 		OUTYY(("\nP(server:)\n"));
213 	}
214 	;
215 contents_server: contents_server content_server
216 	| ;
217 content_server: server_num_threads | server_verbosity | server_port |
218 	server_outgoing_range | server_do_ip4 |
219 	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
220 	server_do_udp | server_do_tcp |
221 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
222 	server_tcp_keepalive | server_tcp_keepalive_timeout |
223 	server_interface | server_chroot | server_username |
224 	server_directory | server_logfile | server_pidfile |
225 	server_msg_cache_size | server_msg_cache_slabs |
226 	server_num_queries_per_thread | server_rrset_cache_size |
227 	server_rrset_cache_slabs | server_outgoing_num_tcp |
228 	server_infra_host_ttl | server_infra_lame_ttl |
229 	server_infra_cache_slabs | server_infra_cache_numhosts |
230 	server_infra_cache_lame_size | server_target_fetch_policy |
231 	server_harden_short_bufsize | server_harden_large_queries |
232 	server_do_not_query_address | server_hide_identity |
233 	server_hide_version | server_identity | server_version |
234 	server_hide_http_user_agent | server_http_user_agent |
235 	server_harden_glue | server_module_conf | server_trust_anchor_file |
236 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
237 	server_val_clean_additional | server_val_permissive_mode |
238 	server_incoming_num_tcp | server_msg_buffer_size |
239 	server_key_cache_size | server_key_cache_slabs |
240 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
241 	server_use_syslog | server_outgoing_interface | server_root_hints |
242 	server_do_not_query_localhost | server_cache_max_ttl |
243 	server_harden_dnssec_stripped | server_access_control |
244 	server_local_zone | server_local_data | server_interface_automatic |
245 	server_statistics_interval | server_do_daemonize |
246 	server_use_caps_for_id | server_statistics_cumulative |
247 	server_outgoing_port_permit | server_outgoing_port_avoid |
248 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
249 	server_harden_referral_path | server_private_address |
250 	server_private_domain | server_extended_statistics |
251 	server_local_data_ptr | server_jostle_timeout |
252 	server_unwanted_reply_threshold | server_log_time_ascii |
253 	server_domain_insecure | server_val_sig_skew_min |
254 	server_val_sig_skew_max | server_val_max_restart |
255 	server_cache_min_ttl | server_val_log_level |
256 	server_auto_trust_anchor_file |	server_add_holddown |
257 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
258 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
259 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
260 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
261 	server_log_local_actions |
262 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
263 	server_https_port | server_http_endpoint | server_http_max_streams |
264 	server_http_query_buffer_size | server_http_response_buffer_size |
265 	server_http_nodelay | server_http_notls_downstream |
266 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
267 	server_so_reuseport | server_delay_close | server_udp_connect |
268 	server_unblock_lan_zones | server_insecure_lan_zones |
269 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
270 	server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
271 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
272 	server_ip_dscp | server_infra_keep_probing |
273 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
274 	server_ip_ratelimit_size | server_ratelimit_size |
275 	server_ratelimit_for_domain |
276 	server_ratelimit_below_domain | server_ratelimit_factor |
277 	server_ip_ratelimit_factor | server_ratelimit_backoff |
278 	server_ip_ratelimit_backoff | server_outbound_msg_retry |
279 	server_send_client_subnet | server_client_subnet_zone |
280 	server_client_subnet_always_forward | server_client_subnet_opcode |
281 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
282 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
283 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
284 	server_caps_whitelist | server_cache_max_negative_ttl |
285 	server_permit_small_holddown | server_qname_minimisation |
286 	server_ip_freebind | server_define_tag | server_local_zone_tag |
287 	server_disable_dnssec_lame_check | server_access_control_tag |
288 	server_local_zone_override | server_access_control_tag_action |
289 	server_access_control_tag_data | server_access_control_view |
290 	server_qname_minimisation_strict |
291 	server_pad_responses | server_pad_responses_block_size |
292 	server_pad_queries | server_pad_queries_block_size |
293 	server_serve_expired |
294 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
295 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
296 	server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
297 	server_log_identity | server_use_systemd |
298 	server_response_ip_tag | server_response_ip | server_response_ip_data |
299 	server_shm_enable | server_shm_key | server_fake_sha1 |
300 	server_hide_trustanchor | server_trust_anchor_signaling |
301 	server_root_key_sentinel |
302 	server_ipsecmod_enabled | server_ipsecmod_hook |
303 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
304 	server_ipsecmod_whitelist | server_ipsecmod_strict |
305 	server_udp_upstream_without_downstream | server_aggressive_nsec |
306 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
307 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
308 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
309 	server_unknown_server_time_limit | server_log_tag_queryreply |
310 	server_stream_wait_size | server_tls_ciphers |
311 	server_tls_ciphersuites | server_tls_session_ticket_keys |
312 	server_tls_use_sni | server_edns_client_string |
313 	server_edns_client_string_opcode | server_nsid |
314 	server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
315 	server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
316 	server_interface_automatic_ports | server_ede
317 
318 	;
319 stubstart: VAR_STUB_ZONE
320 	{
321 		struct config_stub* s;
322 		OUTYY(("\nP(stub_zone:)\n"));
323 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
324 		if(s) {
325 			s->next = cfg_parser->cfg->stubs;
326 			cfg_parser->cfg->stubs = s;
327 		} else {
328 			yyerror("out of memory");
329 		}
330 	}
331 	;
332 contents_stub: contents_stub content_stub
333 	| ;
334 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
335 	stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
336 	;
337 forwardstart: VAR_FORWARD_ZONE
338 	{
339 		struct config_stub* s;
340 		OUTYY(("\nP(forward_zone:)\n"));
341 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
342 		if(s) {
343 			s->next = cfg_parser->cfg->forwards;
344 			cfg_parser->cfg->forwards = s;
345 		} else {
346 			yyerror("out of memory");
347 		}
348 	}
349 	;
350 contents_forward: contents_forward content_forward
351 	| ;
352 content_forward: forward_name | forward_host | forward_addr | forward_first |
353 	forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
354 	;
355 viewstart: VAR_VIEW
356 	{
357 		struct config_view* s;
358 		OUTYY(("\nP(view:)\n"));
359 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
360 		if(s) {
361 			s->next = cfg_parser->cfg->views;
362 			if(s->next && !s->next->name)
363 				yyerror("view without name");
364 			cfg_parser->cfg->views = s;
365 		} else {
366 			yyerror("out of memory");
367 		}
368 	}
369 	;
370 contents_view: contents_view content_view
371 	| ;
372 content_view: view_name | view_local_zone | view_local_data | view_first |
373 		view_response_ip | view_response_ip_data | view_local_data_ptr
374 	;
375 authstart: VAR_AUTH_ZONE
376 	{
377 		struct config_auth* s;
378 		OUTYY(("\nP(auth_zone:)\n"));
379 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
380 		if(s) {
381 			s->next = cfg_parser->cfg->auths;
382 			cfg_parser->cfg->auths = s;
383 			/* defaults for auth zone */
384 			s->for_downstream = 1;
385 			s->for_upstream = 1;
386 			s->fallback_enabled = 0;
387 			s->zonemd_check = 0;
388 			s->zonemd_reject_absence = 0;
389 			s->isrpz = 0;
390 		} else {
391 			yyerror("out of memory");
392 		}
393 	}
394 	;
395 contents_auth: contents_auth content_auth
396 	| ;
397 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
398 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
399 	auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
400 	;
401 
402 rpz_tag: VAR_TAGS STRING_ARG
403 	{
404 		uint8_t* bitlist;
405 		size_t len = 0;
406 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
407 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
408 			&len);
409 		free($2);
410 		if(!bitlist) {
411 			yyerror("could not parse tags, (define-tag them first)");
412 		}
413 		if(bitlist) {
414 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
415 			cfg_parser->cfg->auths->rpz_taglistlen = len;
416 
417 		}
418 	}
419 	;
420 
421 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
422 	{
423 		OUTYY(("P(rpz_action_override:%s)\n", $2));
424 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
425 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
426 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
427 			yyerror("rpz-action-override action: expected nxdomain, "
428 				"nodata, passthru, drop, cname or disabled");
429 			free($2);
430 			cfg_parser->cfg->auths->rpz_action_override = NULL;
431 		}
432 		else {
433 			cfg_parser->cfg->auths->rpz_action_override = $2;
434 		}
435 	}
436 	;
437 
438 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
439 	{
440 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
441 		free(cfg_parser->cfg->auths->rpz_cname);
442 		cfg_parser->cfg->auths->rpz_cname = $2;
443 	}
444 	;
445 
446 rpz_log: VAR_RPZ_LOG STRING_ARG
447 	{
448 		OUTYY(("P(rpz_log:%s)\n", $2));
449 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
450 			yyerror("expected yes or no.");
451 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
452 		free($2);
453 	}
454 	;
455 
456 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
457 	{
458 		OUTYY(("P(rpz_log_name:%s)\n", $2));
459 		free(cfg_parser->cfg->auths->rpz_log_name);
460 		cfg_parser->cfg->auths->rpz_log_name = $2;
461 	}
462 	;
463 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
464 	{
465 		OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
466 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
467 			yyerror("expected yes or no.");
468 		else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
469 		free($2);
470 	}
471 	;
472 
473 rpzstart: VAR_RPZ
474 	{
475 		struct config_auth* s;
476 		OUTYY(("\nP(rpz:)\n"));
477 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
478 		if(s) {
479 			s->next = cfg_parser->cfg->auths;
480 			cfg_parser->cfg->auths = s;
481 			/* defaults for RPZ auth zone */
482 			s->for_downstream = 0;
483 			s->for_upstream = 0;
484 			s->fallback_enabled = 0;
485 			s->isrpz = 1;
486 		} else {
487 			yyerror("out of memory");
488 		}
489 	}
490 	;
491 contents_rpz: contents_rpz content_rpz
492 	| ;
493 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
494 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
495 	   rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
496 	;
497 server_num_threads: VAR_NUM_THREADS STRING_ARG
498 	{
499 		OUTYY(("P(server_num_threads:%s)\n", $2));
500 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
501 			yyerror("number expected");
502 		else cfg_parser->cfg->num_threads = atoi($2);
503 		free($2);
504 	}
505 	;
506 server_verbosity: VAR_VERBOSITY STRING_ARG
507 	{
508 		OUTYY(("P(server_verbosity:%s)\n", $2));
509 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
510 			yyerror("number expected");
511 		else cfg_parser->cfg->verbosity = atoi($2);
512 		free($2);
513 	}
514 	;
515 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
516 	{
517 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
518 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
519 			cfg_parser->cfg->stat_interval = 0;
520 		else if(atoi($2) == 0)
521 			yyerror("number expected");
522 		else cfg_parser->cfg->stat_interval = atoi($2);
523 		free($2);
524 	}
525 	;
526 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
527 	{
528 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
529 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
530 			yyerror("expected yes or no.");
531 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
532 		free($2);
533 	}
534 	;
535 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
536 	{
537 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
538 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
539 			yyerror("expected yes or no.");
540 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
541 		free($2);
542 	}
543 	;
544 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
545 	{
546 		OUTYY(("P(server_shm_enable:%s)\n", $2));
547 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
548 			yyerror("expected yes or no.");
549 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
550 		free($2);
551 	}
552 	;
553 server_shm_key: VAR_SHM_KEY STRING_ARG
554 	{
555 		OUTYY(("P(server_shm_key:%s)\n", $2));
556 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
557 			cfg_parser->cfg->shm_key = 0;
558 		else if(atoi($2) == 0)
559 			yyerror("number expected");
560 		else cfg_parser->cfg->shm_key = atoi($2);
561 		free($2);
562 	}
563 	;
564 server_port: VAR_PORT STRING_ARG
565 	{
566 		OUTYY(("P(server_port:%s)\n", $2));
567 		if(atoi($2) == 0)
568 			yyerror("port number expected");
569 		else cfg_parser->cfg->port = atoi($2);
570 		free($2);
571 	}
572 	;
573 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
574 	{
575 	#ifdef CLIENT_SUBNET
576 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
577 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
578 			fatal_exit("out of memory adding client-subnet");
579 	#else
580 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
581 		free($2);
582 	#endif
583 	}
584 	;
585 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
586 	{
587 	#ifdef CLIENT_SUBNET
588 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
589 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
590 			$2))
591 			fatal_exit("out of memory adding client-subnet-zone");
592 	#else
593 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
594 		free($2);
595 	#endif
596 	}
597 	;
598 server_client_subnet_always_forward:
599 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
600 	{
601 	#ifdef CLIENT_SUBNET
602 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
603 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
604 			yyerror("expected yes or no.");
605 		else
606 			cfg_parser->cfg->client_subnet_always_forward =
607 				(strcmp($2, "yes")==0);
608 	#else
609 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
610 	#endif
611 		free($2);
612 	}
613 	;
614 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
615 	{
616 	#ifdef CLIENT_SUBNET
617 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
618 		OUTYY(("P(Deprecated option, ignoring)\n"));
619 	#else
620 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
621 	#endif
622 		free($2);
623 	}
624 	;
625 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
626 	{
627 	#ifdef CLIENT_SUBNET
628 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
629 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
630 			yyerror("IPv4 subnet length expected");
631 		else if (atoi($2) > 32)
632 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
633 		else if (atoi($2) < 0)
634 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
635 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
636 	#else
637 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
638 	#endif
639 		free($2);
640 	}
641 	;
642 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
643 	{
644 	#ifdef CLIENT_SUBNET
645 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
646 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
647 			yyerror("Ipv6 subnet length expected");
648 		else if (atoi($2) > 128)
649 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
650 		else if (atoi($2) < 0)
651 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
652 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
653 	#else
654 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
655 	#endif
656 		free($2);
657 	}
658 	;
659 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
660 	{
661 	#ifdef CLIENT_SUBNET
662 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
663 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
664 			yyerror("IPv4 subnet length expected");
665 		else if (atoi($2) > 32)
666 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
667 		else if (atoi($2) < 0)
668 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
669 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
670 	#else
671 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
672 	#endif
673 		free($2);
674 	}
675 	;
676 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
677 	{
678 	#ifdef CLIENT_SUBNET
679 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
680 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
681 			yyerror("Ipv6 subnet length expected");
682 		else if (atoi($2) > 128)
683 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
684 		else if (atoi($2) < 0)
685 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
686 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
687 	#else
688 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
689 	#endif
690 		free($2);
691 	}
692 	;
693 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
694 	{
695 	#ifdef CLIENT_SUBNET
696 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
697 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
698 			yyerror("IPv4 ECS tree size expected");
699 		else if (atoi($2) < 0)
700 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
701 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
702 	#else
703 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
704 	#endif
705 		free($2);
706 	}
707 	;
708 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
709 	{
710 	#ifdef CLIENT_SUBNET
711 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
712 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
713 			yyerror("IPv6 ECS tree size expected");
714 		else if (atoi($2) < 0)
715 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
716 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
717 	#else
718 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
719 	#endif
720 		free($2);
721 	}
722 	;
723 server_interface: VAR_INTERFACE STRING_ARG
724 	{
725 		OUTYY(("P(server_interface:%s)\n", $2));
726 		if(cfg_parser->cfg->num_ifs == 0)
727 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
728 		else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
729 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
730 		if(!cfg_parser->cfg->ifs)
731 			yyerror("out of memory");
732 		else
733 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
734 	}
735 	;
736 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
737 	{
738 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
739 		if(cfg_parser->cfg->num_out_ifs == 0)
740 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
741 		else cfg_parser->cfg->out_ifs = realloc(
742 			cfg_parser->cfg->out_ifs,
743 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
744 		if(!cfg_parser->cfg->out_ifs)
745 			yyerror("out of memory");
746 		else
747 			cfg_parser->cfg->out_ifs[
748 				cfg_parser->cfg->num_out_ifs++] = $2;
749 	}
750 	;
751 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
752 	{
753 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
754 		if(atoi($2) == 0)
755 			yyerror("number expected");
756 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
757 		free($2);
758 	}
759 	;
760 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
761 	{
762 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
763 		if(!cfg_mark_ports($2, 1,
764 			cfg_parser->cfg->outgoing_avail_ports, 65536))
765 			yyerror("port number or range (\"low-high\") expected");
766 		free($2);
767 	}
768 	;
769 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
770 	{
771 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
772 		if(!cfg_mark_ports($2, 0,
773 			cfg_parser->cfg->outgoing_avail_ports, 65536))
774 			yyerror("port number or range (\"low-high\") expected");
775 		free($2);
776 	}
777 	;
778 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
779 	{
780 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
781 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
782 			yyerror("number expected");
783 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
784 		free($2);
785 	}
786 	;
787 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
788 	{
789 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
790 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
791 			yyerror("number expected");
792 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
793 		free($2);
794 	}
795 	;
796 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
797 	{
798 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
799 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
800 			yyerror("expected yes or no.");
801 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
802 		free($2);
803 	}
804 	;
805 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
806 	{
807 		OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
808 		free(cfg_parser->cfg->if_automatic_ports);
809 		cfg_parser->cfg->if_automatic_ports = $2;
810 	}
811 	;
812 server_do_ip4: VAR_DO_IP4 STRING_ARG
813 	{
814 		OUTYY(("P(server_do_ip4:%s)\n", $2));
815 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
816 			yyerror("expected yes or no.");
817 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
818 		free($2);
819 	}
820 	;
821 server_do_ip6: VAR_DO_IP6 STRING_ARG
822 	{
823 		OUTYY(("P(server_do_ip6:%s)\n", $2));
824 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
825 			yyerror("expected yes or no.");
826 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
827 		free($2);
828 	}
829 	;
830 server_do_udp: VAR_DO_UDP STRING_ARG
831 	{
832 		OUTYY(("P(server_do_udp:%s)\n", $2));
833 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
834 			yyerror("expected yes or no.");
835 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
836 		free($2);
837 	}
838 	;
839 server_do_tcp: VAR_DO_TCP STRING_ARG
840 	{
841 		OUTYY(("P(server_do_tcp:%s)\n", $2));
842 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
843 			yyerror("expected yes or no.");
844 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
845 		free($2);
846 	}
847 	;
848 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
849 	{
850 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
851 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
852 			yyerror("expected yes or no.");
853 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
854 		free($2);
855 	}
856 	;
857 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
858 	{
859 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
860 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
861 			yyerror("expected yes or no.");
862 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
863 		free($2);
864 	}
865 	;
866 server_tcp_mss: VAR_TCP_MSS STRING_ARG
867 	{
868 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
869 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
870 				yyerror("number expected");
871 		else cfg_parser->cfg->tcp_mss = atoi($2);
872 		free($2);
873 	}
874 	;
875 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
876 	{
877 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
878 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
879 			yyerror("number expected");
880 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
881 		free($2);
882 	}
883 	;
884 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
885 	{
886 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
887 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
888 			yyerror("number expected");
889 		else if (atoi($2) > 120000)
890 			cfg_parser->cfg->tcp_idle_timeout = 120000;
891 		else if (atoi($2) < 1)
892 			cfg_parser->cfg->tcp_idle_timeout = 1;
893 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
894 		free($2);
895 	}
896 	;
897 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
898 	{
899 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
900 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
901 			yyerror("number expected");
902 		else if (atoi($2) < 1)
903 			cfg_parser->cfg->max_reuse_tcp_queries = 0;
904 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
905 		free($2);
906 	}
907 	;
908 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
909 	{
910 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
911 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
912 			yyerror("number expected");
913 		else if (atoi($2) < 1)
914 			cfg_parser->cfg->tcp_reuse_timeout = 0;
915 		else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
916 		free($2);
917 	}
918 	;
919 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
920 	{
921 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
922 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
923 			yyerror("number expected");
924 		else if (atoi($2) < 1)
925 			cfg_parser->cfg->tcp_auth_query_timeout = 0;
926 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
927 		free($2);
928 	}
929 	;
930 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
931 	{
932 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
933 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
934 			yyerror("expected yes or no.");
935 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
936 		free($2);
937 	}
938 	;
939 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
940 	{
941 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
942 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
943 			yyerror("number expected");
944 		else if (atoi($2) > 6553500)
945 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
946 		else if (atoi($2) < 1)
947 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
948 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
949 		free($2);
950 	}
951 	;
952 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
953 	{
954 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
955 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
956 			yyerror("expected yes or no.");
957 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
958 		free($2);
959 	}
960 	;
961 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
962 	{
963 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
964 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
965 			yyerror("expected yes or no.");
966 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
967 		free($2);
968 	}
969 	;
970 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
971 	{
972 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
973 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
974 			yyerror("expected yes or no.");
975 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
976 		free($2);
977 	}
978 	;
979 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
980 	{
981 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
982 		free(cfg_parser->cfg->ssl_service_key);
983 		cfg_parser->cfg->ssl_service_key = $2;
984 	}
985 	;
986 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
987 	{
988 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
989 		free(cfg_parser->cfg->ssl_service_pem);
990 		cfg_parser->cfg->ssl_service_pem = $2;
991 	}
992 	;
993 server_ssl_port: VAR_SSL_PORT STRING_ARG
994 	{
995 		OUTYY(("P(server_ssl_port:%s)\n", $2));
996 		if(atoi($2) == 0)
997 			yyerror("port number expected");
998 		else cfg_parser->cfg->ssl_port = atoi($2);
999 		free($2);
1000 	}
1001 	;
1002 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1003 	{
1004 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1005 		free(cfg_parser->cfg->tls_cert_bundle);
1006 		cfg_parser->cfg->tls_cert_bundle = $2;
1007 	}
1008 	;
1009 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1010 	{
1011 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1012 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1013 			yyerror("expected yes or no.");
1014 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1015 		free($2);
1016 	}
1017 	;
1018 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1019 	{
1020 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1021 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1022 			$2))
1023 			yyerror("out of memory");
1024 	}
1025 	;
1026 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1027 	{
1028 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1029 		free(cfg_parser->cfg->tls_ciphers);
1030 		cfg_parser->cfg->tls_ciphers = $2;
1031 	}
1032 	;
1033 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1034 	{
1035 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1036 		free(cfg_parser->cfg->tls_ciphersuites);
1037 		cfg_parser->cfg->tls_ciphersuites = $2;
1038 	}
1039 	;
1040 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1041 	{
1042 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1043 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1044 			$2))
1045 			yyerror("out of memory");
1046 	}
1047 	;
1048 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1049 	{
1050 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1051 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1052 			yyerror("expected yes or no.");
1053 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1054 		free($2);
1055 	}
1056 	;
1057 server_https_port: VAR_HTTPS_PORT STRING_ARG
1058 	{
1059 		OUTYY(("P(server_https_port:%s)\n", $2));
1060 		if(atoi($2) == 0)
1061 			yyerror("port number expected");
1062 		else cfg_parser->cfg->https_port = atoi($2);
1063 		free($2);
1064 	};
1065 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1066 	{
1067 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
1068 		free(cfg_parser->cfg->http_endpoint);
1069 		if($2 && $2[0] != '/') {
1070 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1071 			if(!cfg_parser->cfg->http_endpoint)
1072 				yyerror("out of memory");
1073 			cfg_parser->cfg->http_endpoint[0] = '/';
1074 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
1075 				strlen($2)+1);
1076 			free($2);
1077 		} else {
1078 			cfg_parser->cfg->http_endpoint = $2;
1079 		}
1080 	};
1081 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1082 	{
1083 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1084 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1085 			yyerror("number expected");
1086 		else cfg_parser->cfg->http_max_streams = atoi($2);
1087 		free($2);
1088 	};
1089 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1090 	{
1091 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1092 		if(!cfg_parse_memsize($2,
1093 			&cfg_parser->cfg->http_query_buffer_size))
1094 			yyerror("memory size expected");
1095 		free($2);
1096 	};
1097 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1098 	{
1099 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1100 		if(!cfg_parse_memsize($2,
1101 			&cfg_parser->cfg->http_response_buffer_size))
1102 			yyerror("memory size expected");
1103 		free($2);
1104 	};
1105 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1106 	{
1107 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1108 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1109 			yyerror("expected yes or no.");
1110 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1111 		free($2);
1112 	}
1113 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1114 	{
1115 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1116 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1117 			yyerror("expected yes or no.");
1118 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1119 		free($2);
1120 	};
1121 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1122 	{
1123 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1124 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1125 			yyerror("expected yes or no.");
1126 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1127 		free($2);
1128 	}
1129 	;
1130 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1131 	{
1132 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1133 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1134 			yyerror("expected yes or no.");
1135 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1136 		free($2);
1137 	}
1138 	;
1139 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1140 	{
1141 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1142 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1143 			yyerror("expected yes or no.");
1144 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1145 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1146 		if(strcmp($2, "yes") == 0)
1147 			yyerror("no syslog services are available. "
1148 				"(reconfigure and compile to add)");
1149 #endif
1150 		free($2);
1151 	}
1152 	;
1153 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1154 	{
1155 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1156 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1157 			yyerror("expected yes or no.");
1158 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1159 		free($2);
1160 	}
1161 	;
1162 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1163 	{
1164 		OUTYY(("P(server_log_queries:%s)\n", $2));
1165 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1166 			yyerror("expected yes or no.");
1167 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1168 		free($2);
1169 	}
1170 	;
1171 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1172 	{
1173 		OUTYY(("P(server_log_replies:%s)\n", $2));
1174 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1175 			yyerror("expected yes or no.");
1176 		else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1177 		free($2);
1178 	}
1179 	;
1180 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1181 	{
1182 		OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1183 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1184 			yyerror("expected yes or no.");
1185 		else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1186 		free($2);
1187 	}
1188 	;
1189 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1190 	{
1191 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1192 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1193 			yyerror("expected yes or no.");
1194 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1195 		free($2);
1196 	}
1197 	;
1198 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1199 	{
1200 		OUTYY(("P(server_log_local_actions:%s)\n", $2));
1201 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1202 			yyerror("expected yes or no.");
1203 		else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1204 		free($2);
1205 	}
1206 	;
1207 server_chroot: VAR_CHROOT STRING_ARG
1208 	{
1209 		OUTYY(("P(server_chroot:%s)\n", $2));
1210 		free(cfg_parser->cfg->chrootdir);
1211 		cfg_parser->cfg->chrootdir = $2;
1212 	}
1213 	;
1214 server_username: VAR_USERNAME STRING_ARG
1215 	{
1216 		OUTYY(("P(server_username:%s)\n", $2));
1217 		free(cfg_parser->cfg->username);
1218 		cfg_parser->cfg->username = $2;
1219 	}
1220 	;
1221 server_directory: VAR_DIRECTORY STRING_ARG
1222 	{
1223 		OUTYY(("P(server_directory:%s)\n", $2));
1224 		free(cfg_parser->cfg->directory);
1225 		cfg_parser->cfg->directory = $2;
1226 		/* change there right away for includes relative to this */
1227 		if($2[0]) {
1228 			char* d;
1229 #ifdef UB_ON_WINDOWS
1230 			w_config_adjust_directory(cfg_parser->cfg);
1231 #endif
1232 			d = cfg_parser->cfg->directory;
1233 			/* adjust directory if we have already chroot,
1234 			 * like, we reread after sighup */
1235 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1236 				strncmp(d, cfg_parser->chroot, strlen(
1237 				cfg_parser->chroot)) == 0)
1238 				d += strlen(cfg_parser->chroot);
1239 			if(d[0]) {
1240 				if(chdir(d))
1241 				log_err("cannot chdir to directory: %s (%s)",
1242 					d, strerror(errno));
1243 			}
1244 		}
1245 	}
1246 	;
1247 server_logfile: VAR_LOGFILE STRING_ARG
1248 	{
1249 		OUTYY(("P(server_logfile:%s)\n", $2));
1250 		free(cfg_parser->cfg->logfile);
1251 		cfg_parser->cfg->logfile = $2;
1252 		cfg_parser->cfg->use_syslog = 0;
1253 	}
1254 	;
1255 server_pidfile: VAR_PIDFILE STRING_ARG
1256 	{
1257 		OUTYY(("P(server_pidfile:%s)\n", $2));
1258 		free(cfg_parser->cfg->pidfile);
1259 		cfg_parser->cfg->pidfile = $2;
1260 	}
1261 	;
1262 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1263 	{
1264 		OUTYY(("P(server_root_hints:%s)\n", $2));
1265 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1266 			yyerror("out of memory");
1267 	}
1268 	;
1269 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1270 	{
1271 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1272 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1273 		free($2);
1274 	}
1275 	;
1276 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1277 	{
1278 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1279 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1280 		free($2);
1281 	}
1282 	;
1283 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1284 	{
1285 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1286 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1287 			auto_trust_anchor_file_list, $2))
1288 			yyerror("out of memory");
1289 	}
1290 	;
1291 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1292 	{
1293 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1294 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1295 			trust_anchor_file_list, $2))
1296 			yyerror("out of memory");
1297 	}
1298 	;
1299 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1300 	{
1301 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1302 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1303 			trusted_keys_file_list, $2))
1304 			yyerror("out of memory");
1305 	}
1306 	;
1307 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1308 	{
1309 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1310 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1311 			yyerror("out of memory");
1312 	}
1313 	;
1314 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1315 	{
1316 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1317 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1318 			yyerror("expected yes or no.");
1319 		else
1320 			cfg_parser->cfg->trust_anchor_signaling =
1321 				(strcmp($2, "yes")==0);
1322 		free($2);
1323 	}
1324 	;
1325 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1326 	{
1327 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1328 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1329 			yyerror("expected yes or no.");
1330 		else
1331 			cfg_parser->cfg->root_key_sentinel =
1332 				(strcmp($2, "yes")==0);
1333 		free($2);
1334 	}
1335 	;
1336 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1337 	{
1338 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1339 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1340 			yyerror("out of memory");
1341 	}
1342 	;
1343 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1344 	{
1345 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1346 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1347 			yyerror("expected yes or no.");
1348 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1349 		free($2);
1350 	}
1351 	;
1352 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1353 	{
1354 		OUTYY(("P(server_hide_version:%s)\n", $2));
1355 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1356 			yyerror("expected yes or no.");
1357 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1358 		free($2);
1359 	}
1360 	;
1361 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1362 	{
1363 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1364 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1365 			yyerror("expected yes or no.");
1366 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1367 		free($2);
1368 	}
1369 	;
1370 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1371 	{
1372 		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1373 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1374 			yyerror("expected yes or no.");
1375 		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1376 		free($2);
1377 	}
1378 	;
1379 server_identity: VAR_IDENTITY STRING_ARG
1380 	{
1381 		OUTYY(("P(server_identity:%s)\n", $2));
1382 		free(cfg_parser->cfg->identity);
1383 		cfg_parser->cfg->identity = $2;
1384 	}
1385 	;
1386 server_version: VAR_VERSION STRING_ARG
1387 	{
1388 		OUTYY(("P(server_version:%s)\n", $2));
1389 		free(cfg_parser->cfg->version);
1390 		cfg_parser->cfg->version = $2;
1391 	}
1392 	;
1393 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1394 	{
1395 		OUTYY(("P(server_http_user_agent:%s)\n", $2));
1396 		free(cfg_parser->cfg->http_user_agent);
1397 		cfg_parser->cfg->http_user_agent = $2;
1398 	}
1399 	;
1400 server_nsid: VAR_NSID STRING_ARG
1401 	{
1402 		OUTYY(("P(server_nsid:%s)\n", $2));
1403 		free(cfg_parser->cfg->nsid_cfg_str);
1404 		cfg_parser->cfg->nsid_cfg_str = $2;
1405 		free(cfg_parser->cfg->nsid);
1406 		cfg_parser->cfg->nsid = NULL;
1407 		cfg_parser->cfg->nsid_len = 0;
1408 		if (*$2 == 0)
1409 			; /* pass; empty string is not setting nsid */
1410 		else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1411 					$2, &cfg_parser->cfg->nsid_len)))
1412 			yyerror("the NSID must be either a hex string or an "
1413 			    "ascii character string prepended with ascii_.");
1414 	}
1415 	;
1416 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1417 	{
1418 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1419 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1420 			yyerror("buffer size expected");
1421 		free($2);
1422 	}
1423 	;
1424 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1425 	{
1426 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1427 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1428 			yyerror("buffer size expected");
1429 		free($2);
1430 	}
1431 	;
1432 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1433 	{
1434 		OUTYY(("P(server_so_reuseport:%s)\n", $2));
1435 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1436 			yyerror("expected yes or no.");
1437 		else cfg_parser->cfg->so_reuseport =
1438 			(strcmp($2, "yes")==0);
1439 		free($2);
1440 	}
1441 	;
1442 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1443 	{
1444 		OUTYY(("P(server_ip_transparent:%s)\n", $2));
1445 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1446 			yyerror("expected yes or no.");
1447 		else cfg_parser->cfg->ip_transparent =
1448 			(strcmp($2, "yes")==0);
1449 		free($2);
1450 	}
1451 	;
1452 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1453 	{
1454 		OUTYY(("P(server_ip_freebind:%s)\n", $2));
1455 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1456 			yyerror("expected yes or no.");
1457 		else cfg_parser->cfg->ip_freebind =
1458 			(strcmp($2, "yes")==0);
1459 		free($2);
1460 	}
1461 	;
1462 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1463 	{
1464 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1465 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1466 			yyerror("number expected");
1467 		else if (atoi($2) > 63)
1468 			yyerror("value too large (max 63)");
1469 		else if (atoi($2) < 0)
1470 			yyerror("value too small (min 0)");
1471 		else
1472 			cfg_parser->cfg->ip_dscp = atoi($2);
1473 		free($2);
1474 	}
1475 	;
1476 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1477 	{
1478 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1479 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1480 			yyerror("memory size expected");
1481 		free($2);
1482 	}
1483 	;
1484 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1485 	{
1486 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1487 		if(atoi($2) == 0)
1488 			yyerror("number expected");
1489 		else if (atoi($2) < 12)
1490 			yyerror("edns buffer size too small");
1491 		else if (atoi($2) > 65535)
1492 			cfg_parser->cfg->edns_buffer_size = 65535;
1493 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1494 		free($2);
1495 	}
1496 	;
1497 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1498 	{
1499 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1500 		if(atoi($2) == 0)
1501 			yyerror("number expected");
1502 		else if (atoi($2) < 4096)
1503 			yyerror("message buffer size too small (use 4096)");
1504 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1505 		free($2);
1506 	}
1507 	;
1508 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1509 	{
1510 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1511 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1512 			yyerror("memory size expected");
1513 		free($2);
1514 	}
1515 	;
1516 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1517 	{
1518 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1519 		if(atoi($2) == 0) {
1520 			yyerror("number expected");
1521 		} else {
1522 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1523 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1524 				yyerror("must be a power of 2");
1525 		}
1526 		free($2);
1527 	}
1528 	;
1529 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1530 	{
1531 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1532 		if(atoi($2) == 0)
1533 			yyerror("number expected");
1534 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1535 		free($2);
1536 	}
1537 	;
1538 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1539 	{
1540 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1541 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1542 			yyerror("number expected");
1543 		else cfg_parser->cfg->jostle_time = atoi($2);
1544 		free($2);
1545 	}
1546 	;
1547 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1548 	{
1549 		OUTYY(("P(server_delay_close:%s)\n", $2));
1550 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1551 			yyerror("number expected");
1552 		else cfg_parser->cfg->delay_close = atoi($2);
1553 		free($2);
1554 	}
1555 	;
1556 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1557 	{
1558 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1559 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1560 			yyerror("expected yes or no.");
1561 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1562 		free($2);
1563 	}
1564 	;
1565 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1566 	{
1567 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1568 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1569 			yyerror("expected yes or no.");
1570 		else cfg_parser->cfg->unblock_lan_zones =
1571 			(strcmp($2, "yes")==0);
1572 		free($2);
1573 	}
1574 	;
1575 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1576 	{
1577 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1578 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1579 			yyerror("expected yes or no.");
1580 		else cfg_parser->cfg->insecure_lan_zones =
1581 			(strcmp($2, "yes")==0);
1582 		free($2);
1583 	}
1584 	;
1585 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1586 	{
1587 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1588 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1589 			yyerror("memory size expected");
1590 		free($2);
1591 	}
1592 	;
1593 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1594 	{
1595 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1596 		if(atoi($2) == 0) {
1597 			yyerror("number expected");
1598 		} else {
1599 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1600 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1601 				yyerror("must be a power of 2");
1602 		}
1603 		free($2);
1604 	}
1605 	;
1606 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1607 	{
1608 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1609 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1610 			yyerror("number expected");
1611 		else cfg_parser->cfg->host_ttl = atoi($2);
1612 		free($2);
1613 	}
1614 	;
1615 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1616 	{
1617 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1618 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1619 			"removed, use infra-host-ttl)", $2);
1620 		free($2);
1621 	}
1622 	;
1623 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1624 	{
1625 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1626 		if(atoi($2) == 0)
1627 			yyerror("number expected");
1628 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1629 		free($2);
1630 	}
1631 	;
1632 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1633 	{
1634 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1635 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1636 			"(option removed, use infra-cache-numhosts)", $2);
1637 		free($2);
1638 	}
1639 	;
1640 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1641 	{
1642 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1643 		if(atoi($2) == 0) {
1644 			yyerror("number expected");
1645 		} else {
1646 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1647 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1648 				yyerror("must be a power of 2");
1649 		}
1650 		free($2);
1651 	}
1652 	;
1653 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1654 	{
1655 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1656 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1657 			yyerror("number expected");
1658 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1659 		free($2);
1660 	}
1661 	;
1662 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1663 	{
1664 		OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1665 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1666 			yyerror("number expected");
1667 		else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1668 		free($2);
1669 	}
1670 	;
1671 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1672 	{
1673 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1674 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1675 			yyerror("expected yes or no.");
1676 		else cfg_parser->cfg->infra_keep_probing =
1677 			(strcmp($2, "yes")==0);
1678 		free($2);
1679 	}
1680 	;
1681 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1682 	{
1683 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1684 		free(cfg_parser->cfg->target_fetch_policy);
1685 		cfg_parser->cfg->target_fetch_policy = $2;
1686 	}
1687 	;
1688 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1689 	{
1690 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1691 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1692 			yyerror("expected yes or no.");
1693 		else cfg_parser->cfg->harden_short_bufsize =
1694 			(strcmp($2, "yes")==0);
1695 		free($2);
1696 	}
1697 	;
1698 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1699 	{
1700 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1701 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1702 			yyerror("expected yes or no.");
1703 		else cfg_parser->cfg->harden_large_queries =
1704 			(strcmp($2, "yes")==0);
1705 		free($2);
1706 	}
1707 	;
1708 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1709 	{
1710 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1711 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1712 			yyerror("expected yes or no.");
1713 		else cfg_parser->cfg->harden_glue =
1714 			(strcmp($2, "yes")==0);
1715 		free($2);
1716 	}
1717 	;
1718 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1719 	{
1720 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1721 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1722 			yyerror("expected yes or no.");
1723 		else cfg_parser->cfg->harden_dnssec_stripped =
1724 			(strcmp($2, "yes")==0);
1725 		free($2);
1726 	}
1727 	;
1728 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1729 	{
1730 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1731 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1732 			yyerror("expected yes or no.");
1733 		else cfg_parser->cfg->harden_below_nxdomain =
1734 			(strcmp($2, "yes")==0);
1735 		free($2);
1736 	}
1737 	;
1738 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1739 	{
1740 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1741 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1742 			yyerror("expected yes or no.");
1743 		else cfg_parser->cfg->harden_referral_path =
1744 			(strcmp($2, "yes")==0);
1745 		free($2);
1746 	}
1747 	;
1748 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1749 	{
1750 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1751 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1752 			yyerror("expected yes or no.");
1753 		else cfg_parser->cfg->harden_algo_downgrade =
1754 			(strcmp($2, "yes")==0);
1755 		free($2);
1756 	}
1757 	;
1758 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1759 	{
1760 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1761 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1762 			yyerror("expected yes or no.");
1763 		else cfg_parser->cfg->use_caps_bits_for_id =
1764 			(strcmp($2, "yes")==0);
1765 		free($2);
1766 	}
1767 	;
1768 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1769 	{
1770 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1771 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1772 			yyerror("out of memory");
1773 	}
1774 	;
1775 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1776 	{
1777 		OUTYY(("P(server_private_address:%s)\n", $2));
1778 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1779 			yyerror("out of memory");
1780 	}
1781 	;
1782 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1783 	{
1784 		OUTYY(("P(server_private_domain:%s)\n", $2));
1785 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1786 			yyerror("out of memory");
1787 	}
1788 	;
1789 server_prefetch: VAR_PREFETCH STRING_ARG
1790 	{
1791 		OUTYY(("P(server_prefetch:%s)\n", $2));
1792 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1793 			yyerror("expected yes or no.");
1794 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1795 		free($2);
1796 	}
1797 	;
1798 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1799 	{
1800 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1801 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1802 			yyerror("expected yes or no.");
1803 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1804 		free($2);
1805 	}
1806 	;
1807 server_deny_any: VAR_DENY_ANY STRING_ARG
1808 	{
1809 		OUTYY(("P(server_deny_any:%s)\n", $2));
1810 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1811 			yyerror("expected yes or no.");
1812 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1813 		free($2);
1814 	}
1815 	;
1816 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1817 	{
1818 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1819 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1820 			yyerror("number expected");
1821 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1822 		free($2);
1823 	}
1824 	;
1825 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1826 	{
1827 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1828 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1829 			yyerror("out of memory");
1830 	}
1831 	;
1832 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1833 	{
1834 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1835 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1836 			yyerror("expected yes or no.");
1837 		else cfg_parser->cfg->donotquery_localhost =
1838 			(strcmp($2, "yes")==0);
1839 		free($2);
1840 	}
1841 	;
1842 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1843 	{
1844 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1845 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1846 			strcmp($3, "deny_non_local")!=0 &&
1847 			strcmp($3, "refuse_non_local")!=0 &&
1848 			strcmp($3, "allow_setrd")!=0 &&
1849 			strcmp($3, "allow")!=0 &&
1850 			strcmp($3, "allow_snoop")!=0) {
1851 			yyerror("expected deny, refuse, deny_non_local, "
1852 				"refuse_non_local, allow, allow_setrd or "
1853 				"allow_snoop in access control action");
1854 			free($2);
1855 			free($3);
1856 		} else {
1857 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1858 				fatal_exit("out of memory adding acl");
1859 		}
1860 	}
1861 	;
1862 server_module_conf: VAR_MODULE_CONF STRING_ARG
1863 	{
1864 		OUTYY(("P(server_module_conf:%s)\n", $2));
1865 		free(cfg_parser->cfg->module_conf);
1866 		cfg_parser->cfg->module_conf = $2;
1867 	}
1868 	;
1869 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1870 	{
1871 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1872 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1873 			cfg_parser->cfg->val_date_override = 0;
1874 		} else if(strlen($2) == 14) {
1875 			cfg_parser->cfg->val_date_override =
1876 				cfg_convert_timeval($2);
1877 			if(!cfg_parser->cfg->val_date_override)
1878 				yyerror("bad date/time specification");
1879 		} else {
1880 			if(atoi($2) == 0)
1881 				yyerror("number expected");
1882 			cfg_parser->cfg->val_date_override = atoi($2);
1883 		}
1884 		free($2);
1885 	}
1886 	;
1887 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1888 	{
1889 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1890 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1891 			cfg_parser->cfg->val_sig_skew_min = 0;
1892 		} else {
1893 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1894 			if(!cfg_parser->cfg->val_sig_skew_min)
1895 				yyerror("number expected");
1896 		}
1897 		free($2);
1898 	}
1899 	;
1900 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1901 	{
1902 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1903 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1904 			cfg_parser->cfg->val_sig_skew_max = 0;
1905 		} else {
1906 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1907 			if(!cfg_parser->cfg->val_sig_skew_max)
1908 				yyerror("number expected");
1909 		}
1910 		free($2);
1911 	}
1912 	;
1913 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1914 	{
1915 		OUTYY(("P(server_val_max_restart:%s)\n", $2));
1916 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1917 			cfg_parser->cfg->val_max_restart = 0;
1918 		} else {
1919 			cfg_parser->cfg->val_max_restart = atoi($2);
1920 			if(!cfg_parser->cfg->val_max_restart)
1921 				yyerror("number expected");
1922 		}
1923 		free($2);
1924 	}
1925 	;
1926 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1927 	{
1928 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1929 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1930 			yyerror("number expected");
1931 		else cfg_parser->cfg->max_ttl = atoi($2);
1932 		free($2);
1933 	}
1934 	;
1935 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1936 	{
1937 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1938 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1939 			yyerror("number expected");
1940 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1941 		free($2);
1942 	}
1943 	;
1944 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1945 	{
1946 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1947 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1948 			yyerror("number expected");
1949 		else cfg_parser->cfg->min_ttl = atoi($2);
1950 		free($2);
1951 	}
1952 	;
1953 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1954 	{
1955 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1956 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1957 			yyerror("number expected");
1958 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1959 		free($2);
1960 	}
1961 	;
1962 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1963 	{
1964 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1965 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1966 			yyerror("expected yes or no.");
1967 		else cfg_parser->cfg->val_clean_additional =
1968 			(strcmp($2, "yes")==0);
1969 		free($2);
1970 	}
1971 	;
1972 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1973 	{
1974 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1975 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1976 			yyerror("expected yes or no.");
1977 		else cfg_parser->cfg->val_permissive_mode =
1978 			(strcmp($2, "yes")==0);
1979 		free($2);
1980 	}
1981 	;
1982 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1983 	{
1984 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1985 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1986 			yyerror("expected yes or no.");
1987 		else
1988 			cfg_parser->cfg->aggressive_nsec =
1989 				(strcmp($2, "yes")==0);
1990 		free($2);
1991 	}
1992 	;
1993 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1994 	{
1995 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1996 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1997 			yyerror("expected yes or no.");
1998 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1999 		free($2);
2000 	}
2001 	;
2002 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2003 	{
2004 		OUTYY(("P(server_serve_expired:%s)\n", $2));
2005 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2006 			yyerror("expected yes or no.");
2007 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2008 		free($2);
2009 	}
2010 	;
2011 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2012 	{
2013 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2014 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2015 			yyerror("number expected");
2016 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2017 		free($2);
2018 	}
2019 	;
2020 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2021 	{
2022 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2023 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2024 			yyerror("expected yes or no.");
2025 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2026 		free($2);
2027 	}
2028 	;
2029 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2030 	{
2031 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2032 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2033 			yyerror("number expected");
2034 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2035 		free($2);
2036 	}
2037 	;
2038 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2039 	{
2040 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2041 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2042 			yyerror("number expected");
2043 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2044 		free($2);
2045 	}
2046 	;
2047 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2048 	{
2049 		OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2050 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2051 			yyerror("expected yes or no.");
2052 		else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2053 		free($2);
2054 	}
2055 	;
2056 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2057 	{
2058 		OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2059 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2060 			yyerror("expected yes or no.");
2061 		else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2062 		free($2);
2063 	}
2064 	;
2065 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2066 	{
2067 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
2068 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2069 			yyerror("expected yes or no.");
2070 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2071 		else fake_dsa = (strcmp($2, "yes")==0);
2072 		if(fake_dsa)
2073 			log_warn("test option fake_dsa is enabled");
2074 #endif
2075 		free($2);
2076 	}
2077 	;
2078 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2079 	{
2080 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
2081 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2082 			yyerror("expected yes or no.");
2083 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2084 		else fake_sha1 = (strcmp($2, "yes")==0);
2085 		if(fake_sha1)
2086 			log_warn("test option fake_sha1 is enabled");
2087 #endif
2088 		free($2);
2089 	}
2090 	;
2091 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2092 	{
2093 		OUTYY(("P(server_val_log_level:%s)\n", $2));
2094 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2095 			yyerror("number expected");
2096 		else cfg_parser->cfg->val_log_level = atoi($2);
2097 		free($2);
2098 	}
2099 	;
2100 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2101 	{
2102 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2103 		free(cfg_parser->cfg->val_nsec3_key_iterations);
2104 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
2105 	}
2106 	;
2107 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2108 	{
2109 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2110 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2111 			yyerror("expected yes or no.");
2112 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2113 		free($2);
2114 	}
2115 	;
2116 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2117 	{
2118 		OUTYY(("P(server_add_holddown:%s)\n", $2));
2119 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2120 			yyerror("number expected");
2121 		else cfg_parser->cfg->add_holddown = atoi($2);
2122 		free($2);
2123 	}
2124 	;
2125 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2126 	{
2127 		OUTYY(("P(server_del_holddown:%s)\n", $2));
2128 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2129 			yyerror("number expected");
2130 		else cfg_parser->cfg->del_holddown = atoi($2);
2131 		free($2);
2132 	}
2133 	;
2134 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2135 	{
2136 		OUTYY(("P(server_keep_missing:%s)\n", $2));
2137 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2138 			yyerror("number expected");
2139 		else cfg_parser->cfg->keep_missing = atoi($2);
2140 		free($2);
2141 	}
2142 	;
2143 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2144 	{
2145 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2146 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2147 			yyerror("expected yes or no.");
2148 		else cfg_parser->cfg->permit_small_holddown =
2149 			(strcmp($2, "yes")==0);
2150 		free($2);
2151 	}
2152 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2153 	{
2154 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
2155 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2156 			yyerror("memory size expected");
2157 		free($2);
2158 	}
2159 	;
2160 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2161 	{
2162 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2163 		if(atoi($2) == 0) {
2164 			yyerror("number expected");
2165 		} else {
2166 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2167 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2168 				yyerror("must be a power of 2");
2169 		}
2170 		free($2);
2171 	}
2172 	;
2173 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2174 	{
2175 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2176 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2177 			yyerror("memory size expected");
2178 		free($2);
2179 	}
2180 	;
2181 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2182 	{
2183 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2184 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2185 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2186 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2187 		   && strcmp($3, "typetransparent")!=0
2188 		   && strcmp($3, "always_transparent")!=0
2189 		   && strcmp($3, "always_refuse")!=0
2190 		   && strcmp($3, "always_nxdomain")!=0
2191 		   && strcmp($3, "always_nodata")!=0
2192 		   && strcmp($3, "always_deny")!=0
2193 		   && strcmp($3, "always_null")!=0
2194 		   && strcmp($3, "noview")!=0
2195 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2196 		   && strcmp($3, "inform_redirect") != 0
2197 		   && strcmp($3, "ipset") != 0) {
2198 			yyerror("local-zone type: expected static, deny, "
2199 				"refuse, redirect, transparent, "
2200 				"typetransparent, inform, inform_deny, "
2201 				"inform_redirect, always_transparent, "
2202 				"always_refuse, always_nxdomain, "
2203 				"always_nodata, always_deny, always_null, "
2204 				"noview, nodefault or ipset");
2205 			free($2);
2206 			free($3);
2207 		} else if(strcmp($3, "nodefault")==0) {
2208 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2209 				local_zones_nodefault, $2))
2210 				fatal_exit("out of memory adding local-zone");
2211 			free($3);
2212 #ifdef USE_IPSET
2213 		} else if(strcmp($3, "ipset")==0) {
2214 			size_t len = strlen($2);
2215 			/* Make sure to add the trailing dot.
2216 			 * These are str compared to domain names. */
2217 			if($2[len-1] != '.') {
2218 				if(!($2 = realloc($2, len+2))) {
2219 					fatal_exit("out of memory adding local-zone");
2220 				}
2221 				$2[len] = '.';
2222 				$2[len+1] = 0;
2223 			}
2224 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2225 				local_zones_ipset, $2))
2226 				fatal_exit("out of memory adding local-zone");
2227 			free($3);
2228 #endif
2229 		} else {
2230 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2231 				$2, $3))
2232 				fatal_exit("out of memory adding local-zone");
2233 		}
2234 	}
2235 	;
2236 server_local_data: VAR_LOCAL_DATA STRING_ARG
2237 	{
2238 		OUTYY(("P(server_local_data:%s)\n", $2));
2239 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2240 			fatal_exit("out of memory adding local-data");
2241 	}
2242 	;
2243 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2244 	{
2245 		char* ptr;
2246 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2247 		ptr = cfg_ptr_reverse($2);
2248 		free($2);
2249 		if(ptr) {
2250 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2251 				local_data, ptr))
2252 				fatal_exit("out of memory adding local-data");
2253 		} else {
2254 			yyerror("local-data-ptr could not be reversed");
2255 		}
2256 	}
2257 	;
2258 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2259 	{
2260 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2261 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2262 			yyerror("expected yes or no.");
2263 		else cfg_parser->cfg->minimal_responses =
2264 			(strcmp($2, "yes")==0);
2265 		free($2);
2266 	}
2267 	;
2268 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2269 	{
2270 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2271 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2272 			yyerror("expected yes or no.");
2273 		else cfg_parser->cfg->rrset_roundrobin =
2274 			(strcmp($2, "yes")==0);
2275 		free($2);
2276 	}
2277 	;
2278 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2279 	{
2280 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2281 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2282 		free($2);
2283 	}
2284 	;
2285 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2286 	{
2287 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2288 		cfg_parser->cfg->max_udp_size = atoi($2);
2289 		free($2);
2290 	}
2291 	;
2292 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2293 	{
2294 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2295 		free(cfg_parser->cfg->dns64_prefix);
2296 		cfg_parser->cfg->dns64_prefix = $2;
2297 	}
2298 	;
2299 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2300 	{
2301 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2302 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2303 			yyerror("expected yes or no.");
2304 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2305 		free($2);
2306 	}
2307 	;
2308 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2309 	{
2310 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2311 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2312 			$2))
2313 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2314 	}
2315 	;
2316 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2317 	{
2318 		char* p, *s = $2;
2319 		OUTYY(("P(server_define_tag:%s)\n", $2));
2320 		while((p=strsep(&s, " \t\n")) != NULL) {
2321 			if(*p) {
2322 				if(!config_add_tag(cfg_parser->cfg, p))
2323 					yyerror("could not define-tag, "
2324 						"out of memory");
2325 			}
2326 		}
2327 		free($2);
2328 	}
2329 	;
2330 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2331 	{
2332 		size_t len = 0;
2333 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2334 			&len);
2335 		free($3);
2336 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2337 		if(!bitlist) {
2338 			yyerror("could not parse tags, (define-tag them first)");
2339 			free($2);
2340 		}
2341 		if(bitlist) {
2342 			if(!cfg_strbytelist_insert(
2343 				&cfg_parser->cfg->local_zone_tags,
2344 				$2, bitlist, len)) {
2345 				yyerror("out of memory");
2346 				free($2);
2347 			}
2348 		}
2349 	}
2350 	;
2351 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2352 	{
2353 		size_t len = 0;
2354 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2355 			&len);
2356 		free($3);
2357 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2358 		if(!bitlist) {
2359 			yyerror("could not parse tags, (define-tag them first)");
2360 			free($2);
2361 		}
2362 		if(bitlist) {
2363 			if(!cfg_strbytelist_insert(
2364 				&cfg_parser->cfg->acl_tags,
2365 				$2, bitlist, len)) {
2366 				yyerror("out of memory");
2367 				free($2);
2368 			}
2369 		}
2370 	}
2371 	;
2372 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2373 	{
2374 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2375 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2376 			$2, $3, $4)) {
2377 			yyerror("out of memory");
2378 			free($2);
2379 			free($3);
2380 			free($4);
2381 		}
2382 	}
2383 	;
2384 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2385 	{
2386 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2387 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2388 			$2, $3, $4)) {
2389 			yyerror("out of memory");
2390 			free($2);
2391 			free($3);
2392 			free($4);
2393 		}
2394 	}
2395 	;
2396 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2397 	{
2398 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2399 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2400 			$2, $3, $4)) {
2401 			yyerror("out of memory");
2402 			free($2);
2403 			free($3);
2404 			free($4);
2405 		}
2406 	}
2407 	;
2408 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2409 	{
2410 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2411 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2412 			$2, $3)) {
2413 			yyerror("out of memory");
2414 		}
2415 	}
2416 	;
2417 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2418 	{
2419 		size_t len = 0;
2420 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2421 			&len);
2422 		free($3);
2423 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2424 		if(!bitlist) {
2425 			yyerror("could not parse tags, (define-tag them first)");
2426 			free($2);
2427 		}
2428 		if(bitlist) {
2429 			if(!cfg_strbytelist_insert(
2430 				&cfg_parser->cfg->respip_tags,
2431 				$2, bitlist, len)) {
2432 				yyerror("out of memory");
2433 				free($2);
2434 			}
2435 		}
2436 	}
2437 	;
2438 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2439 	{
2440 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2441 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2442 			yyerror("number expected");
2443 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2444 		free($2);
2445 	}
2446 	;
2447 server_ratelimit: VAR_RATELIMIT STRING_ARG
2448 	{
2449 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2450 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2451 			yyerror("number expected");
2452 		else cfg_parser->cfg->ratelimit = atoi($2);
2453 		free($2);
2454 	}
2455 	;
2456 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2457 	{
2458 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2459 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2460 			yyerror("memory size expected");
2461 		free($2);
2462 	}
2463 	;
2464 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2465 	{
2466 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2467 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2468 			yyerror("memory size expected");
2469 		free($2);
2470 	}
2471 	;
2472 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2473 	{
2474 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2475 		if(atoi($2) == 0) {
2476 			yyerror("number expected");
2477 		} else {
2478 			cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2479 			if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2480 				yyerror("must be a power of 2");
2481 		}
2482 		free($2);
2483 	}
2484 	;
2485 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2486 	{
2487 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2488 		if(atoi($2) == 0) {
2489 			yyerror("number expected");
2490 		} else {
2491 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2492 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2493 				yyerror("must be a power of 2");
2494 		}
2495 		free($2);
2496 	}
2497 	;
2498 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2499 	{
2500 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2501 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2502 			yyerror("number expected");
2503 			free($2);
2504 			free($3);
2505 		} else {
2506 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2507 				ratelimit_for_domain, $2, $3))
2508 				fatal_exit("out of memory adding "
2509 					"ratelimit-for-domain");
2510 		}
2511 	}
2512 	;
2513 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2514 	{
2515 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2516 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2517 			yyerror("number expected");
2518 			free($2);
2519 			free($3);
2520 		} else {
2521 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2522 				ratelimit_below_domain, $2, $3))
2523 				fatal_exit("out of memory adding "
2524 					"ratelimit-below-domain");
2525 		}
2526 	}
2527 	;
2528 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2529 	{
2530 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2531 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2532 			yyerror("number expected");
2533 		else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2534 		free($2);
2535 	}
2536 	;
2537 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2538 	{
2539 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2540 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2541 			yyerror("number expected");
2542 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2543 		free($2);
2544 	}
2545 	;
2546 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2547 	{
2548 		OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2549 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2550 			yyerror("expected yes or no.");
2551 		else cfg_parser->cfg->ip_ratelimit_backoff =
2552 			(strcmp($2, "yes")==0);
2553 		free($2);
2554 	}
2555 	;
2556 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2557 	{
2558 		OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2559 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2560 			yyerror("expected yes or no.");
2561 		else cfg_parser->cfg->ratelimit_backoff =
2562 			(strcmp($2, "yes")==0);
2563 		free($2);
2564 	}
2565 	;
2566 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2567 	{
2568 		OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2569 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2570 			yyerror("number expected");
2571 		else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2572 		free($2);
2573 	}
2574 	;
2575 server_low_rtt: VAR_LOW_RTT STRING_ARG
2576 	{
2577 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2578 		free($2);
2579 	}
2580 	;
2581 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2582 	{
2583 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2584 		if(atoi($2) <= 0)
2585 			yyerror("number expected");
2586 		else cfg_parser->cfg->fast_server_num = atoi($2);
2587 		free($2);
2588 	}
2589 	;
2590 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2591 	{
2592 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2593 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2594 			yyerror("number expected");
2595 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2596 		free($2);
2597 	}
2598 	;
2599 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2600 	{
2601 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2602 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2603 			yyerror("expected yes or no.");
2604 		else cfg_parser->cfg->qname_minimisation =
2605 			(strcmp($2, "yes")==0);
2606 		free($2);
2607 	}
2608 	;
2609 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2610 	{
2611 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2612 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2613 			yyerror("expected yes or no.");
2614 		else cfg_parser->cfg->qname_minimisation_strict =
2615 			(strcmp($2, "yes")==0);
2616 		free($2);
2617 	}
2618 	;
2619 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2620 	{
2621 		OUTYY(("P(server_pad_responses:%s)\n", $2));
2622 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2623 			yyerror("expected yes or no.");
2624 		else cfg_parser->cfg->pad_responses =
2625 			(strcmp($2, "yes")==0);
2626 		free($2);
2627 	}
2628 	;
2629 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2630 	{
2631 		OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2632 		if(atoi($2) == 0)
2633 			yyerror("number expected");
2634 		else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2635 		free($2);
2636 	}
2637 	;
2638 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2639 	{
2640 		OUTYY(("P(server_pad_queries:%s)\n", $2));
2641 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2642 			yyerror("expected yes or no.");
2643 		else cfg_parser->cfg->pad_queries =
2644 			(strcmp($2, "yes")==0);
2645 		free($2);
2646 	}
2647 	;
2648 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2649 	{
2650 		OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2651 		if(atoi($2) == 0)
2652 			yyerror("number expected");
2653 		else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2654 		free($2);
2655 	}
2656 	;
2657 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2658 	{
2659 	#ifdef USE_IPSECMOD
2660 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2661 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2662 			yyerror("expected yes or no.");
2663 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2664 	#else
2665 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2666 	#endif
2667 		free($2);
2668 	}
2669 	;
2670 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2671 	{
2672 	#ifdef USE_IPSECMOD
2673 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2674 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2675 			yyerror("expected yes or no.");
2676 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2677 	#else
2678 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2679 	#endif
2680 		free($2);
2681 	}
2682 	;
2683 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2684 	{
2685 	#ifdef USE_IPSECMOD
2686 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2687 		free(cfg_parser->cfg->ipsecmod_hook);
2688 		cfg_parser->cfg->ipsecmod_hook = $2;
2689 	#else
2690 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2691 		free($2);
2692 	#endif
2693 	}
2694 	;
2695 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2696 	{
2697 	#ifdef USE_IPSECMOD
2698 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2699 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2700 			yyerror("number expected");
2701 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2702 		free($2);
2703 	#else
2704 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2705 		free($2);
2706 	#endif
2707 	}
2708 	;
2709 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2710 	{
2711 	#ifdef USE_IPSECMOD
2712 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2713 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2714 			yyerror("out of memory");
2715 	#else
2716 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2717 		free($2);
2718 	#endif
2719 	}
2720 	;
2721 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2722 	{
2723 	#ifdef USE_IPSECMOD
2724 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2725 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2726 			yyerror("expected yes or no.");
2727 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2728 		free($2);
2729 	#else
2730 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2731 		free($2);
2732 	#endif
2733 	}
2734 	;
2735 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2736 	{
2737 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2738 		if(!cfg_str2list_insert(
2739 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2740 			fatal_exit("out of memory adding "
2741 				"edns-client-string");
2742 	}
2743 	;
2744 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2745 	{
2746 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2747 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2748 			yyerror("option code expected");
2749 		else if(atoi($2) > 65535 || atoi($2) < 0)
2750 			yyerror("option code must be in interval [0, 65535]");
2751 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2752 		free($2);
2753 	}
2754 	;
2755 server_ede: VAR_EDE STRING_ARG
2756 	{
2757 		OUTYY(("P(server_ede:%s)\n", $2));
2758 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2759 			yyerror("expected yes or no.");
2760 		else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2761 		free($2);
2762 	}
2763 	;
2764 stub_name: VAR_NAME STRING_ARG
2765 	{
2766 		OUTYY(("P(name:%s)\n", $2));
2767 		if(cfg_parser->cfg->stubs->name)
2768 			yyerror("stub name override, there must be one name "
2769 				"for one stub-zone");
2770 		free(cfg_parser->cfg->stubs->name);
2771 		cfg_parser->cfg->stubs->name = $2;
2772 	}
2773 	;
2774 stub_host: VAR_STUB_HOST STRING_ARG
2775 	{
2776 		OUTYY(("P(stub-host:%s)\n", $2));
2777 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2778 			yyerror("out of memory");
2779 	}
2780 	;
2781 stub_addr: VAR_STUB_ADDR STRING_ARG
2782 	{
2783 		OUTYY(("P(stub-addr:%s)\n", $2));
2784 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2785 			yyerror("out of memory");
2786 	}
2787 	;
2788 stub_first: VAR_STUB_FIRST STRING_ARG
2789 	{
2790 		OUTYY(("P(stub-first:%s)\n", $2));
2791 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2792 			yyerror("expected yes or no.");
2793 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2794 		free($2);
2795 	}
2796 	;
2797 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2798 	{
2799 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2800 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2801 			yyerror("expected yes or no.");
2802 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2803 		free($2);
2804 	}
2805 	;
2806 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2807 	{
2808 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2809 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2810 			yyerror("expected yes or no.");
2811 		else cfg_parser->cfg->stubs->ssl_upstream =
2812 			(strcmp($2, "yes")==0);
2813 		free($2);
2814 	}
2815 	;
2816 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2817         {
2818                 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2819                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2820                         yyerror("expected yes or no.");
2821                 else cfg_parser->cfg->stubs->tcp_upstream =
2822                         (strcmp($2, "yes")==0);
2823                 free($2);
2824         }
2825         ;
2826 stub_prime: VAR_STUB_PRIME STRING_ARG
2827 	{
2828 		OUTYY(("P(stub-prime:%s)\n", $2));
2829 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2830 			yyerror("expected yes or no.");
2831 		else cfg_parser->cfg->stubs->isprime =
2832 			(strcmp($2, "yes")==0);
2833 		free($2);
2834 	}
2835 	;
2836 forward_name: VAR_NAME STRING_ARG
2837 	{
2838 		OUTYY(("P(name:%s)\n", $2));
2839 		if(cfg_parser->cfg->forwards->name)
2840 			yyerror("forward name override, there must be one "
2841 				"name for one forward-zone");
2842 		free(cfg_parser->cfg->forwards->name);
2843 		cfg_parser->cfg->forwards->name = $2;
2844 	}
2845 	;
2846 forward_host: VAR_FORWARD_HOST STRING_ARG
2847 	{
2848 		OUTYY(("P(forward-host:%s)\n", $2));
2849 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2850 			yyerror("out of memory");
2851 	}
2852 	;
2853 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2854 	{
2855 		OUTYY(("P(forward-addr:%s)\n", $2));
2856 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2857 			yyerror("out of memory");
2858 	}
2859 	;
2860 forward_first: VAR_FORWARD_FIRST STRING_ARG
2861 	{
2862 		OUTYY(("P(forward-first:%s)\n", $2));
2863 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2864 			yyerror("expected yes or no.");
2865 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2866 		free($2);
2867 	}
2868 	;
2869 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2870 	{
2871 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2872 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2873 			yyerror("expected yes or no.");
2874 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2875 		free($2);
2876 	}
2877 	;
2878 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2879 	{
2880 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2881 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2882 			yyerror("expected yes or no.");
2883 		else cfg_parser->cfg->forwards->ssl_upstream =
2884 			(strcmp($2, "yes")==0);
2885 		free($2);
2886 	}
2887 	;
2888 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
2889         {
2890                 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
2891                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2892                         yyerror("expected yes or no.");
2893                 else cfg_parser->cfg->forwards->tcp_upstream =
2894                         (strcmp($2, "yes")==0);
2895                 free($2);
2896         }
2897         ;
2898 auth_name: VAR_NAME STRING_ARG
2899 	{
2900 		OUTYY(("P(name:%s)\n", $2));
2901 		if(cfg_parser->cfg->auths->name)
2902 			yyerror("auth name override, there must be one name "
2903 				"for one auth-zone");
2904 		free(cfg_parser->cfg->auths->name);
2905 		cfg_parser->cfg->auths->name = $2;
2906 	}
2907 	;
2908 auth_zonefile: VAR_ZONEFILE STRING_ARG
2909 	{
2910 		OUTYY(("P(zonefile:%s)\n", $2));
2911 		free(cfg_parser->cfg->auths->zonefile);
2912 		cfg_parser->cfg->auths->zonefile = $2;
2913 	}
2914 	;
2915 auth_master: VAR_MASTER STRING_ARG
2916 	{
2917 		OUTYY(("P(master:%s)\n", $2));
2918 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2919 			yyerror("out of memory");
2920 	}
2921 	;
2922 auth_url: VAR_URL STRING_ARG
2923 	{
2924 		OUTYY(("P(url:%s)\n", $2));
2925 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2926 			yyerror("out of memory");
2927 	}
2928 	;
2929 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2930 	{
2931 		OUTYY(("P(allow-notify:%s)\n", $2));
2932 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2933 			$2))
2934 			yyerror("out of memory");
2935 	}
2936 	;
2937 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
2938 	{
2939 		OUTYY(("P(zonemd-check:%s)\n", $2));
2940 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2941 			yyerror("expected yes or no.");
2942 		else cfg_parser->cfg->auths->zonemd_check =
2943 			(strcmp($2, "yes")==0);
2944 		free($2);
2945 	}
2946 	;
2947 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
2948 	{
2949 		OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
2950 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2951 			yyerror("expected yes or no.");
2952 		else cfg_parser->cfg->auths->zonemd_reject_absence =
2953 			(strcmp($2, "yes")==0);
2954 		free($2);
2955 	}
2956 	;
2957 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2958 	{
2959 		OUTYY(("P(for-downstream:%s)\n", $2));
2960 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2961 			yyerror("expected yes or no.");
2962 		else cfg_parser->cfg->auths->for_downstream =
2963 			(strcmp($2, "yes")==0);
2964 		free($2);
2965 	}
2966 	;
2967 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2968 	{
2969 		OUTYY(("P(for-upstream:%s)\n", $2));
2970 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2971 			yyerror("expected yes or no.");
2972 		else cfg_parser->cfg->auths->for_upstream =
2973 			(strcmp($2, "yes")==0);
2974 		free($2);
2975 	}
2976 	;
2977 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2978 	{
2979 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2980 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2981 			yyerror("expected yes or no.");
2982 		else cfg_parser->cfg->auths->fallback_enabled =
2983 			(strcmp($2, "yes")==0);
2984 		free($2);
2985 	}
2986 	;
2987 view_name: VAR_NAME STRING_ARG
2988 	{
2989 		OUTYY(("P(name:%s)\n", $2));
2990 		if(cfg_parser->cfg->views->name)
2991 			yyerror("view name override, there must be one "
2992 				"name for one view");
2993 		free(cfg_parser->cfg->views->name);
2994 		cfg_parser->cfg->views->name = $2;
2995 	}
2996 	;
2997 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2998 	{
2999 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3000 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3001 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3002 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3003 		   && strcmp($3, "typetransparent")!=0
3004 		   && strcmp($3, "always_transparent")!=0
3005 		   && strcmp($3, "always_refuse")!=0
3006 		   && strcmp($3, "always_nxdomain")!=0
3007 		   && strcmp($3, "always_nodata")!=0
3008 		   && strcmp($3, "always_deny")!=0
3009 		   && strcmp($3, "always_null")!=0
3010 		   && strcmp($3, "noview")!=0
3011 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3012 		   && strcmp($3, "inform_redirect") != 0
3013 		   && strcmp($3, "ipset") != 0) {
3014 			yyerror("local-zone type: expected static, deny, "
3015 				"refuse, redirect, transparent, "
3016 				"typetransparent, inform, inform_deny, "
3017 				"inform_redirect, always_transparent, "
3018 				"always_refuse, always_nxdomain, "
3019 				"always_nodata, always_deny, always_null, "
3020 				"noview, nodefault or ipset");
3021 			free($2);
3022 			free($3);
3023 		} else if(strcmp($3, "nodefault")==0) {
3024 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3025 				local_zones_nodefault, $2))
3026 				fatal_exit("out of memory adding local-zone");
3027 			free($3);
3028 #ifdef USE_IPSET
3029 		} else if(strcmp($3, "ipset")==0) {
3030 			size_t len = strlen($2);
3031 			/* Make sure to add the trailing dot.
3032 			 * These are str compared to domain names. */
3033 			if($2[len-1] != '.') {
3034 				if(!($2 = realloc($2, len+2))) {
3035 					fatal_exit("out of memory adding local-zone");
3036 				}
3037 				$2[len] = '.';
3038 				$2[len+1] = 0;
3039 			}
3040 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3041 				local_zones_ipset, $2))
3042 				fatal_exit("out of memory adding local-zone");
3043 			free($3);
3044 #endif
3045 		} else {
3046 			if(!cfg_str2list_insert(
3047 				&cfg_parser->cfg->views->local_zones,
3048 				$2, $3))
3049 				fatal_exit("out of memory adding local-zone");
3050 		}
3051 	}
3052 	;
3053 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3054 	{
3055 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3056 		validate_respip_action($3);
3057 		if(!cfg_str2list_insert(
3058 			&cfg_parser->cfg->views->respip_actions, $2, $3))
3059 			fatal_exit("out of memory adding per-view "
3060 				"response-ip action");
3061 	}
3062 	;
3063 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3064 	{
3065 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
3066 		if(!cfg_str2list_insert(
3067 			&cfg_parser->cfg->views->respip_data, $2, $3))
3068 			fatal_exit("out of memory adding response-ip-data");
3069 	}
3070 	;
3071 view_local_data: VAR_LOCAL_DATA STRING_ARG
3072 	{
3073 		OUTYY(("P(view_local_data:%s)\n", $2));
3074 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3075 			fatal_exit("out of memory adding local-data");
3076 		}
3077 	}
3078 	;
3079 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3080 	{
3081 		char* ptr;
3082 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3083 		ptr = cfg_ptr_reverse($2);
3084 		free($2);
3085 		if(ptr) {
3086 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3087 				local_data, ptr))
3088 				fatal_exit("out of memory adding local-data");
3089 		} else {
3090 			yyerror("local-data-ptr could not be reversed");
3091 		}
3092 	}
3093 	;
3094 view_first: VAR_VIEW_FIRST STRING_ARG
3095 	{
3096 		OUTYY(("P(view-first:%s)\n", $2));
3097 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3098 			yyerror("expected yes or no.");
3099 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3100 		free($2);
3101 	}
3102 	;
3103 rcstart: VAR_REMOTE_CONTROL
3104 	{
3105 		OUTYY(("\nP(remote-control:)\n"));
3106 	}
3107 	;
3108 contents_rc: contents_rc content_rc
3109 	| ;
3110 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3111 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3112 	rc_control_cert_file | rc_control_use_cert
3113 	;
3114 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3115 	{
3116 		OUTYY(("P(control_enable:%s)\n", $2));
3117 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3118 			yyerror("expected yes or no.");
3119 		else cfg_parser->cfg->remote_control_enable =
3120 			(strcmp($2, "yes")==0);
3121 		free($2);
3122 	}
3123 	;
3124 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3125 	{
3126 		OUTYY(("P(control_port:%s)\n", $2));
3127 		if(atoi($2) == 0)
3128 			yyerror("control port number expected");
3129 		else cfg_parser->cfg->control_port = atoi($2);
3130 		free($2);
3131 	}
3132 	;
3133 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3134 	{
3135 		OUTYY(("P(control_interface:%s)\n", $2));
3136 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3137 			yyerror("out of memory");
3138 	}
3139 	;
3140 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3141 	{
3142 		OUTYY(("P(control_use_cert:%s)\n", $2));
3143 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3144 		free($2);
3145 	}
3146 	;
3147 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3148 	{
3149 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
3150 		free(cfg_parser->cfg->server_key_file);
3151 		cfg_parser->cfg->server_key_file = $2;
3152 	}
3153 	;
3154 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3155 	{
3156 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3157 		free(cfg_parser->cfg->server_cert_file);
3158 		cfg_parser->cfg->server_cert_file = $2;
3159 	}
3160 	;
3161 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3162 	{
3163 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
3164 		free(cfg_parser->cfg->control_key_file);
3165 		cfg_parser->cfg->control_key_file = $2;
3166 	}
3167 	;
3168 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3169 	{
3170 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3171 		free(cfg_parser->cfg->control_cert_file);
3172 		cfg_parser->cfg->control_cert_file = $2;
3173 	}
3174 	;
3175 dtstart: VAR_DNSTAP
3176 	{
3177 		OUTYY(("\nP(dnstap:)\n"));
3178 	}
3179 	;
3180 contents_dt: contents_dt content_dt
3181 	| ;
3182 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3183 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3184 	dt_dnstap_tls_cert_bundle |
3185 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3186 	dt_dnstap_send_identity | dt_dnstap_send_version |
3187 	dt_dnstap_identity | dt_dnstap_version |
3188 	dt_dnstap_log_resolver_query_messages |
3189 	dt_dnstap_log_resolver_response_messages |
3190 	dt_dnstap_log_client_query_messages |
3191 	dt_dnstap_log_client_response_messages |
3192 	dt_dnstap_log_forwarder_query_messages |
3193 	dt_dnstap_log_forwarder_response_messages
3194 	;
3195 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3196 	{
3197 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3198 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3199 			yyerror("expected yes or no.");
3200 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3201 		free($2);
3202 	}
3203 	;
3204 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3205 	{
3206 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3207 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3208 			yyerror("expected yes or no.");
3209 		else cfg_parser->cfg->dnstap_bidirectional =
3210 			(strcmp($2, "yes")==0);
3211 		free($2);
3212 	}
3213 	;
3214 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3215 	{
3216 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3217 		free(cfg_parser->cfg->dnstap_socket_path);
3218 		cfg_parser->cfg->dnstap_socket_path = $2;
3219 	}
3220 	;
3221 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3222 	{
3223 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3224 		free(cfg_parser->cfg->dnstap_ip);
3225 		cfg_parser->cfg->dnstap_ip = $2;
3226 	}
3227 	;
3228 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3229 	{
3230 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3231 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3232 			yyerror("expected yes or no.");
3233 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3234 		free($2);
3235 	}
3236 	;
3237 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3238 	{
3239 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3240 		free(cfg_parser->cfg->dnstap_tls_server_name);
3241 		cfg_parser->cfg->dnstap_tls_server_name = $2;
3242 	}
3243 	;
3244 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3245 	{
3246 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3247 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3248 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3249 	}
3250 	;
3251 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3252 	{
3253 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3254 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
3255 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3256 	}
3257 	;
3258 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3259 	{
3260 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3261 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3262 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3263 	}
3264 	;
3265 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3266 	{
3267 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3268 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3269 			yyerror("expected yes or no.");
3270 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3271 		free($2);
3272 	}
3273 	;
3274 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3275 	{
3276 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3277 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3278 			yyerror("expected yes or no.");
3279 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3280 		free($2);
3281 	}
3282 	;
3283 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3284 	{
3285 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3286 		free(cfg_parser->cfg->dnstap_identity);
3287 		cfg_parser->cfg->dnstap_identity = $2;
3288 	}
3289 	;
3290 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3291 	{
3292 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3293 		free(cfg_parser->cfg->dnstap_version);
3294 		cfg_parser->cfg->dnstap_version = $2;
3295 	}
3296 	;
3297 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3298 	{
3299 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3300 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3301 			yyerror("expected yes or no.");
3302 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3303 			(strcmp($2, "yes")==0);
3304 		free($2);
3305 	}
3306 	;
3307 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3308 	{
3309 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3310 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3311 			yyerror("expected yes or no.");
3312 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3313 			(strcmp($2, "yes")==0);
3314 		free($2);
3315 	}
3316 	;
3317 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3318 	{
3319 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3320 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3321 			yyerror("expected yes or no.");
3322 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3323 			(strcmp($2, "yes")==0);
3324 		free($2);
3325 	}
3326 	;
3327 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3328 	{
3329 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3330 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3331 			yyerror("expected yes or no.");
3332 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3333 			(strcmp($2, "yes")==0);
3334 		free($2);
3335 	}
3336 	;
3337 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3338 	{
3339 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3340 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3341 			yyerror("expected yes or no.");
3342 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3343 			(strcmp($2, "yes")==0);
3344 		free($2);
3345 	}
3346 	;
3347 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3348 	{
3349 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3350 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3351 			yyerror("expected yes or no.");
3352 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3353 			(strcmp($2, "yes")==0);
3354 		free($2);
3355 	}
3356 	;
3357 pythonstart: VAR_PYTHON
3358 	{
3359 		OUTYY(("\nP(python:)\n"));
3360 	}
3361 	;
3362 contents_py: contents_py content_py
3363 	| ;
3364 content_py: py_script
3365 	;
3366 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3367 	{
3368 		OUTYY(("P(python-script:%s)\n", $2));
3369 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3370 			yyerror("out of memory");
3371 	}
3372 dynlibstart: VAR_DYNLIB
3373 	{
3374 		OUTYY(("\nP(dynlib:)\n"));
3375 	}
3376 	;
3377 contents_dl: contents_dl content_dl
3378 	| ;
3379 content_dl: dl_file
3380 	;
3381 dl_file: VAR_DYNLIB_FILE STRING_ARG
3382 	{
3383 		OUTYY(("P(dynlib-file:%s)\n", $2));
3384 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3385 			yyerror("out of memory");
3386 	}
3387 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3388 	{
3389 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3390 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3391 			yyerror("expected yes or no.");
3392 		else cfg_parser->cfg->disable_dnssec_lame_check =
3393 			(strcmp($2, "yes")==0);
3394 		free($2);
3395 	}
3396 	;
3397 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3398 	{
3399 		OUTYY(("P(server_log_identity:%s)\n", $2));
3400 		free(cfg_parser->cfg->log_identity);
3401 		cfg_parser->cfg->log_identity = $2;
3402 	}
3403 	;
3404 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3405 	{
3406 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3407 		validate_respip_action($3);
3408 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3409 			$2, $3))
3410 			fatal_exit("out of memory adding response-ip");
3411 	}
3412 	;
3413 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3414 	{
3415 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3416 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3417 			$2, $3))
3418 			fatal_exit("out of memory adding response-ip-data");
3419 	}
3420 	;
3421 dnscstart: VAR_DNSCRYPT
3422 	{
3423 		OUTYY(("\nP(dnscrypt:)\n"));
3424 	}
3425 	;
3426 contents_dnsc: contents_dnsc content_dnsc
3427 	| ;
3428 content_dnsc:
3429 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3430 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3431 	dnsc_dnscrypt_provider_cert_rotated |
3432 	dnsc_dnscrypt_shared_secret_cache_size |
3433 	dnsc_dnscrypt_shared_secret_cache_slabs |
3434 	dnsc_dnscrypt_nonce_cache_size |
3435 	dnsc_dnscrypt_nonce_cache_slabs
3436 	;
3437 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3438 	{
3439 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3440 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3441 			yyerror("expected yes or no.");
3442 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3443 		free($2);
3444 	}
3445 	;
3446 
3447 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3448 	{
3449 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3450 		if(atoi($2) == 0)
3451 			yyerror("port number expected");
3452 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3453 		free($2);
3454 	}
3455 	;
3456 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3457 	{
3458 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3459 		free(cfg_parser->cfg->dnscrypt_provider);
3460 		cfg_parser->cfg->dnscrypt_provider = $2;
3461 	}
3462 	;
3463 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3464 	{
3465 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3466 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3467 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3468 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3469 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3470 	}
3471 	;
3472 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3473 	{
3474 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3475 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3476 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3477 	}
3478 	;
3479 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3480 	{
3481 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3482 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3483 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3484 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3485 			fatal_exit("out of memory adding dnscrypt-secret-key");
3486 	}
3487 	;
3488 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3489   {
3490 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3491 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3492 		yyerror("memory size expected");
3493 	free($2);
3494   }
3495   ;
3496 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3497   {
3498 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3499 	if(atoi($2) == 0) {
3500 		yyerror("number expected");
3501 	} else {
3502 		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3503 		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3504 			yyerror("must be a power of 2");
3505 	}
3506 	free($2);
3507   }
3508   ;
3509 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3510   {
3511 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3512 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3513 		yyerror("memory size expected");
3514 	free($2);
3515   }
3516   ;
3517 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3518   {
3519 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3520 	if(atoi($2) == 0) {
3521 		yyerror("number expected");
3522 	} else {
3523 		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3524 		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3525 			yyerror("must be a power of 2");
3526 	}
3527 	free($2);
3528   }
3529   ;
3530 cachedbstart: VAR_CACHEDB
3531 	{
3532 		OUTYY(("\nP(cachedb:)\n"));
3533 	}
3534 	;
3535 contents_cachedb: contents_cachedb content_cachedb
3536 	| ;
3537 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3538 	redis_server_host | redis_server_port | redis_timeout |
3539 	redis_expire_records
3540 	;
3541 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3542 	{
3543 	#ifdef USE_CACHEDB
3544 		OUTYY(("P(backend:%s)\n", $2));
3545 		free(cfg_parser->cfg->cachedb_backend);
3546 		cfg_parser->cfg->cachedb_backend = $2;
3547 	#else
3548 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3549 		free($2);
3550 	#endif
3551 	}
3552 	;
3553 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3554 	{
3555 	#ifdef USE_CACHEDB
3556 		OUTYY(("P(secret-seed:%s)\n", $2));
3557 		free(cfg_parser->cfg->cachedb_secret);
3558 		cfg_parser->cfg->cachedb_secret = $2;
3559 	#else
3560 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3561 		free($2);
3562 	#endif
3563 	}
3564 	;
3565 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3566 	{
3567 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3568 		OUTYY(("P(redis_server_host:%s)\n", $2));
3569 		free(cfg_parser->cfg->redis_server_host);
3570 		cfg_parser->cfg->redis_server_host = $2;
3571 	#else
3572 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3573 		free($2);
3574 	#endif
3575 	}
3576 	;
3577 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3578 	{
3579 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3580 		int port;
3581 		OUTYY(("P(redis_server_port:%s)\n", $2));
3582 		port = atoi($2);
3583 		if(port == 0 || port < 0 || port > 65535)
3584 			yyerror("valid redis server port number expected");
3585 		else cfg_parser->cfg->redis_server_port = port;
3586 	#else
3587 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3588 	#endif
3589 		free($2);
3590 	}
3591 	;
3592 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3593 	{
3594 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3595 		OUTYY(("P(redis_timeout:%s)\n", $2));
3596 		if(atoi($2) == 0)
3597 			yyerror("redis timeout value expected");
3598 		else cfg_parser->cfg->redis_timeout = atoi($2);
3599 	#else
3600 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3601 	#endif
3602 		free($2);
3603 	}
3604 	;
3605 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3606 	{
3607 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3608 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3609 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3610 			yyerror("expected yes or no.");
3611 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3612 	#else
3613 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3614 	#endif
3615 		free($2);
3616 	}
3617 	;
3618 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3619 	{
3620 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3621 		if (atoi($3) < 0)
3622 			yyerror("positive number expected");
3623 		else {
3624 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3625 				fatal_exit("out of memory adding tcp connection limit");
3626 		}
3627 	}
3628 	;
3629 	ipsetstart: VAR_IPSET
3630 		{
3631 			OUTYY(("\nP(ipset:)\n"));
3632 		}
3633 		;
3634 	contents_ipset: contents_ipset content_ipset
3635 		| ;
3636 	content_ipset: ipset_name_v4 | ipset_name_v6
3637 		;
3638 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3639 		{
3640 		#ifdef USE_IPSET
3641 			OUTYY(("P(name-v4:%s)\n", $2));
3642 			if(cfg_parser->cfg->ipset_name_v4)
3643 				yyerror("ipset name v4 override, there must be one "
3644 					"name for ip v4");
3645 			free(cfg_parser->cfg->ipset_name_v4);
3646 			cfg_parser->cfg->ipset_name_v4 = $2;
3647 		#else
3648 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3649 			free($2);
3650 		#endif
3651 		}
3652 	;
3653 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3654 	{
3655 		#ifdef USE_IPSET
3656 			OUTYY(("P(name-v6:%s)\n", $2));
3657 			if(cfg_parser->cfg->ipset_name_v6)
3658 				yyerror("ipset name v6 override, there must be one "
3659 					"name for ip v6");
3660 			free(cfg_parser->cfg->ipset_name_v6);
3661 			cfg_parser->cfg->ipset_name_v6 = $2;
3662 		#else
3663 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3664 			free($2);
3665 		#endif
3666 		}
3667 	;
3668 %%
3669 
3670 /* parse helper routines could be here */
3671 static void
3672 validate_respip_action(const char* action)
3673 {
3674 	if(strcmp(action, "deny")!=0 &&
3675 		strcmp(action, "redirect")!=0 &&
3676 		strcmp(action, "inform")!=0 &&
3677 		strcmp(action, "inform_deny")!=0 &&
3678 		strcmp(action, "always_transparent")!=0 &&
3679 		strcmp(action, "always_refuse")!=0 &&
3680 		strcmp(action, "always_nxdomain")!=0)
3681 	{
3682 		yyerror("response-ip action: expected deny, redirect, "
3683 			"inform, inform_deny, always_transparent, "
3684 			"always_refuse or always_nxdomain");
3685 	}
3686 }
3687 
3688 
3689