xref: /freebsd/contrib/unbound/util/configparser.y (revision 5e3190f700637fcfc1a52daeaa4a031fdd2557c7)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51 
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54 
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57 
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60 
61 #if 0
62 #define OUTYY(s)  printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66 
67 %}
68 %union {
69 	char*	str;
70 };
71 
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
141 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
142 %token VAR_IP_DSCP
143 %token VAR_DISABLE_DNSSEC_LAME_CHECK
144 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
145 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
146 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
147 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
148 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
149 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
150 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
151 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
152 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
153 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
154 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
155 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
156 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
157 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
158 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
159 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
160 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
161 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
162 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
163 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
164 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
165 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
166 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
167 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
168 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
169 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
170 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
171 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
172 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
173 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
174 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
175 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
176 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
177 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
178 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
179 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
180 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
181 %token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
182 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
183 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
184 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
185 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
186 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
187 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
188 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
189 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
190 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
191 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
192 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
193 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
194 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
195 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
196 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
197 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
198 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
199 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
200 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
201 %token VAR_HARDEN_UNKNOWN_ADDITIONAL
202 
203 %%
204 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
205 toplevelvar: serverstart contents_server | stubstart contents_stub |
206 	forwardstart contents_forward | pythonstart contents_py |
207 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
208 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
209 	ipsetstart contents_ipset | authstart contents_auth |
210 	rpzstart contents_rpz | dynlibstart contents_dl |
211 	force_toplevel
212 	;
213 force_toplevel: VAR_FORCE_TOPLEVEL
214 	{
215 		OUTYY(("\nP(force-toplevel)\n"));
216 		cfg_parser->started_toplevel = 0;
217 	}
218 	;
219 /* server: declaration */
220 serverstart: VAR_SERVER
221 	{
222 		OUTYY(("\nP(server:)\n"));
223 		cfg_parser->started_toplevel = 1;
224 	}
225 	;
226 contents_server: contents_server content_server
227 	| ;
228 content_server: server_num_threads | server_verbosity | server_port |
229 	server_outgoing_range | server_do_ip4 |
230 	server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
231 	server_prefer_ip6 | server_do_udp | server_do_tcp |
232 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
233 	server_tcp_keepalive | server_tcp_keepalive_timeout |
234 	server_sock_queue_timeout |
235 	server_interface | server_chroot | server_username |
236 	server_directory | server_logfile | server_pidfile |
237 	server_msg_cache_size | server_msg_cache_slabs |
238 	server_num_queries_per_thread | server_rrset_cache_size |
239 	server_rrset_cache_slabs | server_outgoing_num_tcp |
240 	server_infra_host_ttl | server_infra_lame_ttl |
241 	server_infra_cache_slabs | server_infra_cache_numhosts |
242 	server_infra_cache_lame_size | server_target_fetch_policy |
243 	server_harden_short_bufsize | server_harden_large_queries |
244 	server_do_not_query_address | server_hide_identity |
245 	server_hide_version | server_identity | server_version |
246 	server_hide_http_user_agent | server_http_user_agent |
247 	server_harden_glue | server_module_conf | server_trust_anchor_file |
248 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
249 	server_val_clean_additional | server_val_permissive_mode |
250 	server_incoming_num_tcp | server_msg_buffer_size |
251 	server_key_cache_size | server_key_cache_slabs |
252 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
253 	server_use_syslog | server_outgoing_interface | server_root_hints |
254 	server_do_not_query_localhost | server_cache_max_ttl |
255 	server_harden_dnssec_stripped | server_access_control |
256 	server_local_zone | server_local_data | server_interface_automatic |
257 	server_statistics_interval | server_do_daemonize |
258 	server_use_caps_for_id | server_statistics_cumulative |
259 	server_outgoing_port_permit | server_outgoing_port_avoid |
260 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
261 	server_harden_referral_path | server_private_address |
262 	server_private_domain | server_extended_statistics |
263 	server_local_data_ptr | server_jostle_timeout |
264 	server_unwanted_reply_threshold | server_log_time_ascii |
265 	server_domain_insecure | server_val_sig_skew_min |
266 	server_val_sig_skew_max | server_val_max_restart |
267 	server_cache_min_ttl | server_val_log_level |
268 	server_auto_trust_anchor_file |	server_add_holddown |
269 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
270 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
271 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
272 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
273 	server_log_local_actions |
274 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
275 	server_https_port | server_http_endpoint | server_http_max_streams |
276 	server_http_query_buffer_size | server_http_response_buffer_size |
277 	server_http_nodelay | server_http_notls_downstream |
278 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
279 	server_so_reuseport | server_delay_close | server_udp_connect |
280 	server_unblock_lan_zones | server_insecure_lan_zones |
281 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
282 	server_nat64_prefix |
283 	server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
284 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
285 	server_ip_dscp | server_infra_keep_probing |
286 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
287 	server_ip_ratelimit_size | server_ratelimit_size |
288 	server_ratelimit_for_domain |
289 	server_ratelimit_below_domain | server_ratelimit_factor |
290 	server_ip_ratelimit_factor | server_ratelimit_backoff |
291 	server_ip_ratelimit_backoff | server_outbound_msg_retry |
292 	server_max_sent_count | server_max_query_restarts |
293 	server_send_client_subnet | server_client_subnet_zone |
294 	server_client_subnet_always_forward | server_client_subnet_opcode |
295 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
296 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
297 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
298 	server_caps_whitelist | server_cache_max_negative_ttl |
299 	server_permit_small_holddown | server_qname_minimisation |
300 	server_ip_freebind | server_define_tag | server_local_zone_tag |
301 	server_disable_dnssec_lame_check | server_access_control_tag |
302 	server_local_zone_override | server_access_control_tag_action |
303 	server_access_control_tag_data | server_access_control_view |
304 	server_interface_action | server_interface_view | server_interface_tag |
305 	server_interface_tag_action | server_interface_tag_data |
306 	server_qname_minimisation_strict |
307 	server_pad_responses | server_pad_responses_block_size |
308 	server_pad_queries | server_pad_queries_block_size |
309 	server_serve_expired |
310 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
311 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
312 	server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
313 	server_log_identity | server_use_systemd |
314 	server_response_ip_tag | server_response_ip | server_response_ip_data |
315 	server_shm_enable | server_shm_key | server_fake_sha1 |
316 	server_hide_trustanchor | server_trust_anchor_signaling |
317 	server_root_key_sentinel |
318 	server_ipsecmod_enabled | server_ipsecmod_hook |
319 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
320 	server_ipsecmod_whitelist | server_ipsecmod_strict |
321 	server_udp_upstream_without_downstream | server_aggressive_nsec |
322 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
323 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
324 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
325 	server_unknown_server_time_limit | server_log_tag_queryreply |
326 	server_stream_wait_size | server_tls_ciphers |
327 	server_tls_ciphersuites | server_tls_session_ticket_keys |
328 	server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
329 	server_tls_use_sni | server_edns_client_string |
330 	server_edns_client_string_opcode | server_nsid |
331 	server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
332 	server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
333 	server_interface_automatic_ports | server_ede |
334 	server_proxy_protocol_port | server_statistics_inhibit_zero |
335 	server_harden_unknown_additional
336 	;
337 stubstart: VAR_STUB_ZONE
338 	{
339 		struct config_stub* s;
340 		OUTYY(("\nP(stub_zone:)\n"));
341 		cfg_parser->started_toplevel = 1;
342 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
343 		if(s) {
344 			s->next = cfg_parser->cfg->stubs;
345 			cfg_parser->cfg->stubs = s;
346 		} else {
347 			yyerror("out of memory");
348 		}
349 	}
350 	;
351 contents_stub: contents_stub content_stub
352 	| ;
353 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
354 	stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
355 	;
356 forwardstart: VAR_FORWARD_ZONE
357 	{
358 		struct config_stub* s;
359 		OUTYY(("\nP(forward_zone:)\n"));
360 		cfg_parser->started_toplevel = 1;
361 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
362 		if(s) {
363 			s->next = cfg_parser->cfg->forwards;
364 			cfg_parser->cfg->forwards = s;
365 		} else {
366 			yyerror("out of memory");
367 		}
368 	}
369 	;
370 contents_forward: contents_forward content_forward
371 	| ;
372 content_forward: forward_name | forward_host | forward_addr | forward_first |
373 	forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
374 	;
375 viewstart: VAR_VIEW
376 	{
377 		struct config_view* s;
378 		OUTYY(("\nP(view:)\n"));
379 		cfg_parser->started_toplevel = 1;
380 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
381 		if(s) {
382 			s->next = cfg_parser->cfg->views;
383 			if(s->next && !s->next->name)
384 				yyerror("view without name");
385 			cfg_parser->cfg->views = s;
386 		} else {
387 			yyerror("out of memory");
388 		}
389 	}
390 	;
391 contents_view: contents_view content_view
392 	| ;
393 content_view: view_name | view_local_zone | view_local_data | view_first |
394 		view_response_ip | view_response_ip_data | view_local_data_ptr
395 	;
396 authstart: VAR_AUTH_ZONE
397 	{
398 		struct config_auth* s;
399 		OUTYY(("\nP(auth_zone:)\n"));
400 		cfg_parser->started_toplevel = 1;
401 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
402 		if(s) {
403 			s->next = cfg_parser->cfg->auths;
404 			cfg_parser->cfg->auths = s;
405 			/* defaults for auth zone */
406 			s->for_downstream = 1;
407 			s->for_upstream = 1;
408 			s->fallback_enabled = 0;
409 			s->zonemd_check = 0;
410 			s->zonemd_reject_absence = 0;
411 			s->isrpz = 0;
412 		} else {
413 			yyerror("out of memory");
414 		}
415 	}
416 	;
417 contents_auth: contents_auth content_auth
418 	| ;
419 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
420 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
421 	auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
422 	;
423 
424 rpz_tag: VAR_TAGS STRING_ARG
425 	{
426 		uint8_t* bitlist;
427 		size_t len = 0;
428 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
429 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
430 			&len);
431 		free($2);
432 		if(!bitlist) {
433 			yyerror("could not parse tags, (define-tag them first)");
434 		}
435 		if(bitlist) {
436 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
437 			cfg_parser->cfg->auths->rpz_taglistlen = len;
438 
439 		}
440 	}
441 	;
442 
443 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
444 	{
445 		OUTYY(("P(rpz_action_override:%s)\n", $2));
446 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
447 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
448 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
449 			yyerror("rpz-action-override action: expected nxdomain, "
450 				"nodata, passthru, drop, cname or disabled");
451 			free($2);
452 			cfg_parser->cfg->auths->rpz_action_override = NULL;
453 		}
454 		else {
455 			cfg_parser->cfg->auths->rpz_action_override = $2;
456 		}
457 	}
458 	;
459 
460 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
461 	{
462 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
463 		free(cfg_parser->cfg->auths->rpz_cname);
464 		cfg_parser->cfg->auths->rpz_cname = $2;
465 	}
466 	;
467 
468 rpz_log: VAR_RPZ_LOG STRING_ARG
469 	{
470 		OUTYY(("P(rpz_log:%s)\n", $2));
471 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
472 			yyerror("expected yes or no.");
473 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
474 		free($2);
475 	}
476 	;
477 
478 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
479 	{
480 		OUTYY(("P(rpz_log_name:%s)\n", $2));
481 		free(cfg_parser->cfg->auths->rpz_log_name);
482 		cfg_parser->cfg->auths->rpz_log_name = $2;
483 	}
484 	;
485 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
486 	{
487 		OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
488 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
489 			yyerror("expected yes or no.");
490 		else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
491 		free($2);
492 	}
493 	;
494 
495 rpzstart: VAR_RPZ
496 	{
497 		struct config_auth* s;
498 		OUTYY(("\nP(rpz:)\n"));
499 		cfg_parser->started_toplevel = 1;
500 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
501 		if(s) {
502 			s->next = cfg_parser->cfg->auths;
503 			cfg_parser->cfg->auths = s;
504 			/* defaults for RPZ auth zone */
505 			s->for_downstream = 0;
506 			s->for_upstream = 0;
507 			s->fallback_enabled = 0;
508 			s->isrpz = 1;
509 		} else {
510 			yyerror("out of memory");
511 		}
512 	}
513 	;
514 contents_rpz: contents_rpz content_rpz
515 	| ;
516 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
517 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
518 	   rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
519 	;
520 server_num_threads: VAR_NUM_THREADS STRING_ARG
521 	{
522 		OUTYY(("P(server_num_threads:%s)\n", $2));
523 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
524 			yyerror("number expected");
525 		else cfg_parser->cfg->num_threads = atoi($2);
526 		free($2);
527 	}
528 	;
529 server_verbosity: VAR_VERBOSITY STRING_ARG
530 	{
531 		OUTYY(("P(server_verbosity:%s)\n", $2));
532 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
533 			yyerror("number expected");
534 		else cfg_parser->cfg->verbosity = atoi($2);
535 		free($2);
536 	}
537 	;
538 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
539 	{
540 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
541 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
542 			cfg_parser->cfg->stat_interval = 0;
543 		else if(atoi($2) == 0)
544 			yyerror("number expected");
545 		else cfg_parser->cfg->stat_interval = atoi($2);
546 		free($2);
547 	}
548 	;
549 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
550 	{
551 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
552 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
553 			yyerror("expected yes or no.");
554 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
555 		free($2);
556 	}
557 	;
558 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
559 	{
560 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
561 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
562 			yyerror("expected yes or no.");
563 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
564 		free($2);
565 	}
566 	;
567 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
568 	{
569 		OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
570 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
571 			yyerror("expected yes or no.");
572 		else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
573 		free($2);
574 	}
575 	;
576 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
577 	{
578 		OUTYY(("P(server_shm_enable:%s)\n", $2));
579 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
580 			yyerror("expected yes or no.");
581 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
582 		free($2);
583 	}
584 	;
585 server_shm_key: VAR_SHM_KEY STRING_ARG
586 	{
587 		OUTYY(("P(server_shm_key:%s)\n", $2));
588 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
589 			cfg_parser->cfg->shm_key = 0;
590 		else if(atoi($2) == 0)
591 			yyerror("number expected");
592 		else cfg_parser->cfg->shm_key = atoi($2);
593 		free($2);
594 	}
595 	;
596 server_port: VAR_PORT STRING_ARG
597 	{
598 		OUTYY(("P(server_port:%s)\n", $2));
599 		if(atoi($2) == 0)
600 			yyerror("port number expected");
601 		else cfg_parser->cfg->port = atoi($2);
602 		free($2);
603 	}
604 	;
605 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
606 	{
607 	#ifdef CLIENT_SUBNET
608 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
609 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
610 			fatal_exit("out of memory adding client-subnet");
611 	#else
612 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
613 		free($2);
614 	#endif
615 	}
616 	;
617 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
618 	{
619 	#ifdef CLIENT_SUBNET
620 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
621 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
622 			$2))
623 			fatal_exit("out of memory adding client-subnet-zone");
624 	#else
625 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
626 		free($2);
627 	#endif
628 	}
629 	;
630 server_client_subnet_always_forward:
631 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
632 	{
633 	#ifdef CLIENT_SUBNET
634 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
635 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
636 			yyerror("expected yes or no.");
637 		else
638 			cfg_parser->cfg->client_subnet_always_forward =
639 				(strcmp($2, "yes")==0);
640 	#else
641 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
642 	#endif
643 		free($2);
644 	}
645 	;
646 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
647 	{
648 	#ifdef CLIENT_SUBNET
649 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
650 		OUTYY(("P(Deprecated option, ignoring)\n"));
651 	#else
652 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
653 	#endif
654 		free($2);
655 	}
656 	;
657 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
658 	{
659 	#ifdef CLIENT_SUBNET
660 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
661 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
662 			yyerror("IPv4 subnet length expected");
663 		else if (atoi($2) > 32)
664 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
665 		else if (atoi($2) < 0)
666 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
667 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
668 	#else
669 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
670 	#endif
671 		free($2);
672 	}
673 	;
674 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
675 	{
676 	#ifdef CLIENT_SUBNET
677 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
678 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
679 			yyerror("Ipv6 subnet length expected");
680 		else if (atoi($2) > 128)
681 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
682 		else if (atoi($2) < 0)
683 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
684 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
685 	#else
686 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
687 	#endif
688 		free($2);
689 	}
690 	;
691 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
692 	{
693 	#ifdef CLIENT_SUBNET
694 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
695 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
696 			yyerror("IPv4 subnet length expected");
697 		else if (atoi($2) > 32)
698 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
699 		else if (atoi($2) < 0)
700 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
701 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
702 	#else
703 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
704 	#endif
705 		free($2);
706 	}
707 	;
708 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
709 	{
710 	#ifdef CLIENT_SUBNET
711 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
712 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
713 			yyerror("Ipv6 subnet length expected");
714 		else if (atoi($2) > 128)
715 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
716 		else if (atoi($2) < 0)
717 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
718 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
719 	#else
720 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
721 	#endif
722 		free($2);
723 	}
724 	;
725 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
726 	{
727 	#ifdef CLIENT_SUBNET
728 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
729 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
730 			yyerror("IPv4 ECS tree size expected");
731 		else if (atoi($2) < 0)
732 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
733 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
734 	#else
735 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
736 	#endif
737 		free($2);
738 	}
739 	;
740 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
741 	{
742 	#ifdef CLIENT_SUBNET
743 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
744 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
745 			yyerror("IPv6 ECS tree size expected");
746 		else if (atoi($2) < 0)
747 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
748 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
749 	#else
750 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
751 	#endif
752 		free($2);
753 	}
754 	;
755 server_interface: VAR_INTERFACE STRING_ARG
756 	{
757 		OUTYY(("P(server_interface:%s)\n", $2));
758 		if(cfg_parser->cfg->num_ifs == 0)
759 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
760 		else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
761 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
762 		if(!cfg_parser->cfg->ifs)
763 			yyerror("out of memory");
764 		else
765 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
766 	}
767 	;
768 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
769 	{
770 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
771 		if(cfg_parser->cfg->num_out_ifs == 0)
772 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
773 		else cfg_parser->cfg->out_ifs = realloc(
774 			cfg_parser->cfg->out_ifs,
775 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
776 		if(!cfg_parser->cfg->out_ifs)
777 			yyerror("out of memory");
778 		else
779 			cfg_parser->cfg->out_ifs[
780 				cfg_parser->cfg->num_out_ifs++] = $2;
781 	}
782 	;
783 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
784 	{
785 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
786 		if(atoi($2) == 0)
787 			yyerror("number expected");
788 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
789 		free($2);
790 	}
791 	;
792 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
793 	{
794 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
795 		if(!cfg_mark_ports($2, 1,
796 			cfg_parser->cfg->outgoing_avail_ports, 65536))
797 			yyerror("port number or range (\"low-high\") expected");
798 		free($2);
799 	}
800 	;
801 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
802 	{
803 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
804 		if(!cfg_mark_ports($2, 0,
805 			cfg_parser->cfg->outgoing_avail_ports, 65536))
806 			yyerror("port number or range (\"low-high\") expected");
807 		free($2);
808 	}
809 	;
810 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
811 	{
812 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
813 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
814 			yyerror("number expected");
815 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
816 		free($2);
817 	}
818 	;
819 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
820 	{
821 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
822 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
823 			yyerror("number expected");
824 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
825 		free($2);
826 	}
827 	;
828 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
829 	{
830 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
831 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
832 			yyerror("expected yes or no.");
833 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
834 		free($2);
835 	}
836 	;
837 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
838 	{
839 		OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
840 		free(cfg_parser->cfg->if_automatic_ports);
841 		cfg_parser->cfg->if_automatic_ports = $2;
842 	}
843 	;
844 server_do_ip4: VAR_DO_IP4 STRING_ARG
845 	{
846 		OUTYY(("P(server_do_ip4:%s)\n", $2));
847 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
848 			yyerror("expected yes or no.");
849 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
850 		free($2);
851 	}
852 	;
853 server_do_ip6: VAR_DO_IP6 STRING_ARG
854 	{
855 		OUTYY(("P(server_do_ip6:%s)\n", $2));
856 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
857 			yyerror("expected yes or no.");
858 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
859 		free($2);
860 	}
861 	;
862 server_do_nat64: VAR_DO_NAT64 STRING_ARG
863 	{
864 		OUTYY(("P(server_do_nat64:%s)\n", $2));
865 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
866 			yyerror("expected yes or no.");
867 		else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
868 		free($2);
869 	}
870 	;
871 server_do_udp: VAR_DO_UDP STRING_ARG
872 	{
873 		OUTYY(("P(server_do_udp:%s)\n", $2));
874 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
875 			yyerror("expected yes or no.");
876 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
877 		free($2);
878 	}
879 	;
880 server_do_tcp: VAR_DO_TCP STRING_ARG
881 	{
882 		OUTYY(("P(server_do_tcp:%s)\n", $2));
883 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
884 			yyerror("expected yes or no.");
885 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
886 		free($2);
887 	}
888 	;
889 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
890 	{
891 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
892 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
893 			yyerror("expected yes or no.");
894 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
895 		free($2);
896 	}
897 	;
898 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
899 	{
900 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
901 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
902 			yyerror("expected yes or no.");
903 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
904 		free($2);
905 	}
906 	;
907 server_tcp_mss: VAR_TCP_MSS STRING_ARG
908 	{
909 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
910 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
911 				yyerror("number expected");
912 		else cfg_parser->cfg->tcp_mss = atoi($2);
913 		free($2);
914 	}
915 	;
916 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
917 	{
918 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
919 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
920 			yyerror("number expected");
921 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
922 		free($2);
923 	}
924 	;
925 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
926 	{
927 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
928 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
929 			yyerror("number expected");
930 		else if (atoi($2) > 120000)
931 			cfg_parser->cfg->tcp_idle_timeout = 120000;
932 		else if (atoi($2) < 1)
933 			cfg_parser->cfg->tcp_idle_timeout = 1;
934 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
935 		free($2);
936 	}
937 	;
938 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
939 	{
940 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
941 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
942 			yyerror("number expected");
943 		else if (atoi($2) < 1)
944 			cfg_parser->cfg->max_reuse_tcp_queries = 0;
945 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
946 		free($2);
947 	}
948 	;
949 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
950 	{
951 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
952 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
953 			yyerror("number expected");
954 		else if (atoi($2) < 1)
955 			cfg_parser->cfg->tcp_reuse_timeout = 0;
956 		else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
957 		free($2);
958 	}
959 	;
960 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
961 	{
962 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
963 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
964 			yyerror("number expected");
965 		else if (atoi($2) < 1)
966 			cfg_parser->cfg->tcp_auth_query_timeout = 0;
967 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
968 		free($2);
969 	}
970 	;
971 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
972 	{
973 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
974 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
975 			yyerror("expected yes or no.");
976 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
977 		free($2);
978 	}
979 	;
980 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
981 	{
982 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
983 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
984 			yyerror("number expected");
985 		else if (atoi($2) > 6553500)
986 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
987 		else if (atoi($2) < 1)
988 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
989 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
990 		free($2);
991 	}
992 	;
993 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
994 	{
995 		OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
996 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
997 			yyerror("number expected");
998 		else if (atoi($2) > 6553500)
999 			cfg_parser->cfg->sock_queue_timeout = 6553500;
1000 		else if (atoi($2) < 1)
1001 			cfg_parser->cfg->sock_queue_timeout = 0;
1002 		else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1003 		free($2);
1004 	}
1005 	;
1006 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1007 	{
1008 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1009 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1010 			yyerror("expected yes or no.");
1011 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1012 		free($2);
1013 	}
1014 	;
1015 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1016 	{
1017 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1018 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1019 			yyerror("expected yes or no.");
1020 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1021 		free($2);
1022 	}
1023 	;
1024 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1025 	{
1026 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1027 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1028 			yyerror("expected yes or no.");
1029 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1030 		free($2);
1031 	}
1032 	;
1033 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1034 	{
1035 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1036 		free(cfg_parser->cfg->ssl_service_key);
1037 		cfg_parser->cfg->ssl_service_key = $2;
1038 	}
1039 	;
1040 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1041 	{
1042 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1043 		free(cfg_parser->cfg->ssl_service_pem);
1044 		cfg_parser->cfg->ssl_service_pem = $2;
1045 	}
1046 	;
1047 server_ssl_port: VAR_SSL_PORT STRING_ARG
1048 	{
1049 		OUTYY(("P(server_ssl_port:%s)\n", $2));
1050 		if(atoi($2) == 0)
1051 			yyerror("port number expected");
1052 		else cfg_parser->cfg->ssl_port = atoi($2);
1053 		free($2);
1054 	}
1055 	;
1056 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1057 	{
1058 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1059 		free(cfg_parser->cfg->tls_cert_bundle);
1060 		cfg_parser->cfg->tls_cert_bundle = $2;
1061 	}
1062 	;
1063 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1064 	{
1065 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1066 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1067 			yyerror("expected yes or no.");
1068 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1069 		free($2);
1070 	}
1071 	;
1072 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1073 	{
1074 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1075 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1076 			$2))
1077 			yyerror("out of memory");
1078 	}
1079 	;
1080 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1081 	{
1082 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1083 		free(cfg_parser->cfg->tls_ciphers);
1084 		cfg_parser->cfg->tls_ciphers = $2;
1085 	}
1086 	;
1087 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1088 	{
1089 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1090 		free(cfg_parser->cfg->tls_ciphersuites);
1091 		cfg_parser->cfg->tls_ciphersuites = $2;
1092 	}
1093 	;
1094 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1095 	{
1096 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1097 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1098 			$2))
1099 			yyerror("out of memory");
1100 	}
1101 	;
1102 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1103 	{
1104 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1105 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1106 			yyerror("expected yes or no.");
1107 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1108 		free($2);
1109 	}
1110 	;
1111 server_https_port: VAR_HTTPS_PORT STRING_ARG
1112 	{
1113 		OUTYY(("P(server_https_port:%s)\n", $2));
1114 		if(atoi($2) == 0)
1115 			yyerror("port number expected");
1116 		else cfg_parser->cfg->https_port = atoi($2);
1117 		free($2);
1118 	};
1119 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1120 	{
1121 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
1122 		free(cfg_parser->cfg->http_endpoint);
1123 		if($2 && $2[0] != '/') {
1124 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1125 			if(!cfg_parser->cfg->http_endpoint)
1126 				yyerror("out of memory");
1127 			cfg_parser->cfg->http_endpoint[0] = '/';
1128 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
1129 				strlen($2)+1);
1130 			free($2);
1131 		} else {
1132 			cfg_parser->cfg->http_endpoint = $2;
1133 		}
1134 	};
1135 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1136 	{
1137 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1138 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1139 			yyerror("number expected");
1140 		else cfg_parser->cfg->http_max_streams = atoi($2);
1141 		free($2);
1142 	};
1143 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1144 	{
1145 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1146 		if(!cfg_parse_memsize($2,
1147 			&cfg_parser->cfg->http_query_buffer_size))
1148 			yyerror("memory size expected");
1149 		free($2);
1150 	};
1151 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1152 	{
1153 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1154 		if(!cfg_parse_memsize($2,
1155 			&cfg_parser->cfg->http_response_buffer_size))
1156 			yyerror("memory size expected");
1157 		free($2);
1158 	};
1159 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1160 	{
1161 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1162 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1163 			yyerror("expected yes or no.");
1164 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1165 		free($2);
1166 	};
1167 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1168 	{
1169 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1170 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1171 			yyerror("expected yes or no.");
1172 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1173 		free($2);
1174 	};
1175 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1176 	{
1177 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1178 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1179 			yyerror("expected yes or no.");
1180 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1181 		free($2);
1182 	}
1183 	;
1184 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1185 	{
1186 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1187 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1188 			yyerror("expected yes or no.");
1189 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1190 		free($2);
1191 	}
1192 	;
1193 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1194 	{
1195 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1196 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1197 			yyerror("expected yes or no.");
1198 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1199 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1200 		if(strcmp($2, "yes") == 0)
1201 			yyerror("no syslog services are available. "
1202 				"(reconfigure and compile to add)");
1203 #endif
1204 		free($2);
1205 	}
1206 	;
1207 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1208 	{
1209 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1210 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1211 			yyerror("expected yes or no.");
1212 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1213 		free($2);
1214 	}
1215 	;
1216 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1217 	{
1218 		OUTYY(("P(server_log_queries:%s)\n", $2));
1219 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1220 			yyerror("expected yes or no.");
1221 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1222 		free($2);
1223 	}
1224 	;
1225 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1226 	{
1227 		OUTYY(("P(server_log_replies:%s)\n", $2));
1228 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1229 			yyerror("expected yes or no.");
1230 		else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1231 		free($2);
1232 	}
1233 	;
1234 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1235 	{
1236 		OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1237 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1238 			yyerror("expected yes or no.");
1239 		else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1240 		free($2);
1241 	}
1242 	;
1243 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1244 	{
1245 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1246 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1247 			yyerror("expected yes or no.");
1248 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1249 		free($2);
1250 	}
1251 	;
1252 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1253 	{
1254 		OUTYY(("P(server_log_local_actions:%s)\n", $2));
1255 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1256 			yyerror("expected yes or no.");
1257 		else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1258 		free($2);
1259 	}
1260 	;
1261 server_chroot: VAR_CHROOT STRING_ARG
1262 	{
1263 		OUTYY(("P(server_chroot:%s)\n", $2));
1264 		free(cfg_parser->cfg->chrootdir);
1265 		cfg_parser->cfg->chrootdir = $2;
1266 	}
1267 	;
1268 server_username: VAR_USERNAME STRING_ARG
1269 	{
1270 		OUTYY(("P(server_username:%s)\n", $2));
1271 		free(cfg_parser->cfg->username);
1272 		cfg_parser->cfg->username = $2;
1273 	}
1274 	;
1275 server_directory: VAR_DIRECTORY STRING_ARG
1276 	{
1277 		OUTYY(("P(server_directory:%s)\n", $2));
1278 		free(cfg_parser->cfg->directory);
1279 		cfg_parser->cfg->directory = $2;
1280 		/* change there right away for includes relative to this */
1281 		if($2[0]) {
1282 			char* d;
1283 #ifdef UB_ON_WINDOWS
1284 			w_config_adjust_directory(cfg_parser->cfg);
1285 #endif
1286 			d = cfg_parser->cfg->directory;
1287 			/* adjust directory if we have already chroot,
1288 			 * like, we reread after sighup */
1289 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1290 				strncmp(d, cfg_parser->chroot, strlen(
1291 				cfg_parser->chroot)) == 0)
1292 				d += strlen(cfg_parser->chroot);
1293 			if(d[0]) {
1294 				if(chdir(d))
1295 				log_err("cannot chdir to directory: %s (%s)",
1296 					d, strerror(errno));
1297 			}
1298 		}
1299 	}
1300 	;
1301 server_logfile: VAR_LOGFILE STRING_ARG
1302 	{
1303 		OUTYY(("P(server_logfile:%s)\n", $2));
1304 		free(cfg_parser->cfg->logfile);
1305 		cfg_parser->cfg->logfile = $2;
1306 		cfg_parser->cfg->use_syslog = 0;
1307 	}
1308 	;
1309 server_pidfile: VAR_PIDFILE STRING_ARG
1310 	{
1311 		OUTYY(("P(server_pidfile:%s)\n", $2));
1312 		free(cfg_parser->cfg->pidfile);
1313 		cfg_parser->cfg->pidfile = $2;
1314 	}
1315 	;
1316 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1317 	{
1318 		OUTYY(("P(server_root_hints:%s)\n", $2));
1319 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1320 			yyerror("out of memory");
1321 	}
1322 	;
1323 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1324 	{
1325 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1326 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1327 		free($2);
1328 	}
1329 	;
1330 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1331 	{
1332 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1333 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1334 		free($2);
1335 	}
1336 	;
1337 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1338 	{
1339 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1340 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1341 			auto_trust_anchor_file_list, $2))
1342 			yyerror("out of memory");
1343 	}
1344 	;
1345 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1346 	{
1347 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1348 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1349 			trust_anchor_file_list, $2))
1350 			yyerror("out of memory");
1351 	}
1352 	;
1353 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1354 	{
1355 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1356 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1357 			trusted_keys_file_list, $2))
1358 			yyerror("out of memory");
1359 	}
1360 	;
1361 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1362 	{
1363 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1364 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1365 			yyerror("out of memory");
1366 	}
1367 	;
1368 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1369 	{
1370 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1371 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1372 			yyerror("expected yes or no.");
1373 		else
1374 			cfg_parser->cfg->trust_anchor_signaling =
1375 				(strcmp($2, "yes")==0);
1376 		free($2);
1377 	}
1378 	;
1379 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1380 	{
1381 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1382 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1383 			yyerror("expected yes or no.");
1384 		else
1385 			cfg_parser->cfg->root_key_sentinel =
1386 				(strcmp($2, "yes")==0);
1387 		free($2);
1388 	}
1389 	;
1390 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1391 	{
1392 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1393 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1394 			yyerror("out of memory");
1395 	}
1396 	;
1397 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1398 	{
1399 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1400 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1401 			yyerror("expected yes or no.");
1402 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1403 		free($2);
1404 	}
1405 	;
1406 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1407 	{
1408 		OUTYY(("P(server_hide_version:%s)\n", $2));
1409 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1410 			yyerror("expected yes or no.");
1411 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1412 		free($2);
1413 	}
1414 	;
1415 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1416 	{
1417 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1418 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1419 			yyerror("expected yes or no.");
1420 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1421 		free($2);
1422 	}
1423 	;
1424 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1425 	{
1426 		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1427 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1428 			yyerror("expected yes or no.");
1429 		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1430 		free($2);
1431 	}
1432 	;
1433 server_identity: VAR_IDENTITY STRING_ARG
1434 	{
1435 		OUTYY(("P(server_identity:%s)\n", $2));
1436 		free(cfg_parser->cfg->identity);
1437 		cfg_parser->cfg->identity = $2;
1438 	}
1439 	;
1440 server_version: VAR_VERSION STRING_ARG
1441 	{
1442 		OUTYY(("P(server_version:%s)\n", $2));
1443 		free(cfg_parser->cfg->version);
1444 		cfg_parser->cfg->version = $2;
1445 	}
1446 	;
1447 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1448 	{
1449 		OUTYY(("P(server_http_user_agent:%s)\n", $2));
1450 		free(cfg_parser->cfg->http_user_agent);
1451 		cfg_parser->cfg->http_user_agent = $2;
1452 	}
1453 	;
1454 server_nsid: VAR_NSID STRING_ARG
1455 	{
1456 		OUTYY(("P(server_nsid:%s)\n", $2));
1457 		free(cfg_parser->cfg->nsid_cfg_str);
1458 		cfg_parser->cfg->nsid_cfg_str = $2;
1459 		free(cfg_parser->cfg->nsid);
1460 		cfg_parser->cfg->nsid = NULL;
1461 		cfg_parser->cfg->nsid_len = 0;
1462 		if (*$2 == 0)
1463 			; /* pass; empty string is not setting nsid */
1464 		else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1465 					$2, &cfg_parser->cfg->nsid_len)))
1466 			yyerror("the NSID must be either a hex string or an "
1467 			    "ascii character string prepended with ascii_.");
1468 	}
1469 	;
1470 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1471 	{
1472 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1473 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1474 			yyerror("buffer size expected");
1475 		free($2);
1476 	}
1477 	;
1478 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1479 	{
1480 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1481 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1482 			yyerror("buffer size expected");
1483 		free($2);
1484 	}
1485 	;
1486 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1487 	{
1488 		OUTYY(("P(server_so_reuseport:%s)\n", $2));
1489 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1490 			yyerror("expected yes or no.");
1491 		else cfg_parser->cfg->so_reuseport =
1492 			(strcmp($2, "yes")==0);
1493 		free($2);
1494 	}
1495 	;
1496 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1497 	{
1498 		OUTYY(("P(server_ip_transparent:%s)\n", $2));
1499 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1500 			yyerror("expected yes or no.");
1501 		else cfg_parser->cfg->ip_transparent =
1502 			(strcmp($2, "yes")==0);
1503 		free($2);
1504 	}
1505 	;
1506 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1507 	{
1508 		OUTYY(("P(server_ip_freebind:%s)\n", $2));
1509 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1510 			yyerror("expected yes or no.");
1511 		else cfg_parser->cfg->ip_freebind =
1512 			(strcmp($2, "yes")==0);
1513 		free($2);
1514 	}
1515 	;
1516 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1517 	{
1518 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1519 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1520 			yyerror("number expected");
1521 		else if (atoi($2) > 63)
1522 			yyerror("value too large (max 63)");
1523 		else if (atoi($2) < 0)
1524 			yyerror("value too small (min 0)");
1525 		else
1526 			cfg_parser->cfg->ip_dscp = atoi($2);
1527 		free($2);
1528 	}
1529 	;
1530 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1531 	{
1532 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1533 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1534 			yyerror("memory size expected");
1535 		free($2);
1536 	}
1537 	;
1538 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1539 	{
1540 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1541 		if(atoi($2) == 0)
1542 			yyerror("number expected");
1543 		else if (atoi($2) < 12)
1544 			yyerror("edns buffer size too small");
1545 		else if (atoi($2) > 65535)
1546 			cfg_parser->cfg->edns_buffer_size = 65535;
1547 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1548 		free($2);
1549 	}
1550 	;
1551 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1552 	{
1553 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1554 		if(atoi($2) == 0)
1555 			yyerror("number expected");
1556 		else if (atoi($2) < 4096)
1557 			yyerror("message buffer size too small (use 4096)");
1558 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1559 		free($2);
1560 	}
1561 	;
1562 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1563 	{
1564 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1565 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1566 			yyerror("memory size expected");
1567 		free($2);
1568 	}
1569 	;
1570 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1571 	{
1572 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1573 		if(atoi($2) == 0) {
1574 			yyerror("number expected");
1575 		} else {
1576 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1577 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1578 				yyerror("must be a power of 2");
1579 		}
1580 		free($2);
1581 	}
1582 	;
1583 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1584 	{
1585 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1586 		if(atoi($2) == 0)
1587 			yyerror("number expected");
1588 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1589 		free($2);
1590 	}
1591 	;
1592 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1593 	{
1594 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1595 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1596 			yyerror("number expected");
1597 		else cfg_parser->cfg->jostle_time = atoi($2);
1598 		free($2);
1599 	}
1600 	;
1601 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1602 	{
1603 		OUTYY(("P(server_delay_close:%s)\n", $2));
1604 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1605 			yyerror("number expected");
1606 		else cfg_parser->cfg->delay_close = atoi($2);
1607 		free($2);
1608 	}
1609 	;
1610 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1611 	{
1612 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1613 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1614 			yyerror("expected yes or no.");
1615 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1616 		free($2);
1617 	}
1618 	;
1619 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1620 	{
1621 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1622 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1623 			yyerror("expected yes or no.");
1624 		else cfg_parser->cfg->unblock_lan_zones =
1625 			(strcmp($2, "yes")==0);
1626 		free($2);
1627 	}
1628 	;
1629 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1630 	{
1631 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1632 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1633 			yyerror("expected yes or no.");
1634 		else cfg_parser->cfg->insecure_lan_zones =
1635 			(strcmp($2, "yes")==0);
1636 		free($2);
1637 	}
1638 	;
1639 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1640 	{
1641 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1642 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1643 			yyerror("memory size expected");
1644 		free($2);
1645 	}
1646 	;
1647 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1648 	{
1649 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1650 		if(atoi($2) == 0) {
1651 			yyerror("number expected");
1652 		} else {
1653 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1654 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1655 				yyerror("must be a power of 2");
1656 		}
1657 		free($2);
1658 	}
1659 	;
1660 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1661 	{
1662 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1663 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1664 			yyerror("number expected");
1665 		else cfg_parser->cfg->host_ttl = atoi($2);
1666 		free($2);
1667 	}
1668 	;
1669 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1670 	{
1671 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1672 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1673 			"removed, use infra-host-ttl)", $2);
1674 		free($2);
1675 	}
1676 	;
1677 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1678 	{
1679 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1680 		if(atoi($2) == 0)
1681 			yyerror("number expected");
1682 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1683 		free($2);
1684 	}
1685 	;
1686 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1687 	{
1688 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1689 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1690 			"(option removed, use infra-cache-numhosts)", $2);
1691 		free($2);
1692 	}
1693 	;
1694 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1695 	{
1696 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1697 		if(atoi($2) == 0) {
1698 			yyerror("number expected");
1699 		} else {
1700 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1701 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1702 				yyerror("must be a power of 2");
1703 		}
1704 		free($2);
1705 	}
1706 	;
1707 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1708 	{
1709 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1710 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1711 			yyerror("number expected");
1712 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1713 		free($2);
1714 	}
1715 	;
1716 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1717 	{
1718 		OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1719 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1720 			yyerror("number expected");
1721 		else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1722 		free($2);
1723 	}
1724 	;
1725 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1726 	{
1727 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1728 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1729 			yyerror("expected yes or no.");
1730 		else cfg_parser->cfg->infra_keep_probing =
1731 			(strcmp($2, "yes")==0);
1732 		free($2);
1733 	}
1734 	;
1735 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1736 	{
1737 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1738 		free(cfg_parser->cfg->target_fetch_policy);
1739 		cfg_parser->cfg->target_fetch_policy = $2;
1740 	}
1741 	;
1742 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1743 	{
1744 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1745 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1746 			yyerror("expected yes or no.");
1747 		else cfg_parser->cfg->harden_short_bufsize =
1748 			(strcmp($2, "yes")==0);
1749 		free($2);
1750 	}
1751 	;
1752 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1753 	{
1754 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1755 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1756 			yyerror("expected yes or no.");
1757 		else cfg_parser->cfg->harden_large_queries =
1758 			(strcmp($2, "yes")==0);
1759 		free($2);
1760 	}
1761 	;
1762 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1763 	{
1764 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1765 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1766 			yyerror("expected yes or no.");
1767 		else cfg_parser->cfg->harden_glue =
1768 			(strcmp($2, "yes")==0);
1769 		free($2);
1770 	}
1771 	;
1772 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1773 	{
1774 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1775 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1776 			yyerror("expected yes or no.");
1777 		else cfg_parser->cfg->harden_dnssec_stripped =
1778 			(strcmp($2, "yes")==0);
1779 		free($2);
1780 	}
1781 	;
1782 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1783 	{
1784 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1785 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1786 			yyerror("expected yes or no.");
1787 		else cfg_parser->cfg->harden_below_nxdomain =
1788 			(strcmp($2, "yes")==0);
1789 		free($2);
1790 	}
1791 	;
1792 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1793 	{
1794 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1795 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1796 			yyerror("expected yes or no.");
1797 		else cfg_parser->cfg->harden_referral_path =
1798 			(strcmp($2, "yes")==0);
1799 		free($2);
1800 	}
1801 	;
1802 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1803 	{
1804 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1805 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1806 			yyerror("expected yes or no.");
1807 		else cfg_parser->cfg->harden_algo_downgrade =
1808 			(strcmp($2, "yes")==0);
1809 		free($2);
1810 	}
1811 	;
1812 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1813 	{
1814 		OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1815 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1816 			yyerror("expected yes or no.");
1817 		else cfg_parser->cfg->harden_unknown_additional =
1818 			(strcmp($2, "yes")==0);
1819 		free($2);
1820 	}
1821 	;
1822 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1823 	{
1824 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1825 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1826 			yyerror("expected yes or no.");
1827 		else cfg_parser->cfg->use_caps_bits_for_id =
1828 			(strcmp($2, "yes")==0);
1829 		free($2);
1830 	}
1831 	;
1832 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1833 	{
1834 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1835 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1836 			yyerror("out of memory");
1837 	}
1838 	;
1839 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1840 	{
1841 		OUTYY(("P(server_private_address:%s)\n", $2));
1842 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1843 			yyerror("out of memory");
1844 	}
1845 	;
1846 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1847 	{
1848 		OUTYY(("P(server_private_domain:%s)\n", $2));
1849 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1850 			yyerror("out of memory");
1851 	}
1852 	;
1853 server_prefetch: VAR_PREFETCH STRING_ARG
1854 	{
1855 		OUTYY(("P(server_prefetch:%s)\n", $2));
1856 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1857 			yyerror("expected yes or no.");
1858 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1859 		free($2);
1860 	}
1861 	;
1862 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1863 	{
1864 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1865 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1866 			yyerror("expected yes or no.");
1867 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1868 		free($2);
1869 	}
1870 	;
1871 server_deny_any: VAR_DENY_ANY STRING_ARG
1872 	{
1873 		OUTYY(("P(server_deny_any:%s)\n", $2));
1874 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1875 			yyerror("expected yes or no.");
1876 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1877 		free($2);
1878 	}
1879 	;
1880 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1881 	{
1882 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1883 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1884 			yyerror("number expected");
1885 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1886 		free($2);
1887 	}
1888 	;
1889 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1890 	{
1891 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1892 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1893 			yyerror("out of memory");
1894 	}
1895 	;
1896 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1897 	{
1898 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1899 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1900 			yyerror("expected yes or no.");
1901 		else cfg_parser->cfg->donotquery_localhost =
1902 			(strcmp($2, "yes")==0);
1903 		free($2);
1904 	}
1905 	;
1906 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1907 	{
1908 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1909 		validate_acl_action($3);
1910 		if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1911 			fatal_exit("out of memory adding acl");
1912 	}
1913 	;
1914 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
1915 	{
1916 		OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
1917 		validate_acl_action($3);
1918 		if(!cfg_str2list_insert(
1919 			&cfg_parser->cfg->interface_actions, $2, $3))
1920 			fatal_exit("out of memory adding acl");
1921 	}
1922 	;
1923 server_module_conf: VAR_MODULE_CONF STRING_ARG
1924 	{
1925 		OUTYY(("P(server_module_conf:%s)\n", $2));
1926 		free(cfg_parser->cfg->module_conf);
1927 		cfg_parser->cfg->module_conf = $2;
1928 	}
1929 	;
1930 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1931 	{
1932 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1933 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1934 			cfg_parser->cfg->val_date_override = 0;
1935 		} else if(strlen($2) == 14) {
1936 			cfg_parser->cfg->val_date_override =
1937 				cfg_convert_timeval($2);
1938 			if(!cfg_parser->cfg->val_date_override)
1939 				yyerror("bad date/time specification");
1940 		} else {
1941 			if(atoi($2) == 0)
1942 				yyerror("number expected");
1943 			cfg_parser->cfg->val_date_override = atoi($2);
1944 		}
1945 		free($2);
1946 	}
1947 	;
1948 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1949 	{
1950 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1951 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1952 			cfg_parser->cfg->val_sig_skew_min = 0;
1953 		} else {
1954 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1955 			if(!cfg_parser->cfg->val_sig_skew_min)
1956 				yyerror("number expected");
1957 		}
1958 		free($2);
1959 	}
1960 	;
1961 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1962 	{
1963 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1964 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1965 			cfg_parser->cfg->val_sig_skew_max = 0;
1966 		} else {
1967 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1968 			if(!cfg_parser->cfg->val_sig_skew_max)
1969 				yyerror("number expected");
1970 		}
1971 		free($2);
1972 	}
1973 	;
1974 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1975 	{
1976 		OUTYY(("P(server_val_max_restart:%s)\n", $2));
1977 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1978 			cfg_parser->cfg->val_max_restart = 0;
1979 		} else {
1980 			cfg_parser->cfg->val_max_restart = atoi($2);
1981 			if(!cfg_parser->cfg->val_max_restart)
1982 				yyerror("number expected");
1983 		}
1984 		free($2);
1985 	}
1986 	;
1987 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1988 	{
1989 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1990 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1991 			yyerror("number expected");
1992 		else cfg_parser->cfg->max_ttl = atoi($2);
1993 		free($2);
1994 	}
1995 	;
1996 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1997 	{
1998 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1999 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2000 			yyerror("number expected");
2001 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
2002 		free($2);
2003 	}
2004 	;
2005 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2006 	{
2007 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2008 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2009 			yyerror("number expected");
2010 		else cfg_parser->cfg->min_ttl = atoi($2);
2011 		free($2);
2012 	}
2013 	;
2014 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2015 	{
2016 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2017 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2018 			yyerror("number expected");
2019 		else cfg_parser->cfg->bogus_ttl = atoi($2);
2020 		free($2);
2021 	}
2022 	;
2023 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2024 	{
2025 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2026 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2027 			yyerror("expected yes or no.");
2028 		else cfg_parser->cfg->val_clean_additional =
2029 			(strcmp($2, "yes")==0);
2030 		free($2);
2031 	}
2032 	;
2033 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2034 	{
2035 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2036 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2037 			yyerror("expected yes or no.");
2038 		else cfg_parser->cfg->val_permissive_mode =
2039 			(strcmp($2, "yes")==0);
2040 		free($2);
2041 	}
2042 	;
2043 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2044 	{
2045 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2046 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2047 			yyerror("expected yes or no.");
2048 		else
2049 			cfg_parser->cfg->aggressive_nsec =
2050 				(strcmp($2, "yes")==0);
2051 		free($2);
2052 	}
2053 	;
2054 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2055 	{
2056 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2057 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2058 			yyerror("expected yes or no.");
2059 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2060 		free($2);
2061 	}
2062 	;
2063 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2064 	{
2065 		OUTYY(("P(server_serve_expired:%s)\n", $2));
2066 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2067 			yyerror("expected yes or no.");
2068 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2069 		free($2);
2070 	}
2071 	;
2072 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2073 	{
2074 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2075 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2076 			yyerror("number expected");
2077 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2078 		free($2);
2079 	}
2080 	;
2081 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2082 	{
2083 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2084 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2085 			yyerror("expected yes or no.");
2086 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2087 		free($2);
2088 	}
2089 	;
2090 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2091 	{
2092 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2093 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2094 			yyerror("number expected");
2095 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2096 		free($2);
2097 	}
2098 	;
2099 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2100 	{
2101 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2102 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2103 			yyerror("number expected");
2104 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2105 		free($2);
2106 	}
2107 	;
2108 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2109 	{
2110 		OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2111 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2112 			yyerror("expected yes or no.");
2113 		else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2114 		free($2);
2115 	}
2116 	;
2117 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2118 	{
2119 		OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2120 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2121 			yyerror("expected yes or no.");
2122 		else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2123 		free($2);
2124 	}
2125 	;
2126 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2127 	{
2128 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
2129 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2130 			yyerror("expected yes or no.");
2131 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2132 		else fake_dsa = (strcmp($2, "yes")==0);
2133 		if(fake_dsa)
2134 			log_warn("test option fake_dsa is enabled");
2135 #endif
2136 		free($2);
2137 	}
2138 	;
2139 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2140 	{
2141 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
2142 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2143 			yyerror("expected yes or no.");
2144 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2145 		else fake_sha1 = (strcmp($2, "yes")==0);
2146 		if(fake_sha1)
2147 			log_warn("test option fake_sha1 is enabled");
2148 #endif
2149 		free($2);
2150 	}
2151 	;
2152 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2153 	{
2154 		OUTYY(("P(server_val_log_level:%s)\n", $2));
2155 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2156 			yyerror("number expected");
2157 		else cfg_parser->cfg->val_log_level = atoi($2);
2158 		free($2);
2159 	}
2160 	;
2161 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2162 	{
2163 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2164 		free(cfg_parser->cfg->val_nsec3_key_iterations);
2165 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
2166 	}
2167 	;
2168 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2169 	{
2170 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2171 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2172 			yyerror("expected yes or no.");
2173 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2174 		free($2);
2175 	}
2176 	;
2177 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2178 	{
2179 		OUTYY(("P(server_add_holddown:%s)\n", $2));
2180 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2181 			yyerror("number expected");
2182 		else cfg_parser->cfg->add_holddown = atoi($2);
2183 		free($2);
2184 	}
2185 	;
2186 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2187 	{
2188 		OUTYY(("P(server_del_holddown:%s)\n", $2));
2189 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2190 			yyerror("number expected");
2191 		else cfg_parser->cfg->del_holddown = atoi($2);
2192 		free($2);
2193 	}
2194 	;
2195 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2196 	{
2197 		OUTYY(("P(server_keep_missing:%s)\n", $2));
2198 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2199 			yyerror("number expected");
2200 		else cfg_parser->cfg->keep_missing = atoi($2);
2201 		free($2);
2202 	}
2203 	;
2204 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2205 	{
2206 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2207 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2208 			yyerror("expected yes or no.");
2209 		else cfg_parser->cfg->permit_small_holddown =
2210 			(strcmp($2, "yes")==0);
2211 		free($2);
2212 	}
2213 	;
2214 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2215 	{
2216 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
2217 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2218 			yyerror("memory size expected");
2219 		free($2);
2220 	}
2221 	;
2222 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2223 	{
2224 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2225 		if(atoi($2) == 0) {
2226 			yyerror("number expected");
2227 		} else {
2228 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2229 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2230 				yyerror("must be a power of 2");
2231 		}
2232 		free($2);
2233 	}
2234 	;
2235 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2236 	{
2237 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2238 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2239 			yyerror("memory size expected");
2240 		free($2);
2241 	}
2242 	;
2243 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2244 	{
2245 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2246 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2247 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2248 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2249 		   && strcmp($3, "typetransparent")!=0
2250 		   && strcmp($3, "always_transparent")!=0
2251 		   && strcmp($3, "block_a")!=0
2252 		   && strcmp($3, "always_refuse")!=0
2253 		   && strcmp($3, "always_nxdomain")!=0
2254 		   && strcmp($3, "always_nodata")!=0
2255 		   && strcmp($3, "always_deny")!=0
2256 		   && strcmp($3, "always_null")!=0
2257 		   && strcmp($3, "noview")!=0
2258 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2259 		   && strcmp($3, "inform_redirect") != 0
2260 		   && strcmp($3, "ipset") != 0) {
2261 			yyerror("local-zone type: expected static, deny, "
2262 				"refuse, redirect, transparent, "
2263 				"typetransparent, inform, inform_deny, "
2264 				"inform_redirect, always_transparent, block_a,"
2265 				"always_refuse, always_nxdomain, "
2266 				"always_nodata, always_deny, always_null, "
2267 				"noview, nodefault or ipset");
2268 			free($2);
2269 			free($3);
2270 		} else if(strcmp($3, "nodefault")==0) {
2271 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2272 				local_zones_nodefault, $2))
2273 				fatal_exit("out of memory adding local-zone");
2274 			free($3);
2275 #ifdef USE_IPSET
2276 		} else if(strcmp($3, "ipset")==0) {
2277 			size_t len = strlen($2);
2278 			/* Make sure to add the trailing dot.
2279 			 * These are str compared to domain names. */
2280 			if($2[len-1] != '.') {
2281 				if(!($2 = realloc($2, len+2))) {
2282 					fatal_exit("out of memory adding local-zone");
2283 				}
2284 				$2[len] = '.';
2285 				$2[len+1] = 0;
2286 			}
2287 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2288 				local_zones_ipset, $2))
2289 				fatal_exit("out of memory adding local-zone");
2290 			free($3);
2291 #endif
2292 		} else {
2293 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2294 				$2, $3))
2295 				fatal_exit("out of memory adding local-zone");
2296 		}
2297 	}
2298 	;
2299 server_local_data: VAR_LOCAL_DATA STRING_ARG
2300 	{
2301 		OUTYY(("P(server_local_data:%s)\n", $2));
2302 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2303 			fatal_exit("out of memory adding local-data");
2304 	}
2305 	;
2306 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2307 	{
2308 		char* ptr;
2309 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2310 		ptr = cfg_ptr_reverse($2);
2311 		free($2);
2312 		if(ptr) {
2313 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2314 				local_data, ptr))
2315 				fatal_exit("out of memory adding local-data");
2316 		} else {
2317 			yyerror("local-data-ptr could not be reversed");
2318 		}
2319 	}
2320 	;
2321 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2322 	{
2323 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2324 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2325 			yyerror("expected yes or no.");
2326 		else cfg_parser->cfg->minimal_responses =
2327 			(strcmp($2, "yes")==0);
2328 		free($2);
2329 	}
2330 	;
2331 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2332 	{
2333 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2334 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2335 			yyerror("expected yes or no.");
2336 		else cfg_parser->cfg->rrset_roundrobin =
2337 			(strcmp($2, "yes")==0);
2338 		free($2);
2339 	}
2340 	;
2341 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2342 	{
2343 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2344 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2345 		free($2);
2346 	}
2347 	;
2348 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2349 	{
2350 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2351 		cfg_parser->cfg->max_udp_size = atoi($2);
2352 		free($2);
2353 	}
2354 	;
2355 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2356 	{
2357 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2358 		free(cfg_parser->cfg->dns64_prefix);
2359 		cfg_parser->cfg->dns64_prefix = $2;
2360 	}
2361 	;
2362 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2363 	{
2364 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2365 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2366 			yyerror("expected yes or no.");
2367 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2368 		free($2);
2369 	}
2370 	;
2371 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2372 	{
2373 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2374 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2375 			$2))
2376 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2377 	}
2378 	;
2379 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2380 	{
2381 		OUTYY(("P(nat64_prefix:%s)\n", $2));
2382 		free(cfg_parser->cfg->nat64_prefix);
2383 		cfg_parser->cfg->nat64_prefix = $2;
2384 	}
2385 	;
2386 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2387 	{
2388 		char* p, *s = $2;
2389 		OUTYY(("P(server_define_tag:%s)\n", $2));
2390 		while((p=strsep(&s, " \t\n")) != NULL) {
2391 			if(*p) {
2392 				if(!config_add_tag(cfg_parser->cfg, p))
2393 					yyerror("could not define-tag, "
2394 						"out of memory");
2395 			}
2396 		}
2397 		free($2);
2398 	}
2399 	;
2400 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2401 	{
2402 		size_t len = 0;
2403 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2404 			&len);
2405 		free($3);
2406 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2407 		if(!bitlist) {
2408 			yyerror("could not parse tags, (define-tag them first)");
2409 			free($2);
2410 		}
2411 		if(bitlist) {
2412 			if(!cfg_strbytelist_insert(
2413 				&cfg_parser->cfg->local_zone_tags,
2414 				$2, bitlist, len)) {
2415 				yyerror("out of memory");
2416 				free($2);
2417 			}
2418 		}
2419 	}
2420 	;
2421 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2422 	{
2423 		size_t len = 0;
2424 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2425 			&len);
2426 		free($3);
2427 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2428 		if(!bitlist) {
2429 			yyerror("could not parse tags, (define-tag them first)");
2430 			free($2);
2431 		}
2432 		if(bitlist) {
2433 			if(!cfg_strbytelist_insert(
2434 				&cfg_parser->cfg->acl_tags,
2435 				$2, bitlist, len)) {
2436 				yyerror("out of memory");
2437 				free($2);
2438 			}
2439 		}
2440 	}
2441 	;
2442 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2443 	{
2444 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2445 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2446 			$2, $3, $4)) {
2447 			yyerror("out of memory");
2448 			free($2);
2449 			free($3);
2450 			free($4);
2451 		}
2452 	}
2453 	;
2454 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2455 	{
2456 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2457 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2458 			$2, $3, $4)) {
2459 			yyerror("out of memory");
2460 			free($2);
2461 			free($3);
2462 			free($4);
2463 		}
2464 	}
2465 	;
2466 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2467 	{
2468 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2469 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2470 			$2, $3, $4)) {
2471 			yyerror("out of memory");
2472 			free($2);
2473 			free($3);
2474 			free($4);
2475 		}
2476 	}
2477 	;
2478 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2479 	{
2480 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2481 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2482 			$2, $3)) {
2483 			yyerror("out of memory");
2484 		}
2485 	}
2486 	;
2487 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2488 	{
2489 		size_t len = 0;
2490 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2491 			&len);
2492 		free($3);
2493 		OUTYY(("P(server_interface_tag:%s)\n", $2));
2494 		if(!bitlist) {
2495 			yyerror("could not parse tags, (define-tag them first)");
2496 			free($2);
2497 		}
2498 		if(bitlist) {
2499 			if(!cfg_strbytelist_insert(
2500 				&cfg_parser->cfg->interface_tags,
2501 				$2, bitlist, len)) {
2502 				yyerror("out of memory");
2503 				free($2);
2504 			}
2505 		}
2506 	}
2507 	;
2508 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2509 	{
2510 		OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2511 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2512 			$2, $3, $4)) {
2513 			yyerror("out of memory");
2514 			free($2);
2515 			free($3);
2516 			free($4);
2517 		}
2518 	}
2519 	;
2520 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2521 	{
2522 		OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2523 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2524 			$2, $3, $4)) {
2525 			yyerror("out of memory");
2526 			free($2);
2527 			free($3);
2528 			free($4);
2529 		}
2530 	}
2531 	;
2532 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2533 	{
2534 		OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2535 		if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2536 			$2, $3)) {
2537 			yyerror("out of memory");
2538 		}
2539 	}
2540 	;
2541 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2542 	{
2543 		size_t len = 0;
2544 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2545 			&len);
2546 		free($3);
2547 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2548 		if(!bitlist) {
2549 			yyerror("could not parse tags, (define-tag them first)");
2550 			free($2);
2551 		}
2552 		if(bitlist) {
2553 			if(!cfg_strbytelist_insert(
2554 				&cfg_parser->cfg->respip_tags,
2555 				$2, bitlist, len)) {
2556 				yyerror("out of memory");
2557 				free($2);
2558 			}
2559 		}
2560 	}
2561 	;
2562 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2563 	{
2564 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2565 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2566 			yyerror("number expected");
2567 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2568 		free($2);
2569 	}
2570 	;
2571 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2572 	{
2573 		OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2574 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2575 			yyerror("number expected");
2576 		else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2577 		free($2);
2578 	}
2579 	;
2580 server_ratelimit: VAR_RATELIMIT STRING_ARG
2581 	{
2582 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2583 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2584 			yyerror("number expected");
2585 		else cfg_parser->cfg->ratelimit = atoi($2);
2586 		free($2);
2587 	}
2588 	;
2589 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2590 	{
2591 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2592 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2593 			yyerror("memory size expected");
2594 		free($2);
2595 	}
2596 	;
2597 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2598 	{
2599 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2600 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2601 			yyerror("memory size expected");
2602 		free($2);
2603 	}
2604 	;
2605 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2606 	{
2607 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2608 		if(atoi($2) == 0) {
2609 			yyerror("number expected");
2610 		} else {
2611 			cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2612 			if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2613 				yyerror("must be a power of 2");
2614 		}
2615 		free($2);
2616 	}
2617 	;
2618 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2619 	{
2620 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2621 		if(atoi($2) == 0) {
2622 			yyerror("number expected");
2623 		} else {
2624 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2625 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2626 				yyerror("must be a power of 2");
2627 		}
2628 		free($2);
2629 	}
2630 	;
2631 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2632 	{
2633 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2634 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2635 			yyerror("number expected");
2636 			free($2);
2637 			free($3);
2638 		} else {
2639 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2640 				ratelimit_for_domain, $2, $3))
2641 				fatal_exit("out of memory adding "
2642 					"ratelimit-for-domain");
2643 		}
2644 	}
2645 	;
2646 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2647 	{
2648 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2649 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2650 			yyerror("number expected");
2651 			free($2);
2652 			free($3);
2653 		} else {
2654 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2655 				ratelimit_below_domain, $2, $3))
2656 				fatal_exit("out of memory adding "
2657 					"ratelimit-below-domain");
2658 		}
2659 	}
2660 	;
2661 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2662 	{
2663 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2664 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2665 			yyerror("number expected");
2666 		else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2667 		free($2);
2668 	}
2669 	;
2670 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2671 	{
2672 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2673 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2674 			yyerror("number expected");
2675 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2676 		free($2);
2677 	}
2678 	;
2679 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2680 	{
2681 		OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2682 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2683 			yyerror("expected yes or no.");
2684 		else cfg_parser->cfg->ip_ratelimit_backoff =
2685 			(strcmp($2, "yes")==0);
2686 		free($2);
2687 	}
2688 	;
2689 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2690 	{
2691 		OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2692 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2693 			yyerror("expected yes or no.");
2694 		else cfg_parser->cfg->ratelimit_backoff =
2695 			(strcmp($2, "yes")==0);
2696 		free($2);
2697 	}
2698 	;
2699 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2700 	{
2701 		OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2702 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2703 			yyerror("number expected");
2704 		else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2705 		free($2);
2706 	}
2707 	;
2708 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2709 	{
2710 		OUTYY(("P(server_max_sent_count:%s)\n", $2));
2711 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2712 			yyerror("number expected");
2713 		else cfg_parser->cfg->max_sent_count = atoi($2);
2714 		free($2);
2715 	}
2716 	;
2717 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2718 	{
2719 		OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2720 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2721 			yyerror("number expected");
2722 		else cfg_parser->cfg->max_query_restarts = atoi($2);
2723 		free($2);
2724 	}
2725 	;
2726 server_low_rtt: VAR_LOW_RTT STRING_ARG
2727 	{
2728 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2729 		free($2);
2730 	}
2731 	;
2732 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2733 	{
2734 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2735 		if(atoi($2) <= 0)
2736 			yyerror("number expected");
2737 		else cfg_parser->cfg->fast_server_num = atoi($2);
2738 		free($2);
2739 	}
2740 	;
2741 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2742 	{
2743 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2744 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2745 			yyerror("number expected");
2746 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2747 		free($2);
2748 	}
2749 	;
2750 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2751 	{
2752 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2753 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2754 			yyerror("expected yes or no.");
2755 		else cfg_parser->cfg->qname_minimisation =
2756 			(strcmp($2, "yes")==0);
2757 		free($2);
2758 	}
2759 	;
2760 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2761 	{
2762 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2763 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2764 			yyerror("expected yes or no.");
2765 		else cfg_parser->cfg->qname_minimisation_strict =
2766 			(strcmp($2, "yes")==0);
2767 		free($2);
2768 	}
2769 	;
2770 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2771 	{
2772 		OUTYY(("P(server_pad_responses:%s)\n", $2));
2773 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2774 			yyerror("expected yes or no.");
2775 		else cfg_parser->cfg->pad_responses =
2776 			(strcmp($2, "yes")==0);
2777 		free($2);
2778 	}
2779 	;
2780 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2781 	{
2782 		OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2783 		if(atoi($2) == 0)
2784 			yyerror("number expected");
2785 		else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2786 		free($2);
2787 	}
2788 	;
2789 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2790 	{
2791 		OUTYY(("P(server_pad_queries:%s)\n", $2));
2792 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2793 			yyerror("expected yes or no.");
2794 		else cfg_parser->cfg->pad_queries =
2795 			(strcmp($2, "yes")==0);
2796 		free($2);
2797 	}
2798 	;
2799 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2800 	{
2801 		OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2802 		if(atoi($2) == 0)
2803 			yyerror("number expected");
2804 		else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2805 		free($2);
2806 	}
2807 	;
2808 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2809 	{
2810 	#ifdef USE_IPSECMOD
2811 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2812 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2813 			yyerror("expected yes or no.");
2814 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2815 	#else
2816 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2817 	#endif
2818 		free($2);
2819 	}
2820 	;
2821 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2822 	{
2823 	#ifdef USE_IPSECMOD
2824 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2825 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2826 			yyerror("expected yes or no.");
2827 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2828 	#else
2829 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2830 	#endif
2831 		free($2);
2832 	}
2833 	;
2834 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2835 	{
2836 	#ifdef USE_IPSECMOD
2837 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2838 		free(cfg_parser->cfg->ipsecmod_hook);
2839 		cfg_parser->cfg->ipsecmod_hook = $2;
2840 	#else
2841 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2842 		free($2);
2843 	#endif
2844 	}
2845 	;
2846 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2847 	{
2848 	#ifdef USE_IPSECMOD
2849 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2850 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2851 			yyerror("number expected");
2852 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2853 		free($2);
2854 	#else
2855 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2856 		free($2);
2857 	#endif
2858 	}
2859 	;
2860 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2861 	{
2862 	#ifdef USE_IPSECMOD
2863 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2864 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2865 			yyerror("out of memory");
2866 	#else
2867 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2868 		free($2);
2869 	#endif
2870 	}
2871 	;
2872 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2873 	{
2874 	#ifdef USE_IPSECMOD
2875 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2876 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2877 			yyerror("expected yes or no.");
2878 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2879 		free($2);
2880 	#else
2881 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2882 		free($2);
2883 	#endif
2884 	}
2885 	;
2886 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2887 	{
2888 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2889 		if(!cfg_str2list_insert(
2890 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2891 			fatal_exit("out of memory adding "
2892 				"edns-client-string");
2893 	}
2894 	;
2895 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2896 	{
2897 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2898 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2899 			yyerror("option code expected");
2900 		else if(atoi($2) > 65535 || atoi($2) < 0)
2901 			yyerror("option code must be in interval [0, 65535]");
2902 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2903 		free($2);
2904 	}
2905 	;
2906 server_ede: VAR_EDE STRING_ARG
2907 	{
2908 		OUTYY(("P(server_ede:%s)\n", $2));
2909 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2910 			yyerror("expected yes or no.");
2911 		else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2912 		free($2);
2913 	}
2914 	;
2915 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
2916 	{
2917 		OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
2918 		if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
2919 			yyerror("out of memory");
2920 	}
2921 	;
2922 stub_name: VAR_NAME STRING_ARG
2923 	{
2924 		OUTYY(("P(name:%s)\n", $2));
2925 		if(cfg_parser->cfg->stubs->name)
2926 			yyerror("stub name override, there must be one name "
2927 				"for one stub-zone");
2928 		free(cfg_parser->cfg->stubs->name);
2929 		cfg_parser->cfg->stubs->name = $2;
2930 	}
2931 	;
2932 stub_host: VAR_STUB_HOST STRING_ARG
2933 	{
2934 		OUTYY(("P(stub-host:%s)\n", $2));
2935 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2936 			yyerror("out of memory");
2937 	}
2938 	;
2939 stub_addr: VAR_STUB_ADDR STRING_ARG
2940 	{
2941 		OUTYY(("P(stub-addr:%s)\n", $2));
2942 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2943 			yyerror("out of memory");
2944 	}
2945 	;
2946 stub_first: VAR_STUB_FIRST STRING_ARG
2947 	{
2948 		OUTYY(("P(stub-first:%s)\n", $2));
2949 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2950 			yyerror("expected yes or no.");
2951 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2952 		free($2);
2953 	}
2954 	;
2955 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2956 	{
2957 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2958 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2959 			yyerror("expected yes or no.");
2960 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2961 		free($2);
2962 	}
2963 	;
2964 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2965 	{
2966 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2967 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2968 			yyerror("expected yes or no.");
2969 		else cfg_parser->cfg->stubs->ssl_upstream =
2970 			(strcmp($2, "yes")==0);
2971 		free($2);
2972 	}
2973 	;
2974 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2975         {
2976                 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2977                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2978                         yyerror("expected yes or no.");
2979                 else cfg_parser->cfg->stubs->tcp_upstream =
2980                         (strcmp($2, "yes")==0);
2981                 free($2);
2982         }
2983         ;
2984 stub_prime: VAR_STUB_PRIME STRING_ARG
2985 	{
2986 		OUTYY(("P(stub-prime:%s)\n", $2));
2987 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2988 			yyerror("expected yes or no.");
2989 		else cfg_parser->cfg->stubs->isprime =
2990 			(strcmp($2, "yes")==0);
2991 		free($2);
2992 	}
2993 	;
2994 forward_name: VAR_NAME STRING_ARG
2995 	{
2996 		OUTYY(("P(name:%s)\n", $2));
2997 		if(cfg_parser->cfg->forwards->name)
2998 			yyerror("forward name override, there must be one "
2999 				"name for one forward-zone");
3000 		free(cfg_parser->cfg->forwards->name);
3001 		cfg_parser->cfg->forwards->name = $2;
3002 	}
3003 	;
3004 forward_host: VAR_FORWARD_HOST STRING_ARG
3005 	{
3006 		OUTYY(("P(forward-host:%s)\n", $2));
3007 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3008 			yyerror("out of memory");
3009 	}
3010 	;
3011 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3012 	{
3013 		OUTYY(("P(forward-addr:%s)\n", $2));
3014 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3015 			yyerror("out of memory");
3016 	}
3017 	;
3018 forward_first: VAR_FORWARD_FIRST STRING_ARG
3019 	{
3020 		OUTYY(("P(forward-first:%s)\n", $2));
3021 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3022 			yyerror("expected yes or no.");
3023 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3024 		free($2);
3025 	}
3026 	;
3027 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3028 	{
3029 		OUTYY(("P(forward-no-cache:%s)\n", $2));
3030 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3031 			yyerror("expected yes or no.");
3032 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3033 		free($2);
3034 	}
3035 	;
3036 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3037 	{
3038 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3039 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3040 			yyerror("expected yes or no.");
3041 		else cfg_parser->cfg->forwards->ssl_upstream =
3042 			(strcmp($2, "yes")==0);
3043 		free($2);
3044 	}
3045 	;
3046 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3047         {
3048                 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3049                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3050                         yyerror("expected yes or no.");
3051                 else cfg_parser->cfg->forwards->tcp_upstream =
3052                         (strcmp($2, "yes")==0);
3053                 free($2);
3054         }
3055         ;
3056 auth_name: VAR_NAME STRING_ARG
3057 	{
3058 		OUTYY(("P(name:%s)\n", $2));
3059 		if(cfg_parser->cfg->auths->name)
3060 			yyerror("auth name override, there must be one name "
3061 				"for one auth-zone");
3062 		free(cfg_parser->cfg->auths->name);
3063 		cfg_parser->cfg->auths->name = $2;
3064 	}
3065 	;
3066 auth_zonefile: VAR_ZONEFILE STRING_ARG
3067 	{
3068 		OUTYY(("P(zonefile:%s)\n", $2));
3069 		free(cfg_parser->cfg->auths->zonefile);
3070 		cfg_parser->cfg->auths->zonefile = $2;
3071 	}
3072 	;
3073 auth_master: VAR_MASTER STRING_ARG
3074 	{
3075 		OUTYY(("P(master:%s)\n", $2));
3076 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3077 			yyerror("out of memory");
3078 	}
3079 	;
3080 auth_url: VAR_URL STRING_ARG
3081 	{
3082 		OUTYY(("P(url:%s)\n", $2));
3083 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3084 			yyerror("out of memory");
3085 	}
3086 	;
3087 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3088 	{
3089 		OUTYY(("P(allow-notify:%s)\n", $2));
3090 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3091 			$2))
3092 			yyerror("out of memory");
3093 	}
3094 	;
3095 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3096 	{
3097 		OUTYY(("P(zonemd-check:%s)\n", $2));
3098 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3099 			yyerror("expected yes or no.");
3100 		else cfg_parser->cfg->auths->zonemd_check =
3101 			(strcmp($2, "yes")==0);
3102 		free($2);
3103 	}
3104 	;
3105 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3106 	{
3107 		OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3108 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3109 			yyerror("expected yes or no.");
3110 		else cfg_parser->cfg->auths->zonemd_reject_absence =
3111 			(strcmp($2, "yes")==0);
3112 		free($2);
3113 	}
3114 	;
3115 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3116 	{
3117 		OUTYY(("P(for-downstream:%s)\n", $2));
3118 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3119 			yyerror("expected yes or no.");
3120 		else cfg_parser->cfg->auths->for_downstream =
3121 			(strcmp($2, "yes")==0);
3122 		free($2);
3123 	}
3124 	;
3125 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3126 	{
3127 		OUTYY(("P(for-upstream:%s)\n", $2));
3128 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3129 			yyerror("expected yes or no.");
3130 		else cfg_parser->cfg->auths->for_upstream =
3131 			(strcmp($2, "yes")==0);
3132 		free($2);
3133 	}
3134 	;
3135 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3136 	{
3137 		OUTYY(("P(fallback-enabled:%s)\n", $2));
3138 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3139 			yyerror("expected yes or no.");
3140 		else cfg_parser->cfg->auths->fallback_enabled =
3141 			(strcmp($2, "yes")==0);
3142 		free($2);
3143 	}
3144 	;
3145 view_name: VAR_NAME STRING_ARG
3146 	{
3147 		OUTYY(("P(name:%s)\n", $2));
3148 		if(cfg_parser->cfg->views->name)
3149 			yyerror("view name override, there must be one "
3150 				"name for one view");
3151 		free(cfg_parser->cfg->views->name);
3152 		cfg_parser->cfg->views->name = $2;
3153 	}
3154 	;
3155 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3156 	{
3157 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3158 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3159 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3160 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3161 		   && strcmp($3, "typetransparent")!=0
3162 		   && strcmp($3, "always_transparent")!=0
3163 		   && strcmp($3, "always_refuse")!=0
3164 		   && strcmp($3, "always_nxdomain")!=0
3165 		   && strcmp($3, "always_nodata")!=0
3166 		   && strcmp($3, "always_deny")!=0
3167 		   && strcmp($3, "always_null")!=0
3168 		   && strcmp($3, "noview")!=0
3169 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3170 		   && strcmp($3, "inform_redirect") != 0
3171 		   && strcmp($3, "ipset") != 0) {
3172 			yyerror("local-zone type: expected static, deny, "
3173 				"refuse, redirect, transparent, "
3174 				"typetransparent, inform, inform_deny, "
3175 				"inform_redirect, always_transparent, "
3176 				"always_refuse, always_nxdomain, "
3177 				"always_nodata, always_deny, always_null, "
3178 				"noview, nodefault or ipset");
3179 			free($2);
3180 			free($3);
3181 		} else if(strcmp($3, "nodefault")==0) {
3182 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3183 				local_zones_nodefault, $2))
3184 				fatal_exit("out of memory adding local-zone");
3185 			free($3);
3186 #ifdef USE_IPSET
3187 		} else if(strcmp($3, "ipset")==0) {
3188 			size_t len = strlen($2);
3189 			/* Make sure to add the trailing dot.
3190 			 * These are str compared to domain names. */
3191 			if($2[len-1] != '.') {
3192 				if(!($2 = realloc($2, len+2))) {
3193 					fatal_exit("out of memory adding local-zone");
3194 				}
3195 				$2[len] = '.';
3196 				$2[len+1] = 0;
3197 			}
3198 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3199 				local_zones_ipset, $2))
3200 				fatal_exit("out of memory adding local-zone");
3201 			free($3);
3202 #endif
3203 		} else {
3204 			if(!cfg_str2list_insert(
3205 				&cfg_parser->cfg->views->local_zones,
3206 				$2, $3))
3207 				fatal_exit("out of memory adding local-zone");
3208 		}
3209 	}
3210 	;
3211 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3212 	{
3213 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3214 		validate_respip_action($3);
3215 		if(!cfg_str2list_insert(
3216 			&cfg_parser->cfg->views->respip_actions, $2, $3))
3217 			fatal_exit("out of memory adding per-view "
3218 				"response-ip action");
3219 	}
3220 	;
3221 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3222 	{
3223 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
3224 		if(!cfg_str2list_insert(
3225 			&cfg_parser->cfg->views->respip_data, $2, $3))
3226 			fatal_exit("out of memory adding response-ip-data");
3227 	}
3228 	;
3229 view_local_data: VAR_LOCAL_DATA STRING_ARG
3230 	{
3231 		OUTYY(("P(view_local_data:%s)\n", $2));
3232 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3233 			fatal_exit("out of memory adding local-data");
3234 		}
3235 	}
3236 	;
3237 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3238 	{
3239 		char* ptr;
3240 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3241 		ptr = cfg_ptr_reverse($2);
3242 		free($2);
3243 		if(ptr) {
3244 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3245 				local_data, ptr))
3246 				fatal_exit("out of memory adding local-data");
3247 		} else {
3248 			yyerror("local-data-ptr could not be reversed");
3249 		}
3250 	}
3251 	;
3252 view_first: VAR_VIEW_FIRST STRING_ARG
3253 	{
3254 		OUTYY(("P(view-first:%s)\n", $2));
3255 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3256 			yyerror("expected yes or no.");
3257 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3258 		free($2);
3259 	}
3260 	;
3261 rcstart: VAR_REMOTE_CONTROL
3262 	{
3263 		OUTYY(("\nP(remote-control:)\n"));
3264 		cfg_parser->started_toplevel = 1;
3265 	}
3266 	;
3267 contents_rc: contents_rc content_rc
3268 	| ;
3269 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3270 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3271 	rc_control_cert_file | rc_control_use_cert
3272 	;
3273 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3274 	{
3275 		OUTYY(("P(control_enable:%s)\n", $2));
3276 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3277 			yyerror("expected yes or no.");
3278 		else cfg_parser->cfg->remote_control_enable =
3279 			(strcmp($2, "yes")==0);
3280 		free($2);
3281 	}
3282 	;
3283 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3284 	{
3285 		OUTYY(("P(control_port:%s)\n", $2));
3286 		if(atoi($2) == 0)
3287 			yyerror("control port number expected");
3288 		else cfg_parser->cfg->control_port = atoi($2);
3289 		free($2);
3290 	}
3291 	;
3292 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3293 	{
3294 		OUTYY(("P(control_interface:%s)\n", $2));
3295 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3296 			yyerror("out of memory");
3297 	}
3298 	;
3299 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3300 	{
3301 		OUTYY(("P(control_use_cert:%s)\n", $2));
3302 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3303 		free($2);
3304 	}
3305 	;
3306 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3307 	{
3308 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
3309 		free(cfg_parser->cfg->server_key_file);
3310 		cfg_parser->cfg->server_key_file = $2;
3311 	}
3312 	;
3313 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3314 	{
3315 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3316 		free(cfg_parser->cfg->server_cert_file);
3317 		cfg_parser->cfg->server_cert_file = $2;
3318 	}
3319 	;
3320 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3321 	{
3322 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
3323 		free(cfg_parser->cfg->control_key_file);
3324 		cfg_parser->cfg->control_key_file = $2;
3325 	}
3326 	;
3327 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3328 	{
3329 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3330 		free(cfg_parser->cfg->control_cert_file);
3331 		cfg_parser->cfg->control_cert_file = $2;
3332 	}
3333 	;
3334 dtstart: VAR_DNSTAP
3335 	{
3336 		OUTYY(("\nP(dnstap:)\n"));
3337 		cfg_parser->started_toplevel = 1;
3338 	}
3339 	;
3340 contents_dt: contents_dt content_dt
3341 	| ;
3342 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3343 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3344 	dt_dnstap_tls_cert_bundle |
3345 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3346 	dt_dnstap_send_identity | dt_dnstap_send_version |
3347 	dt_dnstap_identity | dt_dnstap_version |
3348 	dt_dnstap_log_resolver_query_messages |
3349 	dt_dnstap_log_resolver_response_messages |
3350 	dt_dnstap_log_client_query_messages |
3351 	dt_dnstap_log_client_response_messages |
3352 	dt_dnstap_log_forwarder_query_messages |
3353 	dt_dnstap_log_forwarder_response_messages
3354 	;
3355 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3356 	{
3357 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3358 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3359 			yyerror("expected yes or no.");
3360 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3361 		free($2);
3362 	}
3363 	;
3364 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3365 	{
3366 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3367 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3368 			yyerror("expected yes or no.");
3369 		else cfg_parser->cfg->dnstap_bidirectional =
3370 			(strcmp($2, "yes")==0);
3371 		free($2);
3372 	}
3373 	;
3374 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3375 	{
3376 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3377 		free(cfg_parser->cfg->dnstap_socket_path);
3378 		cfg_parser->cfg->dnstap_socket_path = $2;
3379 	}
3380 	;
3381 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3382 	{
3383 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3384 		free(cfg_parser->cfg->dnstap_ip);
3385 		cfg_parser->cfg->dnstap_ip = $2;
3386 	}
3387 	;
3388 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3389 	{
3390 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3391 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3392 			yyerror("expected yes or no.");
3393 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3394 		free($2);
3395 	}
3396 	;
3397 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3398 	{
3399 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3400 		free(cfg_parser->cfg->dnstap_tls_server_name);
3401 		cfg_parser->cfg->dnstap_tls_server_name = $2;
3402 	}
3403 	;
3404 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3405 	{
3406 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3407 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3408 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3409 	}
3410 	;
3411 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3412 	{
3413 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3414 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
3415 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3416 	}
3417 	;
3418 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3419 	{
3420 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3421 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3422 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3423 	}
3424 	;
3425 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3426 	{
3427 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3428 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3429 			yyerror("expected yes or no.");
3430 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3431 		free($2);
3432 	}
3433 	;
3434 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3435 	{
3436 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3437 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3438 			yyerror("expected yes or no.");
3439 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3440 		free($2);
3441 	}
3442 	;
3443 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3444 	{
3445 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3446 		free(cfg_parser->cfg->dnstap_identity);
3447 		cfg_parser->cfg->dnstap_identity = $2;
3448 	}
3449 	;
3450 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3451 	{
3452 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3453 		free(cfg_parser->cfg->dnstap_version);
3454 		cfg_parser->cfg->dnstap_version = $2;
3455 	}
3456 	;
3457 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3458 	{
3459 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3460 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3461 			yyerror("expected yes or no.");
3462 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3463 			(strcmp($2, "yes")==0);
3464 		free($2);
3465 	}
3466 	;
3467 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3468 	{
3469 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3470 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3471 			yyerror("expected yes or no.");
3472 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3473 			(strcmp($2, "yes")==0);
3474 		free($2);
3475 	}
3476 	;
3477 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3478 	{
3479 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3480 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3481 			yyerror("expected yes or no.");
3482 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3483 			(strcmp($2, "yes")==0);
3484 		free($2);
3485 	}
3486 	;
3487 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3488 	{
3489 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3490 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3491 			yyerror("expected yes or no.");
3492 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3493 			(strcmp($2, "yes")==0);
3494 		free($2);
3495 	}
3496 	;
3497 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3498 	{
3499 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3500 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3501 			yyerror("expected yes or no.");
3502 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3503 			(strcmp($2, "yes")==0);
3504 		free($2);
3505 	}
3506 	;
3507 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3508 	{
3509 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3510 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3511 			yyerror("expected yes or no.");
3512 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3513 			(strcmp($2, "yes")==0);
3514 		free($2);
3515 	}
3516 	;
3517 pythonstart: VAR_PYTHON
3518 	{
3519 		OUTYY(("\nP(python:)\n"));
3520 		cfg_parser->started_toplevel = 1;
3521 	}
3522 	;
3523 contents_py: contents_py content_py
3524 	| ;
3525 content_py: py_script
3526 	;
3527 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3528 	{
3529 		OUTYY(("P(python-script:%s)\n", $2));
3530 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3531 			yyerror("out of memory");
3532 	}
3533 	;
3534 dynlibstart: VAR_DYNLIB
3535 	{
3536 		OUTYY(("\nP(dynlib:)\n"));
3537 		cfg_parser->started_toplevel = 1;
3538 	}
3539 	;
3540 contents_dl: contents_dl content_dl
3541 	| ;
3542 content_dl: dl_file
3543 	;
3544 dl_file: VAR_DYNLIB_FILE STRING_ARG
3545 	{
3546 		OUTYY(("P(dynlib-file:%s)\n", $2));
3547 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3548 			yyerror("out of memory");
3549 	}
3550 	;
3551 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3552 	{
3553 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3554 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3555 			yyerror("expected yes or no.");
3556 		else cfg_parser->cfg->disable_dnssec_lame_check =
3557 			(strcmp($2, "yes")==0);
3558 		free($2);
3559 	}
3560 	;
3561 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3562 	{
3563 		OUTYY(("P(server_log_identity:%s)\n", $2));
3564 		free(cfg_parser->cfg->log_identity);
3565 		cfg_parser->cfg->log_identity = $2;
3566 	}
3567 	;
3568 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3569 	{
3570 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3571 		validate_respip_action($3);
3572 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3573 			$2, $3))
3574 			fatal_exit("out of memory adding response-ip");
3575 	}
3576 	;
3577 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3578 	{
3579 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3580 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3581 			$2, $3))
3582 			fatal_exit("out of memory adding response-ip-data");
3583 	}
3584 	;
3585 dnscstart: VAR_DNSCRYPT
3586 	{
3587 		OUTYY(("\nP(dnscrypt:)\n"));
3588 		cfg_parser->started_toplevel = 1;
3589 	}
3590 	;
3591 contents_dnsc: contents_dnsc content_dnsc
3592 	| ;
3593 content_dnsc:
3594 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3595 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3596 	dnsc_dnscrypt_provider_cert_rotated |
3597 	dnsc_dnscrypt_shared_secret_cache_size |
3598 	dnsc_dnscrypt_shared_secret_cache_slabs |
3599 	dnsc_dnscrypt_nonce_cache_size |
3600 	dnsc_dnscrypt_nonce_cache_slabs
3601 	;
3602 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3603 	{
3604 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3605 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3606 			yyerror("expected yes or no.");
3607 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3608 		free($2);
3609 	}
3610 	;
3611 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3612 	{
3613 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3614 		if(atoi($2) == 0)
3615 			yyerror("port number expected");
3616 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3617 		free($2);
3618 	}
3619 	;
3620 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3621 	{
3622 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3623 		free(cfg_parser->cfg->dnscrypt_provider);
3624 		cfg_parser->cfg->dnscrypt_provider = $2;
3625 	}
3626 	;
3627 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3628 	{
3629 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3630 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3631 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3632 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3633 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3634 	}
3635 	;
3636 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3637 	{
3638 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3639 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3640 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3641 	}
3642 	;
3643 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3644 	{
3645 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3646 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3647 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3648 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3649 			fatal_exit("out of memory adding dnscrypt-secret-key");
3650 	}
3651 	;
3652 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3653   {
3654 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3655 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3656 		yyerror("memory size expected");
3657 	free($2);
3658   }
3659   ;
3660 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3661   {
3662 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3663 	if(atoi($2) == 0) {
3664 		yyerror("number expected");
3665 	} else {
3666 		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3667 		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3668 			yyerror("must be a power of 2");
3669 	}
3670 	free($2);
3671   }
3672   ;
3673 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3674   {
3675 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3676 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3677 		yyerror("memory size expected");
3678 	free($2);
3679   }
3680   ;
3681 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3682   {
3683 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3684 	if(atoi($2) == 0) {
3685 		yyerror("number expected");
3686 	} else {
3687 		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3688 		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3689 			yyerror("must be a power of 2");
3690 	}
3691 	free($2);
3692   }
3693   ;
3694 cachedbstart: VAR_CACHEDB
3695 	{
3696 		OUTYY(("\nP(cachedb:)\n"));
3697 		cfg_parser->started_toplevel = 1;
3698 	}
3699 	;
3700 contents_cachedb: contents_cachedb content_cachedb
3701 	| ;
3702 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3703 	redis_server_host | redis_server_port | redis_timeout |
3704 	redis_expire_records | redis_server_path | redis_server_password
3705 	;
3706 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3707 	{
3708 	#ifdef USE_CACHEDB
3709 		OUTYY(("P(backend:%s)\n", $2));
3710 		free(cfg_parser->cfg->cachedb_backend);
3711 		cfg_parser->cfg->cachedb_backend = $2;
3712 	#else
3713 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3714 		free($2);
3715 	#endif
3716 	}
3717 	;
3718 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3719 	{
3720 	#ifdef USE_CACHEDB
3721 		OUTYY(("P(secret-seed:%s)\n", $2));
3722 		free(cfg_parser->cfg->cachedb_secret);
3723 		cfg_parser->cfg->cachedb_secret = $2;
3724 	#else
3725 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3726 		free($2);
3727 	#endif
3728 	}
3729 	;
3730 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3731 	{
3732 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3733 		OUTYY(("P(redis_server_host:%s)\n", $2));
3734 		free(cfg_parser->cfg->redis_server_host);
3735 		cfg_parser->cfg->redis_server_host = $2;
3736 	#else
3737 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3738 		free($2);
3739 	#endif
3740 	}
3741 	;
3742 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3743 	{
3744 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3745 		int port;
3746 		OUTYY(("P(redis_server_port:%s)\n", $2));
3747 		port = atoi($2);
3748 		if(port == 0 || port < 0 || port > 65535)
3749 			yyerror("valid redis server port number expected");
3750 		else cfg_parser->cfg->redis_server_port = port;
3751 	#else
3752 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3753 	#endif
3754 		free($2);
3755 	}
3756 	;
3757 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
3758 	{
3759 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3760 		OUTYY(("P(redis_server_path:%s)\n", $2));
3761 		free(cfg_parser->cfg->redis_server_path);
3762 		cfg_parser->cfg->redis_server_path = $2;
3763 	#else
3764 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3765 		free($2);
3766 	#endif
3767 	}
3768 	;
3769 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
3770 	{
3771 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3772 		OUTYY(("P(redis_server_password:%s)\n", $2));
3773 		free(cfg_parser->cfg->redis_server_password);
3774 		cfg_parser->cfg->redis_server_password = $2;
3775 	#else
3776 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3777 		free($2);
3778 	#endif
3779 	}
3780 	;
3781 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3782 	{
3783 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3784 		OUTYY(("P(redis_timeout:%s)\n", $2));
3785 		if(atoi($2) == 0)
3786 			yyerror("redis timeout value expected");
3787 		else cfg_parser->cfg->redis_timeout = atoi($2);
3788 	#else
3789 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3790 	#endif
3791 		free($2);
3792 	}
3793 	;
3794 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3795 	{
3796 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3797 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3798 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3799 			yyerror("expected yes or no.");
3800 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3801 	#else
3802 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3803 	#endif
3804 		free($2);
3805 	}
3806 	;
3807 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3808 	{
3809 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3810 		if (atoi($3) < 0)
3811 			yyerror("positive number expected");
3812 		else {
3813 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3814 				fatal_exit("out of memory adding tcp connection limit");
3815 		}
3816 	}
3817 	;
3818 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
3819 	{
3820 		OUTYY(("P(server_answer_cookie:%s)\n", $2));
3821 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3822 			yyerror("expected yes or no.");
3823 		else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
3824 		free($2);
3825 	}
3826 	;
3827 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
3828 	{
3829 		uint8_t secret[32];
3830 		size_t secret_len = sizeof(secret);
3831 
3832 		OUTYY(("P(server_cookie_secret:%s)\n", $2));
3833 		if(sldns_str2wire_hex_buf($2, secret, &secret_len)
3834 		|| (secret_len != 16))
3835 			yyerror("expected 128 bit hex string");
3836 		else {
3837 			cfg_parser->cfg->cookie_secret_len = secret_len;
3838 			memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
3839 		}
3840 		free($2);
3841 	}
3842 	;
3843 	ipsetstart: VAR_IPSET
3844 		{
3845 			OUTYY(("\nP(ipset:)\n"));
3846 			cfg_parser->started_toplevel = 1;
3847 		}
3848 		;
3849 	contents_ipset: contents_ipset content_ipset
3850 		| ;
3851 	content_ipset: ipset_name_v4 | ipset_name_v6
3852 		;
3853 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3854 		{
3855 		#ifdef USE_IPSET
3856 			OUTYY(("P(name-v4:%s)\n", $2));
3857 			if(cfg_parser->cfg->ipset_name_v4)
3858 				yyerror("ipset name v4 override, there must be one "
3859 					"name for ip v4");
3860 			free(cfg_parser->cfg->ipset_name_v4);
3861 			cfg_parser->cfg->ipset_name_v4 = $2;
3862 		#else
3863 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3864 			free($2);
3865 		#endif
3866 		}
3867 	;
3868 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3869 	{
3870 		#ifdef USE_IPSET
3871 			OUTYY(("P(name-v6:%s)\n", $2));
3872 			if(cfg_parser->cfg->ipset_name_v6)
3873 				yyerror("ipset name v6 override, there must be one "
3874 					"name for ip v6");
3875 			free(cfg_parser->cfg->ipset_name_v6);
3876 			cfg_parser->cfg->ipset_name_v6 = $2;
3877 		#else
3878 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3879 			free($2);
3880 		#endif
3881 		}
3882 	;
3883 %%
3884 
3885 /* parse helper routines could be here */
3886 static void
3887 validate_respip_action(const char* action)
3888 {
3889 	if(strcmp(action, "deny")!=0 &&
3890 		strcmp(action, "redirect")!=0 &&
3891 		strcmp(action, "inform")!=0 &&
3892 		strcmp(action, "inform_deny")!=0 &&
3893 		strcmp(action, "always_transparent")!=0 &&
3894 		strcmp(action, "always_refuse")!=0 &&
3895 		strcmp(action, "always_nxdomain")!=0)
3896 	{
3897 		yyerror("response-ip action: expected deny, redirect, "
3898 			"inform, inform_deny, always_transparent, "
3899 			"always_refuse or always_nxdomain");
3900 	}
3901 }
3902 
3903 static void
3904 validate_acl_action(const char* action)
3905 {
3906 	if(strcmp(action, "deny")!=0 &&
3907 		strcmp(action, "refuse")!=0 &&
3908 		strcmp(action, "deny_non_local")!=0 &&
3909 		strcmp(action, "refuse_non_local")!=0 &&
3910 		strcmp(action, "allow_setrd")!=0 &&
3911 		strcmp(action, "allow")!=0 &&
3912 		strcmp(action, "allow_snoop")!=0 &&
3913 		strcmp(action, "allow_cookie")!=0)
3914 	{
3915 		yyerror("expected deny, refuse, deny_non_local, "
3916 			"refuse_non_local, allow, allow_setrd, "
3917 			"allow_snoop or allow_cookie as access control action");
3918 	}
3919 }
3920