xref: /freebsd/contrib/unbound/util/configparser.y (revision 6966ac055c3b7a39266fb982493330df7a097997)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
76 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
77 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
78 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
79 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
80 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
81 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
82 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
83 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
84 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
85 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
86 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
87 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
88 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
89 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
90 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
91 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
92 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
93 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
94 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
95 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
96 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
97 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
98 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
99 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
100 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
101 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
102 %token VAR_CONTROL_USE_CERT
103 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
104 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
105 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
106 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
107 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
108 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
109 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
110 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
111 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
112 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
113 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
114 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
115 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
116 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
117 %token VAR_INFRA_CACHE_MIN_RTT
118 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
119 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
120 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
121 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
122 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
123 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
124 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
125 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
126 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
127 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
128 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
129 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
130 %token VAR_DISABLE_DNSSEC_LAME_CHECK
131 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
132 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
133 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
134 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
135 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
136 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
137 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
138 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
139 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
140 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
141 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
142 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
143 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
144 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
145 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
146 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_FAKE_DSA VAR_FAKE_SHA1
147 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
148 %token VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
149 %token VAR_ROOT_KEY_SENTINEL
150 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
151 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
152 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
153 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
154 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
155 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
156 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
157 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
158 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
159 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
160 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
161 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
162 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
163 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
164 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
165 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
166 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
167 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
168 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES
169 %token VAR_TLS_SESSION_TICKET_KEYS
170 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
171 
172 %%
173 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
174 toplevelvar: serverstart contents_server | stubstart contents_stub |
175 	forwardstart contents_forward | pythonstart contents_py |
176 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
177 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
178 	ipsetstart contents_ipset | authstart contents_auth
179 	;
180 
181 /* server: declaration */
182 serverstart: VAR_SERVER
183 	{
184 		OUTYY(("\nP(server:)\n"));
185 	}
186 	;
187 contents_server: contents_server content_server
188 	| ;
189 content_server: server_num_threads | server_verbosity | server_port |
190 	server_outgoing_range | server_do_ip4 |
191 	server_do_ip6 | server_prefer_ip6 |
192 	server_do_udp | server_do_tcp |
193 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
194 	server_tcp_keepalive | server_tcp_keepalive_timeout |
195 	server_interface | server_chroot | server_username |
196 	server_directory | server_logfile | server_pidfile |
197 	server_msg_cache_size | server_msg_cache_slabs |
198 	server_num_queries_per_thread | server_rrset_cache_size |
199 	server_rrset_cache_slabs | server_outgoing_num_tcp |
200 	server_infra_host_ttl | server_infra_lame_ttl |
201 	server_infra_cache_slabs | server_infra_cache_numhosts |
202 	server_infra_cache_lame_size | server_target_fetch_policy |
203 	server_harden_short_bufsize | server_harden_large_queries |
204 	server_do_not_query_address | server_hide_identity |
205 	server_hide_version | server_identity | server_version |
206 	server_harden_glue | server_module_conf | server_trust_anchor_file |
207 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
208 	server_val_clean_additional | server_val_permissive_mode |
209 	server_incoming_num_tcp | server_msg_buffer_size |
210 	server_key_cache_size | server_key_cache_slabs |
211 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
212 	server_use_syslog | server_outgoing_interface | server_root_hints |
213 	server_do_not_query_localhost | server_cache_max_ttl |
214 	server_harden_dnssec_stripped | server_access_control |
215 	server_local_zone | server_local_data | server_interface_automatic |
216 	server_statistics_interval | server_do_daemonize |
217 	server_use_caps_for_id | server_statistics_cumulative |
218 	server_outgoing_port_permit | server_outgoing_port_avoid |
219 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
220 	server_harden_referral_path | server_private_address |
221 	server_private_domain | server_extended_statistics |
222 	server_local_data_ptr | server_jostle_timeout |
223 	server_unwanted_reply_threshold | server_log_time_ascii |
224 	server_domain_insecure | server_val_sig_skew_min |
225 	server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
226 	server_auto_trust_anchor_file | server_add_holddown |
227 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
228 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
229 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
230 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
231 	server_log_local_actions |
232 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
233 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
234 	server_so_reuseport | server_delay_close |
235 	server_unblock_lan_zones | server_insecure_lan_zones |
236 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
237 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
238 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
239 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
240 	server_ip_ratelimit_size | server_ratelimit_size |
241 	server_ratelimit_for_domain |
242 	server_ratelimit_below_domain | server_ratelimit_factor |
243 	server_ip_ratelimit_factor | server_send_client_subnet |
244 	server_client_subnet_zone | server_client_subnet_always_forward |
245 	server_client_subnet_opcode |
246 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
247 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
248 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
249 	server_caps_whitelist | server_cache_max_negative_ttl |
250 	server_permit_small_holddown | server_qname_minimisation |
251 	server_ip_freebind | server_define_tag | server_local_zone_tag |
252 	server_disable_dnssec_lame_check | server_access_control_tag |
253 	server_local_zone_override | server_access_control_tag_action |
254 	server_access_control_tag_data | server_access_control_view |
255 	server_qname_minimisation_strict | server_serve_expired |
256 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
257 	server_fake_dsa | server_log_identity | server_use_systemd |
258 	server_response_ip_tag | server_response_ip | server_response_ip_data |
259 	server_shm_enable | server_shm_key | server_fake_sha1 |
260 	server_hide_trustanchor | server_trust_anchor_signaling |
261 	server_root_key_sentinel |
262 	server_ipsecmod_enabled | server_ipsecmod_hook |
263 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
264 	server_ipsecmod_whitelist | server_ipsecmod_strict |
265 	server_udp_upstream_without_downstream | server_aggressive_nsec |
266 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
267 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
268 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
269 	server_unknown_server_time_limit | server_log_tag_queryreply |
270 	server_stream_wait_size | server_tls_ciphers |
271 	server_tls_ciphersuites | server_tls_session_ticket_keys
272 	;
273 stubstart: VAR_STUB_ZONE
274 	{
275 		struct config_stub* s;
276 		OUTYY(("\nP(stub_zone:)\n"));
277 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
278 		if(s) {
279 			s->next = cfg_parser->cfg->stubs;
280 			cfg_parser->cfg->stubs = s;
281 		} else
282 			yyerror("out of memory");
283 	}
284 	;
285 contents_stub: contents_stub content_stub
286 	| ;
287 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
288 	stub_no_cache | stub_ssl_upstream
289 	;
290 forwardstart: VAR_FORWARD_ZONE
291 	{
292 		struct config_stub* s;
293 		OUTYY(("\nP(forward_zone:)\n"));
294 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
295 		if(s) {
296 			s->next = cfg_parser->cfg->forwards;
297 			cfg_parser->cfg->forwards = s;
298 		} else
299 			yyerror("out of memory");
300 	}
301 	;
302 contents_forward: contents_forward content_forward
303 	| ;
304 content_forward: forward_name | forward_host | forward_addr | forward_first |
305 	forward_no_cache | forward_ssl_upstream
306 	;
307 viewstart: VAR_VIEW
308 	{
309 		struct config_view* s;
310 		OUTYY(("\nP(view:)\n"));
311 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
312 		if(s) {
313 			s->next = cfg_parser->cfg->views;
314 			if(s->next && !s->next->name)
315 				yyerror("view without name");
316 			cfg_parser->cfg->views = s;
317 		} else
318 			yyerror("out of memory");
319 	}
320 	;
321 contents_view: contents_view content_view
322 	| ;
323 content_view: view_name | view_local_zone | view_local_data | view_first |
324 		view_response_ip | view_response_ip_data | view_local_data_ptr
325 	;
326 authstart: VAR_AUTH_ZONE
327 	{
328 		struct config_auth* s;
329 		OUTYY(("\nP(auth_zone:)\n"));
330 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
331 		if(s) {
332 			s->next = cfg_parser->cfg->auths;
333 			cfg_parser->cfg->auths = s;
334 			/* defaults for auth zone */
335 			s->for_downstream = 1;
336 			s->for_upstream = 1;
337 			s->fallback_enabled = 0;
338 		} else
339 			yyerror("out of memory");
340 	}
341 	;
342 contents_auth: contents_auth content_auth
343 	| ;
344 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
345 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
346 	auth_allow_notify
347 	;
348 server_num_threads: VAR_NUM_THREADS STRING_ARG
349 	{
350 		OUTYY(("P(server_num_threads:%s)\n", $2));
351 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
352 			yyerror("number expected");
353 		else cfg_parser->cfg->num_threads = atoi($2);
354 		free($2);
355 	}
356 	;
357 server_verbosity: VAR_VERBOSITY STRING_ARG
358 	{
359 		OUTYY(("P(server_verbosity:%s)\n", $2));
360 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
361 			yyerror("number expected");
362 		else cfg_parser->cfg->verbosity = atoi($2);
363 		free($2);
364 	}
365 	;
366 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
367 	{
368 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
369 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
370 			cfg_parser->cfg->stat_interval = 0;
371 		else if(atoi($2) == 0)
372 			yyerror("number expected");
373 		else cfg_parser->cfg->stat_interval = atoi($2);
374 		free($2);
375 	}
376 	;
377 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
378 	{
379 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
380 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
381 			yyerror("expected yes or no.");
382 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
383 		free($2);
384 	}
385 	;
386 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
387 	{
388 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
389 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
390 			yyerror("expected yes or no.");
391 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
392 		free($2);
393 	}
394 	;
395 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
396 	{
397 		OUTYY(("P(server_shm_enable:%s)\n", $2));
398 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
399 			yyerror("expected yes or no.");
400 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
401 		free($2);
402 	}
403 	;
404 server_shm_key: VAR_SHM_KEY STRING_ARG
405 	{
406 		OUTYY(("P(server_shm_key:%s)\n", $2));
407 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
408 			cfg_parser->cfg->shm_key = 0;
409 		else if(atoi($2) == 0)
410 			yyerror("number expected");
411 		else cfg_parser->cfg->shm_key = atoi($2);
412 		free($2);
413 	}
414 	;
415 server_port: VAR_PORT STRING_ARG
416 	{
417 		OUTYY(("P(server_port:%s)\n", $2));
418 		if(atoi($2) == 0)
419 			yyerror("port number expected");
420 		else cfg_parser->cfg->port = atoi($2);
421 		free($2);
422 	}
423 	;
424 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
425 	{
426 	#ifdef CLIENT_SUBNET
427 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
428 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
429 			fatal_exit("out of memory adding client-subnet");
430 	#else
431 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
432 	#endif
433 	}
434 	;
435 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
436 	{
437 	#ifdef CLIENT_SUBNET
438 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
439 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
440 			$2))
441 			fatal_exit("out of memory adding client-subnet-zone");
442 	#else
443 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
444 	#endif
445 	}
446 	;
447 server_client_subnet_always_forward:
448 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
449 	{
450 	#ifdef CLIENT_SUBNET
451 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
452 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
453 			yyerror("expected yes or no.");
454 		else
455 			cfg_parser->cfg->client_subnet_always_forward =
456 				(strcmp($2, "yes")==0);
457 	#else
458 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
459 	#endif
460 		free($2);
461 	}
462 	;
463 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
464 	{
465 	#ifdef CLIENT_SUBNET
466 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
467 		OUTYY(("P(Deprecated option, ignoring)\n"));
468 	#else
469 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
470 	#endif
471 		free($2);
472 	}
473 	;
474 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
475 	{
476 	#ifdef CLIENT_SUBNET
477 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
478 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
479 			yyerror("IPv4 subnet length expected");
480 		else if (atoi($2) > 32)
481 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
482 		else if (atoi($2) < 0)
483 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
484 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
485 	#else
486 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
487 	#endif
488 		free($2);
489 	}
490 	;
491 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
492 	{
493 	#ifdef CLIENT_SUBNET
494 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
495 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
496 			yyerror("Ipv6 subnet length expected");
497 		else if (atoi($2) > 128)
498 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
499 		else if (atoi($2) < 0)
500 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
501 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
502 	#else
503 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
504 	#endif
505 		free($2);
506 	}
507 	;
508 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
509 	{
510 	#ifdef CLIENT_SUBNET
511 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
512 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
513 			yyerror("IPv4 subnet length expected");
514 		else if (atoi($2) > 32)
515 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
516 		else if (atoi($2) < 0)
517 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
518 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
519 	#else
520 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
521 	#endif
522 		free($2);
523 	}
524 	;
525 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
526 	{
527 	#ifdef CLIENT_SUBNET
528 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
529 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
530 			yyerror("Ipv6 subnet length expected");
531 		else if (atoi($2) > 128)
532 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
533 		else if (atoi($2) < 0)
534 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
535 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
536 	#else
537 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
538 	#endif
539 		free($2);
540 	}
541 	;
542 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
543 	{
544 	#ifdef CLIENT_SUBNET
545 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
546 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
547 			yyerror("IPv4 ECS tree size expected");
548 		else if (atoi($2) < 0)
549 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
550 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
551 	#else
552 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
553 	#endif
554 		free($2);
555 	}
556 	;
557 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
558 	{
559 	#ifdef CLIENT_SUBNET
560 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
561 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
562 			yyerror("IPv6 ECS tree size expected");
563 		else if (atoi($2) < 0)
564 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
565 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
566 	#else
567 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
568 	#endif
569 		free($2);
570 	}
571 	;
572 server_interface: VAR_INTERFACE STRING_ARG
573 	{
574 		OUTYY(("P(server_interface:%s)\n", $2));
575 		if(cfg_parser->cfg->num_ifs == 0)
576 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
577 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
578 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
579 		if(!cfg_parser->cfg->ifs)
580 			yyerror("out of memory");
581 		else
582 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
583 	}
584 	;
585 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
586 	{
587 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
588 		if(cfg_parser->cfg->num_out_ifs == 0)
589 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
590 		else 	cfg_parser->cfg->out_ifs = realloc(
591 			cfg_parser->cfg->out_ifs,
592 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
593 		if(!cfg_parser->cfg->out_ifs)
594 			yyerror("out of memory");
595 		else
596 			cfg_parser->cfg->out_ifs[
597 				cfg_parser->cfg->num_out_ifs++] = $2;
598 	}
599 	;
600 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
601 	{
602 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
603 		if(atoi($2) == 0)
604 			yyerror("number expected");
605 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
606 		free($2);
607 	}
608 	;
609 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
610 	{
611 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
612 		if(!cfg_mark_ports($2, 1,
613 			cfg_parser->cfg->outgoing_avail_ports, 65536))
614 			yyerror("port number or range (\"low-high\") expected");
615 		free($2);
616 	}
617 	;
618 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
619 	{
620 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
621 		if(!cfg_mark_ports($2, 0,
622 			cfg_parser->cfg->outgoing_avail_ports, 65536))
623 			yyerror("port number or range (\"low-high\") expected");
624 		free($2);
625 	}
626 	;
627 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
628 	{
629 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
630 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
631 			yyerror("number expected");
632 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
633 		free($2);
634 	}
635 	;
636 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
637 	{
638 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
639 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
640 			yyerror("number expected");
641 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
642 		free($2);
643 	}
644 	;
645 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
646 	{
647 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
648 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
649 			yyerror("expected yes or no.");
650 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
651 		free($2);
652 	}
653 	;
654 server_do_ip4: VAR_DO_IP4 STRING_ARG
655 	{
656 		OUTYY(("P(server_do_ip4:%s)\n", $2));
657 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
658 			yyerror("expected yes or no.");
659 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
660 		free($2);
661 	}
662 	;
663 server_do_ip6: VAR_DO_IP6 STRING_ARG
664 	{
665 		OUTYY(("P(server_do_ip6:%s)\n", $2));
666 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
667 			yyerror("expected yes or no.");
668 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
669 		free($2);
670 	}
671 	;
672 server_do_udp: VAR_DO_UDP STRING_ARG
673 	{
674 		OUTYY(("P(server_do_udp:%s)\n", $2));
675 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
676 			yyerror("expected yes or no.");
677 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
678 		free($2);
679 	}
680 	;
681 server_do_tcp: VAR_DO_TCP STRING_ARG
682 	{
683 		OUTYY(("P(server_do_tcp:%s)\n", $2));
684 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
685 			yyerror("expected yes or no.");
686 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
687 		free($2);
688 	}
689 	;
690 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
691 	{
692 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
693 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
694 			yyerror("expected yes or no.");
695 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
696 		free($2);
697 	}
698 	;
699 server_tcp_mss: VAR_TCP_MSS STRING_ARG
700 	{
701 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
702                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
703                         yyerror("number expected");
704                 else cfg_parser->cfg->tcp_mss = atoi($2);
705                 free($2);
706 	}
707 	;
708 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
709 	{
710 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
711 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
712 			yyerror("number expected");
713 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
714 		free($2);
715 	}
716 	;
717 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
718 	{
719 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
720 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
721 			yyerror("number expected");
722 		else if (atoi($2) > 120000)
723 			cfg_parser->cfg->tcp_idle_timeout = 120000;
724 		else if (atoi($2) < 1)
725 			cfg_parser->cfg->tcp_idle_timeout = 1;
726 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
727 		free($2);
728 	}
729 	;
730 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
731 	{
732 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
733 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
734 			yyerror("expected yes or no.");
735 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
736 		free($2);
737 	}
738 	;
739 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
740 	{
741 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
742 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
743 			yyerror("number expected");
744 		else if (atoi($2) > 6553500)
745 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
746 		else if (atoi($2) < 1)
747 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
748 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
749 		free($2);
750 	}
751 	;
752 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
753 	{
754 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
755 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
756 			yyerror("expected yes or no.");
757 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
758 		free($2);
759 	}
760 	;
761 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
762 	{
763 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
764 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
765 			yyerror("expected yes or no.");
766 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
767 		free($2);
768 	}
769 	;
770 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
771 	{
772 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
773 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
774 			yyerror("expected yes or no.");
775 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
776 		free($2);
777 	}
778 	;
779 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
780 	{
781 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
782 		free(cfg_parser->cfg->ssl_service_key);
783 		cfg_parser->cfg->ssl_service_key = $2;
784 	}
785 	;
786 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
787 	{
788 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
789 		free(cfg_parser->cfg->ssl_service_pem);
790 		cfg_parser->cfg->ssl_service_pem = $2;
791 	}
792 	;
793 server_ssl_port: VAR_SSL_PORT STRING_ARG
794 	{
795 		OUTYY(("P(server_ssl_port:%s)\n", $2));
796 		if(atoi($2) == 0)
797 			yyerror("port number expected");
798 		else cfg_parser->cfg->ssl_port = atoi($2);
799 		free($2);
800 	}
801 	;
802 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
803 	{
804 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
805 		free(cfg_parser->cfg->tls_cert_bundle);
806 		cfg_parser->cfg->tls_cert_bundle = $2;
807 	}
808 	;
809 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
810 	{
811 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
812 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
813 			yyerror("expected yes or no.");
814 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
815 		free($2);
816 	}
817 	;
818 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
819 	{
820 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
821 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
822 			$2))
823 			yyerror("out of memory");
824 	}
825 	;
826 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
827 	{
828 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
829 		free(cfg_parser->cfg->tls_ciphers);
830 		cfg_parser->cfg->tls_ciphers = $2;
831 	}
832 	;
833 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
834 	{
835 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
836 		free(cfg_parser->cfg->tls_ciphersuites);
837 		cfg_parser->cfg->tls_ciphersuites = $2;
838 	}
839 	;
840 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
841 	{
842 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
843 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
844 			$2))
845 			yyerror("out of memory");
846 	}
847 	;
848 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
849 	{
850 		OUTYY(("P(server_use_systemd:%s)\n", $2));
851 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
852 			yyerror("expected yes or no.");
853 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
854 		free($2);
855 	}
856 	;
857 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
858 	{
859 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
860 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
861 			yyerror("expected yes or no.");
862 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
863 		free($2);
864 	}
865 	;
866 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
867 	{
868 		OUTYY(("P(server_use_syslog:%s)\n", $2));
869 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
870 			yyerror("expected yes or no.");
871 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
872 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
873 		if(strcmp($2, "yes") == 0)
874 			yyerror("no syslog services are available. "
875 				"(reconfigure and compile to add)");
876 #endif
877 		free($2);
878 	}
879 	;
880 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
881 	{
882 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
883 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
884 			yyerror("expected yes or no.");
885 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
886 		free($2);
887 	}
888 	;
889 server_log_queries: VAR_LOG_QUERIES STRING_ARG
890 	{
891 		OUTYY(("P(server_log_queries:%s)\n", $2));
892 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
893 			yyerror("expected yes or no.");
894 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
895 		free($2);
896 	}
897 	;
898 server_log_replies: VAR_LOG_REPLIES STRING_ARG
899   {
900   	OUTYY(("P(server_log_replies:%s)\n", $2));
901   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
902   		yyerror("expected yes or no.");
903   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
904   	free($2);
905   }
906   ;
907 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
908   {
909   	OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
910   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
911   		yyerror("expected yes or no.");
912   	else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
913   	free($2);
914   }
915   ;
916 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
917 	{
918 		OUTYY(("P(server_log_servfail:%s)\n", $2));
919 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
920 			yyerror("expected yes or no.");
921 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
922 		free($2);
923 	}
924 	;
925 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
926   {
927   	OUTYY(("P(server_log_local_actions:%s)\n", $2));
928   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
929   		yyerror("expected yes or no.");
930   	else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
931   	free($2);
932   }
933   ;
934 server_chroot: VAR_CHROOT STRING_ARG
935 	{
936 		OUTYY(("P(server_chroot:%s)\n", $2));
937 		free(cfg_parser->cfg->chrootdir);
938 		cfg_parser->cfg->chrootdir = $2;
939 	}
940 	;
941 server_username: VAR_USERNAME STRING_ARG
942 	{
943 		OUTYY(("P(server_username:%s)\n", $2));
944 		free(cfg_parser->cfg->username);
945 		cfg_parser->cfg->username = $2;
946 	}
947 	;
948 server_directory: VAR_DIRECTORY STRING_ARG
949 	{
950 		OUTYY(("P(server_directory:%s)\n", $2));
951 		free(cfg_parser->cfg->directory);
952 		cfg_parser->cfg->directory = $2;
953 		/* change there right away for includes relative to this */
954 		if($2[0]) {
955 			char* d;
956 #ifdef UB_ON_WINDOWS
957 			w_config_adjust_directory(cfg_parser->cfg);
958 #endif
959 			d = cfg_parser->cfg->directory;
960 			/* adjust directory if we have already chroot,
961 			 * like, we reread after sighup */
962 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
963 				strncmp(d, cfg_parser->chroot, strlen(
964 				cfg_parser->chroot)) == 0)
965 				d += strlen(cfg_parser->chroot);
966 			if(d[0]) {
967 			    if(chdir(d))
968 				log_err("cannot chdir to directory: %s (%s)",
969 					d, strerror(errno));
970 			}
971 		}
972 	}
973 	;
974 server_logfile: VAR_LOGFILE STRING_ARG
975 	{
976 		OUTYY(("P(server_logfile:%s)\n", $2));
977 		free(cfg_parser->cfg->logfile);
978 		cfg_parser->cfg->logfile = $2;
979 		cfg_parser->cfg->use_syslog = 0;
980 	}
981 	;
982 server_pidfile: VAR_PIDFILE STRING_ARG
983 	{
984 		OUTYY(("P(server_pidfile:%s)\n", $2));
985 		free(cfg_parser->cfg->pidfile);
986 		cfg_parser->cfg->pidfile = $2;
987 	}
988 	;
989 server_root_hints: VAR_ROOT_HINTS STRING_ARG
990 	{
991 		OUTYY(("P(server_root_hints:%s)\n", $2));
992 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
993 			yyerror("out of memory");
994 	}
995 	;
996 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
997 	{
998 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
999 		free(cfg_parser->cfg->dlv_anchor_file);
1000 		cfg_parser->cfg->dlv_anchor_file = $2;
1001 	}
1002 	;
1003 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1004 	{
1005 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1006 		if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
1007 			yyerror("out of memory");
1008 	}
1009 	;
1010 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1011 	{
1012 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1013 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1014 			auto_trust_anchor_file_list, $2))
1015 			yyerror("out of memory");
1016 	}
1017 	;
1018 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1019 	{
1020 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1021 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1022 			trust_anchor_file_list, $2))
1023 			yyerror("out of memory");
1024 	}
1025 	;
1026 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1027 	{
1028 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1029 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1030 			trusted_keys_file_list, $2))
1031 			yyerror("out of memory");
1032 	}
1033 	;
1034 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1035 	{
1036 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1037 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1038 			yyerror("out of memory");
1039 	}
1040 	;
1041 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1042 	{
1043 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1044 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1045 			yyerror("expected yes or no.");
1046 		else
1047 			cfg_parser->cfg->trust_anchor_signaling =
1048 				(strcmp($2, "yes")==0);
1049 		free($2);
1050 	}
1051 	;
1052 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1053 	{
1054 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1055 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1056 			yyerror("expected yes or no.");
1057 		else
1058 			cfg_parser->cfg->root_key_sentinel =
1059 				(strcmp($2, "yes")==0);
1060 		free($2);
1061 	}
1062 	;
1063 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1064 	{
1065 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1066 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1067 			yyerror("out of memory");
1068 	}
1069 	;
1070 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1071 	{
1072 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1073 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1074 			yyerror("expected yes or no.");
1075 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1076 		free($2);
1077 	}
1078 	;
1079 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1080 	{
1081 		OUTYY(("P(server_hide_version:%s)\n", $2));
1082 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1083 			yyerror("expected yes or no.");
1084 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1085 		free($2);
1086 	}
1087 	;
1088 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1089 	{
1090 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1091 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1092 			yyerror("expected yes or no.");
1093 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1094 		free($2);
1095 	}
1096 	;
1097 server_identity: VAR_IDENTITY STRING_ARG
1098 	{
1099 		OUTYY(("P(server_identity:%s)\n", $2));
1100 		free(cfg_parser->cfg->identity);
1101 		cfg_parser->cfg->identity = $2;
1102 	}
1103 	;
1104 server_version: VAR_VERSION STRING_ARG
1105 	{
1106 		OUTYY(("P(server_version:%s)\n", $2));
1107 		free(cfg_parser->cfg->version);
1108 		cfg_parser->cfg->version = $2;
1109 	}
1110 	;
1111 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1112 	{
1113 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1114 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1115 			yyerror("buffer size expected");
1116 		free($2);
1117 	}
1118 	;
1119 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1120 	{
1121 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1122 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1123 			yyerror("buffer size expected");
1124 		free($2);
1125 	}
1126 	;
1127 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1128     {
1129         OUTYY(("P(server_so_reuseport:%s)\n", $2));
1130         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1131             yyerror("expected yes or no.");
1132         else cfg_parser->cfg->so_reuseport =
1133             (strcmp($2, "yes")==0);
1134         free($2);
1135     }
1136     ;
1137 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1138     {
1139         OUTYY(("P(server_ip_transparent:%s)\n", $2));
1140         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1141             yyerror("expected yes or no.");
1142         else cfg_parser->cfg->ip_transparent =
1143             (strcmp($2, "yes")==0);
1144         free($2);
1145     }
1146     ;
1147 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1148     {
1149         OUTYY(("P(server_ip_freebind:%s)\n", $2));
1150         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1151             yyerror("expected yes or no.");
1152         else cfg_parser->cfg->ip_freebind =
1153             (strcmp($2, "yes")==0);
1154         free($2);
1155     }
1156     ;
1157 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1158 	{
1159 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1160 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1161 			yyerror("memory size expected");
1162 		free($2);
1163 	}
1164 	;
1165 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1166 	{
1167 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1168 		if(atoi($2) == 0)
1169 			yyerror("number expected");
1170 		else if (atoi($2) < 12)
1171 			yyerror("edns buffer size too small");
1172 		else if (atoi($2) > 65535)
1173 			cfg_parser->cfg->edns_buffer_size = 65535;
1174 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1175 		free($2);
1176 	}
1177 	;
1178 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1179 	{
1180 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1181 		if(atoi($2) == 0)
1182 			yyerror("number expected");
1183 		else if (atoi($2) < 4096)
1184 			yyerror("message buffer size too small (use 4096)");
1185 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1186 		free($2);
1187 	}
1188 	;
1189 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1190 	{
1191 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1192 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1193 			yyerror("memory size expected");
1194 		free($2);
1195 	}
1196 	;
1197 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1198 	{
1199 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1200 		if(atoi($2) == 0)
1201 			yyerror("number expected");
1202 		else {
1203 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1204 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1205 				yyerror("must be a power of 2");
1206 		}
1207 		free($2);
1208 	}
1209 	;
1210 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1211 	{
1212 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1213 		if(atoi($2) == 0)
1214 			yyerror("number expected");
1215 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1216 		free($2);
1217 	}
1218 	;
1219 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1220 	{
1221 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1222 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1223 			yyerror("number expected");
1224 		else cfg_parser->cfg->jostle_time = atoi($2);
1225 		free($2);
1226 	}
1227 	;
1228 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1229 	{
1230 		OUTYY(("P(server_delay_close:%s)\n", $2));
1231 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1232 			yyerror("number expected");
1233 		else cfg_parser->cfg->delay_close = atoi($2);
1234 		free($2);
1235 	}
1236 	;
1237 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1238 	{
1239 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1240 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1241 			yyerror("expected yes or no.");
1242 		else cfg_parser->cfg->unblock_lan_zones =
1243 			(strcmp($2, "yes")==0);
1244 		free($2);
1245 	}
1246 	;
1247 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1248 	{
1249 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1250 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1251 			yyerror("expected yes or no.");
1252 		else cfg_parser->cfg->insecure_lan_zones =
1253 			(strcmp($2, "yes")==0);
1254 		free($2);
1255 	}
1256 	;
1257 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1258 	{
1259 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1260 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1261 			yyerror("memory size expected");
1262 		free($2);
1263 	}
1264 	;
1265 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1266 	{
1267 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1268 		if(atoi($2) == 0)
1269 			yyerror("number expected");
1270 		else {
1271 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1272 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1273 				yyerror("must be a power of 2");
1274 		}
1275 		free($2);
1276 	}
1277 	;
1278 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1279 	{
1280 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1281 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1282 			yyerror("number expected");
1283 		else cfg_parser->cfg->host_ttl = atoi($2);
1284 		free($2);
1285 	}
1286 	;
1287 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1288 	{
1289 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1290 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1291 			"removed, use infra-host-ttl)", $2);
1292 		free($2);
1293 	}
1294 	;
1295 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1296 	{
1297 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1298 		if(atoi($2) == 0)
1299 			yyerror("number expected");
1300 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1301 		free($2);
1302 	}
1303 	;
1304 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1305 	{
1306 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1307 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1308 			"(option removed, use infra-cache-numhosts)", $2);
1309 		free($2);
1310 	}
1311 	;
1312 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1313 	{
1314 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1315 		if(atoi($2) == 0)
1316 			yyerror("number expected");
1317 		else {
1318 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1319 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1320 				yyerror("must be a power of 2");
1321 		}
1322 		free($2);
1323 	}
1324 	;
1325 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1326 	{
1327 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1328 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1329 			yyerror("number expected");
1330 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1331 		free($2);
1332 	}
1333 	;
1334 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1335 	{
1336 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1337 		free(cfg_parser->cfg->target_fetch_policy);
1338 		cfg_parser->cfg->target_fetch_policy = $2;
1339 	}
1340 	;
1341 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1342 	{
1343 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1344 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1345 			yyerror("expected yes or no.");
1346 		else cfg_parser->cfg->harden_short_bufsize =
1347 			(strcmp($2, "yes")==0);
1348 		free($2);
1349 	}
1350 	;
1351 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1352 	{
1353 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1354 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1355 			yyerror("expected yes or no.");
1356 		else cfg_parser->cfg->harden_large_queries =
1357 			(strcmp($2, "yes")==0);
1358 		free($2);
1359 	}
1360 	;
1361 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1362 	{
1363 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1364 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1365 			yyerror("expected yes or no.");
1366 		else cfg_parser->cfg->harden_glue =
1367 			(strcmp($2, "yes")==0);
1368 		free($2);
1369 	}
1370 	;
1371 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1372 	{
1373 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1374 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1375 			yyerror("expected yes or no.");
1376 		else cfg_parser->cfg->harden_dnssec_stripped =
1377 			(strcmp($2, "yes")==0);
1378 		free($2);
1379 	}
1380 	;
1381 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1382 	{
1383 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1384 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1385 			yyerror("expected yes or no.");
1386 		else cfg_parser->cfg->harden_below_nxdomain =
1387 			(strcmp($2, "yes")==0);
1388 		free($2);
1389 	}
1390 	;
1391 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1392 	{
1393 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1394 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1395 			yyerror("expected yes or no.");
1396 		else cfg_parser->cfg->harden_referral_path =
1397 			(strcmp($2, "yes")==0);
1398 		free($2);
1399 	}
1400 	;
1401 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1402 	{
1403 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1404 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1405 			yyerror("expected yes or no.");
1406 		else cfg_parser->cfg->harden_algo_downgrade =
1407 			(strcmp($2, "yes")==0);
1408 		free($2);
1409 	}
1410 	;
1411 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1412 	{
1413 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1414 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1415 			yyerror("expected yes or no.");
1416 		else cfg_parser->cfg->use_caps_bits_for_id =
1417 			(strcmp($2, "yes")==0);
1418 		free($2);
1419 	}
1420 	;
1421 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1422 	{
1423 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1424 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1425 			yyerror("out of memory");
1426 	}
1427 	;
1428 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1429 	{
1430 		OUTYY(("P(server_private_address:%s)\n", $2));
1431 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1432 			yyerror("out of memory");
1433 	}
1434 	;
1435 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1436 	{
1437 		OUTYY(("P(server_private_domain:%s)\n", $2));
1438 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1439 			yyerror("out of memory");
1440 	}
1441 	;
1442 server_prefetch: VAR_PREFETCH STRING_ARG
1443 	{
1444 		OUTYY(("P(server_prefetch:%s)\n", $2));
1445 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1446 			yyerror("expected yes or no.");
1447 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1448 		free($2);
1449 	}
1450 	;
1451 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1452 	{
1453 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1454 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1455 			yyerror("expected yes or no.");
1456 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1457 		free($2);
1458 	}
1459 	;
1460 server_deny_any: VAR_DENY_ANY STRING_ARG
1461 	{
1462 		OUTYY(("P(server_deny_any:%s)\n", $2));
1463 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1464 			yyerror("expected yes or no.");
1465 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1466 		free($2);
1467 	}
1468 	;
1469 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1470 	{
1471 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1472 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1473 			yyerror("number expected");
1474 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1475 		free($2);
1476 	}
1477 	;
1478 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1479 	{
1480 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1481 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1482 			yyerror("out of memory");
1483 	}
1484 	;
1485 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1486 	{
1487 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1488 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1489 			yyerror("expected yes or no.");
1490 		else cfg_parser->cfg->donotquery_localhost =
1491 			(strcmp($2, "yes")==0);
1492 		free($2);
1493 	}
1494 	;
1495 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1496 	{
1497 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1498 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1499 			strcmp($3, "deny_non_local")!=0 &&
1500 			strcmp($3, "refuse_non_local")!=0 &&
1501 			strcmp($3, "allow_setrd")!=0 &&
1502 			strcmp($3, "allow")!=0 &&
1503 			strcmp($3, "allow_snoop")!=0) {
1504 			yyerror("expected deny, refuse, deny_non_local, "
1505 				"refuse_non_local, allow, allow_setrd or "
1506 				"allow_snoop in access control action");
1507 			free($2);
1508 			free($3);
1509 		} else {
1510 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1511 				fatal_exit("out of memory adding acl");
1512 		}
1513 	}
1514 	;
1515 server_module_conf: VAR_MODULE_CONF STRING_ARG
1516 	{
1517 		OUTYY(("P(server_module_conf:%s)\n", $2));
1518 		free(cfg_parser->cfg->module_conf);
1519 		cfg_parser->cfg->module_conf = $2;
1520 	}
1521 	;
1522 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1523 	{
1524 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1525 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1526 			cfg_parser->cfg->val_date_override = 0;
1527 		} else if(strlen($2) == 14) {
1528 			cfg_parser->cfg->val_date_override =
1529 				cfg_convert_timeval($2);
1530 			if(!cfg_parser->cfg->val_date_override)
1531 				yyerror("bad date/time specification");
1532 		} else {
1533 			if(atoi($2) == 0)
1534 				yyerror("number expected");
1535 			cfg_parser->cfg->val_date_override = atoi($2);
1536 		}
1537 		free($2);
1538 	}
1539 	;
1540 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1541 	{
1542 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1543 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1544 			cfg_parser->cfg->val_sig_skew_min = 0;
1545 		} else {
1546 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1547 			if(!cfg_parser->cfg->val_sig_skew_min)
1548 				yyerror("number expected");
1549 		}
1550 		free($2);
1551 	}
1552 	;
1553 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1554 	{
1555 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1556 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1557 			cfg_parser->cfg->val_sig_skew_max = 0;
1558 		} else {
1559 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1560 			if(!cfg_parser->cfg->val_sig_skew_max)
1561 				yyerror("number expected");
1562 		}
1563 		free($2);
1564 	}
1565 	;
1566 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1567 	{
1568 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1569 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1570 			yyerror("number expected");
1571 		else cfg_parser->cfg->max_ttl = atoi($2);
1572 		free($2);
1573 	}
1574 	;
1575 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1576 	{
1577 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1578 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1579 			yyerror("number expected");
1580 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1581 		free($2);
1582 	}
1583 	;
1584 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1585 	{
1586 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1587 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1588 			yyerror("number expected");
1589 		else cfg_parser->cfg->min_ttl = atoi($2);
1590 		free($2);
1591 	}
1592 	;
1593 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1594 	{
1595 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1596 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1597 			yyerror("number expected");
1598 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1599 		free($2);
1600 	}
1601 	;
1602 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1603 	{
1604 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1605 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1606 			yyerror("expected yes or no.");
1607 		else cfg_parser->cfg->val_clean_additional =
1608 			(strcmp($2, "yes")==0);
1609 		free($2);
1610 	}
1611 	;
1612 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1613 	{
1614 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1615 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1616 			yyerror("expected yes or no.");
1617 		else cfg_parser->cfg->val_permissive_mode =
1618 			(strcmp($2, "yes")==0);
1619 		free($2);
1620 	}
1621 	;
1622 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1623 	{
1624 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1625 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1626 			yyerror("expected yes or no.");
1627 		else
1628 			cfg_parser->cfg->aggressive_nsec =
1629 				(strcmp($2, "yes")==0);
1630 		free($2);
1631 	}
1632 	;
1633 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1634 	{
1635 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1636 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1637 			yyerror("expected yes or no.");
1638 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1639 		free($2);
1640 	}
1641 	;
1642 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1643 	{
1644 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1645 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1646 			yyerror("expected yes or no.");
1647 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1648 		free($2);
1649 	}
1650 	;
1651 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1652 	{
1653 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1654 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1655 			yyerror("number expected");
1656 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1657 		free($2);
1658 	}
1659 	;
1660 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1661 	{
1662 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1663 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1664 			yyerror("expected yes or no.");
1665 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1666 		free($2);
1667 	}
1668 	;
1669 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1670 	{
1671 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
1672 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1673 			yyerror("expected yes or no.");
1674 #ifdef HAVE_SSL
1675 		else fake_dsa = (strcmp($2, "yes")==0);
1676 		if(fake_dsa)
1677 			log_warn("test option fake_dsa is enabled");
1678 #endif
1679 		free($2);
1680 	}
1681 	;
1682 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1683 	{
1684 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
1685 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1686 			yyerror("expected yes or no.");
1687 #ifdef HAVE_SSL
1688 		else fake_sha1 = (strcmp($2, "yes")==0);
1689 		if(fake_sha1)
1690 			log_warn("test option fake_sha1 is enabled");
1691 #endif
1692 		free($2);
1693 	}
1694 	;
1695 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1696 	{
1697 		OUTYY(("P(server_val_log_level:%s)\n", $2));
1698 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1699 			yyerror("number expected");
1700 		else cfg_parser->cfg->val_log_level = atoi($2);
1701 		free($2);
1702 	}
1703 	;
1704 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1705 	{
1706 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1707 		free(cfg_parser->cfg->val_nsec3_key_iterations);
1708 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
1709 	}
1710 	;
1711 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1712 	{
1713 		OUTYY(("P(server_add_holddown:%s)\n", $2));
1714 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1715 			yyerror("number expected");
1716 		else cfg_parser->cfg->add_holddown = atoi($2);
1717 		free($2);
1718 	}
1719 	;
1720 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1721 	{
1722 		OUTYY(("P(server_del_holddown:%s)\n", $2));
1723 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1724 			yyerror("number expected");
1725 		else cfg_parser->cfg->del_holddown = atoi($2);
1726 		free($2);
1727 	}
1728 	;
1729 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1730 	{
1731 		OUTYY(("P(server_keep_missing:%s)\n", $2));
1732 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1733 			yyerror("number expected");
1734 		else cfg_parser->cfg->keep_missing = atoi($2);
1735 		free($2);
1736 	}
1737 	;
1738 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1739 	{
1740 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1741 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1742 			yyerror("expected yes or no.");
1743 		else cfg_parser->cfg->permit_small_holddown =
1744 			(strcmp($2, "yes")==0);
1745 		free($2);
1746 	}
1747 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1748 	{
1749 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
1750 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1751 			yyerror("memory size expected");
1752 		free($2);
1753 	}
1754 	;
1755 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1756 	{
1757 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1758 		if(atoi($2) == 0)
1759 			yyerror("number expected");
1760 		else {
1761 			cfg_parser->cfg->key_cache_slabs = atoi($2);
1762 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1763 				yyerror("must be a power of 2");
1764 		}
1765 		free($2);
1766 	}
1767 	;
1768 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1769 	{
1770 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1771 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1772 			yyerror("memory size expected");
1773 		free($2);
1774 	}
1775 	;
1776 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1777 	{
1778 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1779 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1780 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1781 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1782 		   && strcmp($3, "typetransparent")!=0
1783 		   && strcmp($3, "always_transparent")!=0
1784 		   && strcmp($3, "always_refuse")!=0
1785 		   && strcmp($3, "always_nxdomain")!=0
1786 		   && strcmp($3, "noview")!=0
1787 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
1788 		   && strcmp($3, "inform_redirect") != 0
1789 			 && strcmp($3, "ipset") != 0) {
1790 			yyerror("local-zone type: expected static, deny, "
1791 				"refuse, redirect, transparent, "
1792 				"typetransparent, inform, inform_deny, "
1793 				"inform_redirect, always_transparent, "
1794 				"always_refuse, always_nxdomain, noview "
1795 				", nodefault or ipset");
1796 			free($2);
1797 			free($3);
1798 		} else if(strcmp($3, "nodefault")==0) {
1799 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1800 				local_zones_nodefault, $2))
1801 				fatal_exit("out of memory adding local-zone");
1802 			free($3);
1803 #ifdef USE_IPSET
1804 		} else if(strcmp($3, "ipset")==0) {
1805 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1806 				local_zones_ipset, $2))
1807 				fatal_exit("out of memory adding local-zone");
1808 			free($3);
1809 #endif
1810 		} else {
1811 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1812 				$2, $3))
1813 				fatal_exit("out of memory adding local-zone");
1814 		}
1815 	}
1816 	;
1817 server_local_data: VAR_LOCAL_DATA STRING_ARG
1818 	{
1819 		OUTYY(("P(server_local_data:%s)\n", $2));
1820 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1821 			fatal_exit("out of memory adding local-data");
1822 	}
1823 	;
1824 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1825 	{
1826 		char* ptr;
1827 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1828 		ptr = cfg_ptr_reverse($2);
1829 		free($2);
1830 		if(ptr) {
1831 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1832 				local_data, ptr))
1833 				fatal_exit("out of memory adding local-data");
1834 		} else {
1835 			yyerror("local-data-ptr could not be reversed");
1836 		}
1837 	}
1838 	;
1839 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1840 	{
1841 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
1842 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1843 			yyerror("expected yes or no.");
1844 		else cfg_parser->cfg->minimal_responses =
1845 			(strcmp($2, "yes")==0);
1846 		free($2);
1847 	}
1848 	;
1849 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1850 	{
1851 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1852 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1853 			yyerror("expected yes or no.");
1854 		else cfg_parser->cfg->rrset_roundrobin =
1855 			(strcmp($2, "yes")==0);
1856 		free($2);
1857 	}
1858 	;
1859 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
1860 	{
1861 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
1862 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
1863 		free($2);
1864 	}
1865 	;
1866 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1867 	{
1868 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
1869 		cfg_parser->cfg->max_udp_size = atoi($2);
1870 		free($2);
1871 	}
1872 	;
1873 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1874 	{
1875 		OUTYY(("P(dns64_prefix:%s)\n", $2));
1876 		free(cfg_parser->cfg->dns64_prefix);
1877 		cfg_parser->cfg->dns64_prefix = $2;
1878 	}
1879 	;
1880 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1881 	{
1882 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1883 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1884 			yyerror("expected yes or no.");
1885 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1886 		free($2);
1887 	}
1888 	;
1889 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
1890 	{
1891 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
1892 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
1893 			$2))
1894 			fatal_exit("out of memory adding dns64-ignore-aaaa");
1895 	}
1896 	;
1897 server_define_tag: VAR_DEFINE_TAG STRING_ARG
1898 	{
1899 		char* p, *s = $2;
1900 		OUTYY(("P(server_define_tag:%s)\n", $2));
1901 		while((p=strsep(&s, " \t\n")) != NULL) {
1902 			if(*p) {
1903 				if(!config_add_tag(cfg_parser->cfg, p))
1904 					yyerror("could not define-tag, "
1905 						"out of memory");
1906 			}
1907 		}
1908 		free($2);
1909 	}
1910 	;
1911 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
1912 	{
1913 		size_t len = 0;
1914 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1915 			&len);
1916 		free($3);
1917 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
1918 		if(!bitlist) {
1919 			yyerror("could not parse tags, (define-tag them first)");
1920 			free($2);
1921 		}
1922 		if(bitlist) {
1923 			if(!cfg_strbytelist_insert(
1924 				&cfg_parser->cfg->local_zone_tags,
1925 				$2, bitlist, len)) {
1926 				yyerror("out of memory");
1927 				free($2);
1928 			}
1929 		}
1930 	}
1931 	;
1932 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
1933 	{
1934 		size_t len = 0;
1935 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1936 			&len);
1937 		free($3);
1938 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
1939 		if(!bitlist) {
1940 			yyerror("could not parse tags, (define-tag them first)");
1941 			free($2);
1942 		}
1943 		if(bitlist) {
1944 			if(!cfg_strbytelist_insert(
1945 				&cfg_parser->cfg->acl_tags,
1946 				$2, bitlist, len)) {
1947 				yyerror("out of memory");
1948 				free($2);
1949 			}
1950 		}
1951 	}
1952 	;
1953 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
1954 	{
1955 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
1956 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
1957 			$2, $3, $4)) {
1958 			yyerror("out of memory");
1959 			free($2);
1960 			free($3);
1961 			free($4);
1962 		}
1963 	}
1964 	;
1965 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
1966 	{
1967 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
1968 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
1969 			$2, $3, $4)) {
1970 			yyerror("out of memory");
1971 			free($2);
1972 			free($3);
1973 			free($4);
1974 		}
1975 	}
1976 	;
1977 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
1978 	{
1979 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
1980 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
1981 			$2, $3, $4)) {
1982 			yyerror("out of memory");
1983 			free($2);
1984 			free($3);
1985 			free($4);
1986 		}
1987 	}
1988 	;
1989 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
1990 	{
1991 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
1992 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
1993 			$2, $3)) {
1994 			yyerror("out of memory");
1995 		}
1996 	}
1997 	;
1998 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
1999 	{
2000 		size_t len = 0;
2001 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2002 			&len);
2003 		free($3);
2004 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2005 		if(!bitlist) {
2006 			yyerror("could not parse tags, (define-tag them first)");
2007 			free($2);
2008 		}
2009 		if(bitlist) {
2010 			if(!cfg_strbytelist_insert(
2011 				&cfg_parser->cfg->respip_tags,
2012 				$2, bitlist, len)) {
2013 				yyerror("out of memory");
2014 				free($2);
2015 			}
2016 		}
2017 	}
2018 	;
2019 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2020 	{
2021 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2022 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2023 			yyerror("number expected");
2024 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2025 		free($2);
2026 	}
2027 	;
2028 
2029 server_ratelimit: VAR_RATELIMIT STRING_ARG
2030 	{
2031 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2032 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2033 			yyerror("number expected");
2034 		else cfg_parser->cfg->ratelimit = atoi($2);
2035 		free($2);
2036 	}
2037 	;
2038 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2039   {
2040   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2041   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2042   		yyerror("memory size expected");
2043   	free($2);
2044   }
2045   ;
2046 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2047 	{
2048 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2049 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2050 			yyerror("memory size expected");
2051 		free($2);
2052 	}
2053 	;
2054 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2055   {
2056   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2057   	if(atoi($2) == 0)
2058   		yyerror("number expected");
2059   	else {
2060   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2061   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2062   			yyerror("must be a power of 2");
2063   	}
2064   	free($2);
2065   }
2066   ;
2067 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2068 	{
2069 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2070 		if(atoi($2) == 0)
2071 			yyerror("number expected");
2072 		else {
2073 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2074 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2075 				yyerror("must be a power of 2");
2076 		}
2077 		free($2);
2078 	}
2079 	;
2080 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2081 	{
2082 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2083 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2084 			yyerror("number expected");
2085 			free($2);
2086 			free($3);
2087 		} else {
2088 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2089 				ratelimit_for_domain, $2, $3))
2090 				fatal_exit("out of memory adding "
2091 					"ratelimit-for-domain");
2092 		}
2093 	}
2094 	;
2095 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2096 	{
2097 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2098 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2099 			yyerror("number expected");
2100 			free($2);
2101 			free($3);
2102 		} else {
2103 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2104 				ratelimit_below_domain, $2, $3))
2105 				fatal_exit("out of memory adding "
2106 					"ratelimit-below-domain");
2107 		}
2108 	}
2109 	;
2110 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2111   {
2112   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2113   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
2114   		yyerror("number expected");
2115   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2116   	free($2);
2117 	}
2118 	;
2119 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2120 	{
2121 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2122 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2123 			yyerror("number expected");
2124 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2125 		free($2);
2126 	}
2127 	;
2128 server_low_rtt: VAR_LOW_RTT STRING_ARG
2129 	{
2130 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2131 		free($2);
2132 	}
2133 	;
2134 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2135 	{
2136 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2137 		if(atoi($2) <= 0)
2138 			yyerror("number expected");
2139 		else cfg_parser->cfg->fast_server_num = atoi($2);
2140 		free($2);
2141 	}
2142 	;
2143 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2144 	{
2145 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2146 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2147 			yyerror("number expected");
2148 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2149 		free($2);
2150 	}
2151 	;
2152 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2153 	{
2154 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2155 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2156 			yyerror("expected yes or no.");
2157 		else cfg_parser->cfg->qname_minimisation =
2158 			(strcmp($2, "yes")==0);
2159 		free($2);
2160 	}
2161 	;
2162 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2163 	{
2164 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2165 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2166 			yyerror("expected yes or no.");
2167 		else cfg_parser->cfg->qname_minimisation_strict =
2168 			(strcmp($2, "yes")==0);
2169 		free($2);
2170 	}
2171 	;
2172 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2173 	{
2174 	#ifdef USE_IPSECMOD
2175 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2176 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2177 			yyerror("expected yes or no.");
2178 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2179 	#else
2180 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2181 	#endif
2182 		free($2);
2183 	}
2184 	;
2185 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2186 	{
2187 	#ifdef USE_IPSECMOD
2188 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2189 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2190 			yyerror("expected yes or no.");
2191 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2192 	#else
2193 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2194 	#endif
2195 		free($2);
2196 	}
2197 	;
2198 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2199 	{
2200 	#ifdef USE_IPSECMOD
2201 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2202 		free(cfg_parser->cfg->ipsecmod_hook);
2203 		cfg_parser->cfg->ipsecmod_hook = $2;
2204 	#else
2205 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2206 		free($2);
2207 	#endif
2208 	}
2209 	;
2210 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2211 	{
2212 	#ifdef USE_IPSECMOD
2213 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2214 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2215 			yyerror("number expected");
2216 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2217 		free($2);
2218 	#else
2219 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2220 		free($2);
2221 	#endif
2222 	}
2223 	;
2224 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2225 	{
2226 	#ifdef USE_IPSECMOD
2227 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2228 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2229 			yyerror("out of memory");
2230 	#else
2231 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2232 		free($2);
2233 	#endif
2234 	}
2235 	;
2236 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2237 	{
2238 	#ifdef USE_IPSECMOD
2239 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2240 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2241 			yyerror("expected yes or no.");
2242 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2243 		free($2);
2244 	#else
2245 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2246 		free($2);
2247 	#endif
2248 	}
2249 	;
2250 stub_name: VAR_NAME STRING_ARG
2251 	{
2252 		OUTYY(("P(name:%s)\n", $2));
2253 		if(cfg_parser->cfg->stubs->name)
2254 			yyerror("stub name override, there must be one name "
2255 				"for one stub-zone");
2256 		free(cfg_parser->cfg->stubs->name);
2257 		cfg_parser->cfg->stubs->name = $2;
2258 	}
2259 	;
2260 stub_host: VAR_STUB_HOST STRING_ARG
2261 	{
2262 		OUTYY(("P(stub-host:%s)\n", $2));
2263 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2264 			yyerror("out of memory");
2265 	}
2266 	;
2267 stub_addr: VAR_STUB_ADDR STRING_ARG
2268 	{
2269 		OUTYY(("P(stub-addr:%s)\n", $2));
2270 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2271 			yyerror("out of memory");
2272 	}
2273 	;
2274 stub_first: VAR_STUB_FIRST STRING_ARG
2275 	{
2276 		OUTYY(("P(stub-first:%s)\n", $2));
2277 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2278 			yyerror("expected yes or no.");
2279 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2280 		free($2);
2281 	}
2282 	;
2283 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2284 	{
2285 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2286 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2287 			yyerror("expected yes or no.");
2288 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2289 		free($2);
2290 	}
2291 	;
2292 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2293 	{
2294 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2295 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2296 			yyerror("expected yes or no.");
2297 		else cfg_parser->cfg->stubs->ssl_upstream =
2298 			(strcmp($2, "yes")==0);
2299 		free($2);
2300 	}
2301 	;
2302 stub_prime: VAR_STUB_PRIME STRING_ARG
2303 	{
2304 		OUTYY(("P(stub-prime:%s)\n", $2));
2305 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2306 			yyerror("expected yes or no.");
2307 		else cfg_parser->cfg->stubs->isprime =
2308 			(strcmp($2, "yes")==0);
2309 		free($2);
2310 	}
2311 	;
2312 forward_name: VAR_NAME STRING_ARG
2313 	{
2314 		OUTYY(("P(name:%s)\n", $2));
2315 		if(cfg_parser->cfg->forwards->name)
2316 			yyerror("forward name override, there must be one "
2317 				"name for one forward-zone");
2318 		free(cfg_parser->cfg->forwards->name);
2319 		cfg_parser->cfg->forwards->name = $2;
2320 	}
2321 	;
2322 forward_host: VAR_FORWARD_HOST STRING_ARG
2323 	{
2324 		OUTYY(("P(forward-host:%s)\n", $2));
2325 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2326 			yyerror("out of memory");
2327 	}
2328 	;
2329 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2330 	{
2331 		OUTYY(("P(forward-addr:%s)\n", $2));
2332 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2333 			yyerror("out of memory");
2334 	}
2335 	;
2336 forward_first: VAR_FORWARD_FIRST STRING_ARG
2337 	{
2338 		OUTYY(("P(forward-first:%s)\n", $2));
2339 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2340 			yyerror("expected yes or no.");
2341 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2342 		free($2);
2343 	}
2344 	;
2345 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2346 	{
2347 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2348 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2349 			yyerror("expected yes or no.");
2350 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2351 		free($2);
2352 	}
2353 	;
2354 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2355 	{
2356 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2357 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2358 			yyerror("expected yes or no.");
2359 		else cfg_parser->cfg->forwards->ssl_upstream =
2360 			(strcmp($2, "yes")==0);
2361 		free($2);
2362 	}
2363 	;
2364 auth_name: VAR_NAME STRING_ARG
2365 	{
2366 		OUTYY(("P(name:%s)\n", $2));
2367 		if(cfg_parser->cfg->auths->name)
2368 			yyerror("auth name override, there must be one name "
2369 				"for one auth-zone");
2370 		free(cfg_parser->cfg->auths->name);
2371 		cfg_parser->cfg->auths->name = $2;
2372 	}
2373 	;
2374 auth_zonefile: VAR_ZONEFILE STRING_ARG
2375 	{
2376 		OUTYY(("P(zonefile:%s)\n", $2));
2377 		free(cfg_parser->cfg->auths->zonefile);
2378 		cfg_parser->cfg->auths->zonefile = $2;
2379 	}
2380 	;
2381 auth_master: VAR_MASTER STRING_ARG
2382 	{
2383 		OUTYY(("P(master:%s)\n", $2));
2384 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2385 			yyerror("out of memory");
2386 	}
2387 	;
2388 auth_url: VAR_URL STRING_ARG
2389 	{
2390 		OUTYY(("P(url:%s)\n", $2));
2391 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2392 			yyerror("out of memory");
2393 	}
2394 	;
2395 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2396 	{
2397 		OUTYY(("P(allow-notify:%s)\n", $2));
2398 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2399 			$2))
2400 			yyerror("out of memory");
2401 	}
2402 	;
2403 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2404 	{
2405 		OUTYY(("P(for-downstream:%s)\n", $2));
2406 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2407 			yyerror("expected yes or no.");
2408 		else cfg_parser->cfg->auths->for_downstream =
2409 			(strcmp($2, "yes")==0);
2410 		free($2);
2411 	}
2412 	;
2413 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2414 	{
2415 		OUTYY(("P(for-upstream:%s)\n", $2));
2416 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2417 			yyerror("expected yes or no.");
2418 		else cfg_parser->cfg->auths->for_upstream =
2419 			(strcmp($2, "yes")==0);
2420 		free($2);
2421 	}
2422 	;
2423 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2424 	{
2425 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2426 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2427 			yyerror("expected yes or no.");
2428 		else cfg_parser->cfg->auths->fallback_enabled =
2429 			(strcmp($2, "yes")==0);
2430 		free($2);
2431 	}
2432 	;
2433 view_name: VAR_NAME STRING_ARG
2434 	{
2435 		OUTYY(("P(name:%s)\n", $2));
2436 		if(cfg_parser->cfg->views->name)
2437 			yyerror("view name override, there must be one "
2438 				"name for one view");
2439 		free(cfg_parser->cfg->views->name);
2440 		cfg_parser->cfg->views->name = $2;
2441 	}
2442 	;
2443 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2444 	{
2445 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2446 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2447 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2448 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2449 		   && strcmp($3, "typetransparent")!=0
2450 		   && strcmp($3, "always_transparent")!=0
2451 		   && strcmp($3, "always_refuse")!=0
2452 		   && strcmp($3, "always_nxdomain")!=0
2453 		   && strcmp($3, "noview")!=0
2454 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2455 			yyerror("local-zone type: expected static, deny, "
2456 				"refuse, redirect, transparent, "
2457 				"typetransparent, inform, inform_deny, "
2458 				"always_transparent, always_refuse, "
2459 				"always_nxdomain, noview or nodefault");
2460 			free($2);
2461 			free($3);
2462 		} else if(strcmp($3, "nodefault")==0) {
2463 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2464 				local_zones_nodefault, $2))
2465 				fatal_exit("out of memory adding local-zone");
2466 			free($3);
2467 #ifdef USE_IPSET
2468 		} else if(strcmp($3, "ipset")==0) {
2469 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2470 				local_zones_ipset, $2))
2471 				fatal_exit("out of memory adding local-zone");
2472 			free($3);
2473 #endif
2474 		} else {
2475 			if(!cfg_str2list_insert(
2476 				&cfg_parser->cfg->views->local_zones,
2477 				$2, $3))
2478 				fatal_exit("out of memory adding local-zone");
2479 		}
2480 	}
2481 	;
2482 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2483 	{
2484 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2485 		validate_respip_action($3);
2486 		if(!cfg_str2list_insert(
2487 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2488 			fatal_exit("out of memory adding per-view "
2489 				"response-ip action");
2490 	}
2491 	;
2492 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2493 	{
2494 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2495 		if(!cfg_str2list_insert(
2496 			&cfg_parser->cfg->views->respip_data, $2, $3))
2497 			fatal_exit("out of memory adding response-ip-data");
2498 	}
2499 	;
2500 view_local_data: VAR_LOCAL_DATA STRING_ARG
2501 	{
2502 		OUTYY(("P(view_local_data:%s)\n", $2));
2503 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2504 			fatal_exit("out of memory adding local-data");
2505 		}
2506 	}
2507 	;
2508 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2509 	{
2510 		char* ptr;
2511 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2512 		ptr = cfg_ptr_reverse($2);
2513 		free($2);
2514 		if(ptr) {
2515 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2516 				local_data, ptr))
2517 				fatal_exit("out of memory adding local-data");
2518 		} else {
2519 			yyerror("local-data-ptr could not be reversed");
2520 		}
2521 	}
2522 	;
2523 view_first: VAR_VIEW_FIRST STRING_ARG
2524 	{
2525 		OUTYY(("P(view-first:%s)\n", $2));
2526 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2527 			yyerror("expected yes or no.");
2528 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2529 		free($2);
2530 	}
2531 	;
2532 rcstart: VAR_REMOTE_CONTROL
2533 	{
2534 		OUTYY(("\nP(remote-control:)\n"));
2535 	}
2536 	;
2537 contents_rc: contents_rc content_rc
2538 	| ;
2539 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2540 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2541 	rc_control_cert_file | rc_control_use_cert
2542 	;
2543 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2544 	{
2545 		OUTYY(("P(control_enable:%s)\n", $2));
2546 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2547 			yyerror("expected yes or no.");
2548 		else cfg_parser->cfg->remote_control_enable =
2549 			(strcmp($2, "yes")==0);
2550 		free($2);
2551 	}
2552 	;
2553 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2554 	{
2555 		OUTYY(("P(control_port:%s)\n", $2));
2556 		if(atoi($2) == 0)
2557 			yyerror("control port number expected");
2558 		else cfg_parser->cfg->control_port = atoi($2);
2559 		free($2);
2560 	}
2561 	;
2562 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2563 	{
2564 		OUTYY(("P(control_interface:%s)\n", $2));
2565 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2566 			yyerror("out of memory");
2567 	}
2568 	;
2569 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2570 	{
2571 		OUTYY(("P(control_use_cert:%s)\n", $2));
2572 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2573 		free($2);
2574 	}
2575 	;
2576 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2577 	{
2578 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
2579 		free(cfg_parser->cfg->server_key_file);
2580 		cfg_parser->cfg->server_key_file = $2;
2581 	}
2582 	;
2583 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2584 	{
2585 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2586 		free(cfg_parser->cfg->server_cert_file);
2587 		cfg_parser->cfg->server_cert_file = $2;
2588 	}
2589 	;
2590 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2591 	{
2592 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
2593 		free(cfg_parser->cfg->control_key_file);
2594 		cfg_parser->cfg->control_key_file = $2;
2595 	}
2596 	;
2597 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2598 	{
2599 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2600 		free(cfg_parser->cfg->control_cert_file);
2601 		cfg_parser->cfg->control_cert_file = $2;
2602 	}
2603 	;
2604 dtstart: VAR_DNSTAP
2605 	{
2606 		OUTYY(("\nP(dnstap:)\n"));
2607 	}
2608 	;
2609 contents_dt: contents_dt content_dt
2610 	| ;
2611 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2612 	dt_dnstap_send_identity | dt_dnstap_send_version |
2613 	dt_dnstap_identity | dt_dnstap_version |
2614 	dt_dnstap_log_resolver_query_messages |
2615 	dt_dnstap_log_resolver_response_messages |
2616 	dt_dnstap_log_client_query_messages |
2617 	dt_dnstap_log_client_response_messages |
2618 	dt_dnstap_log_forwarder_query_messages |
2619 	dt_dnstap_log_forwarder_response_messages
2620 	;
2621 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2622 	{
2623 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2624 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2625 			yyerror("expected yes or no.");
2626 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2627 		free($2);
2628 	}
2629 	;
2630 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2631 	{
2632 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2633 		free(cfg_parser->cfg->dnstap_socket_path);
2634 		cfg_parser->cfg->dnstap_socket_path = $2;
2635 	}
2636 	;
2637 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2638 	{
2639 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2640 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2641 			yyerror("expected yes or no.");
2642 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2643 		free($2);
2644 	}
2645 	;
2646 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2647 	{
2648 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2649 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2650 			yyerror("expected yes or no.");
2651 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2652 		free($2);
2653 	}
2654 	;
2655 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2656 	{
2657 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2658 		free(cfg_parser->cfg->dnstap_identity);
2659 		cfg_parser->cfg->dnstap_identity = $2;
2660 	}
2661 	;
2662 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2663 	{
2664 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2665 		free(cfg_parser->cfg->dnstap_version);
2666 		cfg_parser->cfg->dnstap_version = $2;
2667 	}
2668 	;
2669 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2670 	{
2671 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2672 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2673 			yyerror("expected yes or no.");
2674 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2675 			(strcmp($2, "yes")==0);
2676 		free($2);
2677 	}
2678 	;
2679 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2680 	{
2681 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2682 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2683 			yyerror("expected yes or no.");
2684 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2685 			(strcmp($2, "yes")==0);
2686 		free($2);
2687 	}
2688 	;
2689 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2690 	{
2691 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2692 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2693 			yyerror("expected yes or no.");
2694 		else cfg_parser->cfg->dnstap_log_client_query_messages =
2695 			(strcmp($2, "yes")==0);
2696 		free($2);
2697 	}
2698 	;
2699 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2700 	{
2701 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2702 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2703 			yyerror("expected yes or no.");
2704 		else cfg_parser->cfg->dnstap_log_client_response_messages =
2705 			(strcmp($2, "yes")==0);
2706 		free($2);
2707 	}
2708 	;
2709 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2710 	{
2711 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2712 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2713 			yyerror("expected yes or no.");
2714 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2715 			(strcmp($2, "yes")==0);
2716 		free($2);
2717 	}
2718 	;
2719 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2720 	{
2721 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2722 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2723 			yyerror("expected yes or no.");
2724 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2725 			(strcmp($2, "yes")==0);
2726 		free($2);
2727 	}
2728 	;
2729 pythonstart: VAR_PYTHON
2730 	{
2731 		OUTYY(("\nP(python:)\n"));
2732 	}
2733 	;
2734 contents_py: contents_py content_py
2735 	| ;
2736 content_py: py_script
2737 	;
2738 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2739 	{
2740 		OUTYY(("P(python-script:%s)\n", $2));
2741 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
2742 			yyerror("out of memory");
2743 	}
2744 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2745 	{
2746 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2747 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2748 			yyerror("expected yes or no.");
2749 		else cfg_parser->cfg->disable_dnssec_lame_check =
2750 			(strcmp($2, "yes")==0);
2751 		free($2);
2752 	}
2753 	;
2754 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2755 	{
2756 		OUTYY(("P(server_log_identity:%s)\n", $2));
2757 		free(cfg_parser->cfg->log_identity);
2758 		cfg_parser->cfg->log_identity = $2;
2759 	}
2760 	;
2761 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2762 	{
2763 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2764 		validate_respip_action($3);
2765 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2766 			$2, $3))
2767 			fatal_exit("out of memory adding response-ip");
2768 	}
2769 	;
2770 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2771 	{
2772 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
2773 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2774 			$2, $3))
2775 			fatal_exit("out of memory adding response-ip-data");
2776 	}
2777 	;
2778 dnscstart: VAR_DNSCRYPT
2779 	{
2780 		OUTYY(("\nP(dnscrypt:)\n"));
2781 	}
2782 	;
2783 contents_dnsc: contents_dnsc content_dnsc
2784 	| ;
2785 content_dnsc:
2786 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2787 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2788 	dnsc_dnscrypt_provider_cert_rotated |
2789 	dnsc_dnscrypt_shared_secret_cache_size |
2790 	dnsc_dnscrypt_shared_secret_cache_slabs |
2791 	dnsc_dnscrypt_nonce_cache_size |
2792 	dnsc_dnscrypt_nonce_cache_slabs
2793 	;
2794 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2795 	{
2796 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2797 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2798 			yyerror("expected yes or no.");
2799 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2800 		free($2);
2801 	}
2802 	;
2803 
2804 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2805 	{
2806 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2807 		if(atoi($2) == 0)
2808 			yyerror("port number expected");
2809 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
2810 		free($2);
2811 	}
2812 	;
2813 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2814 	{
2815 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2816 		free(cfg_parser->cfg->dnscrypt_provider);
2817 		cfg_parser->cfg->dnscrypt_provider = $2;
2818 	}
2819 	;
2820 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2821 	{
2822 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2823 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2824 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2825 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2826 			fatal_exit("out of memory adding dnscrypt-provider-cert");
2827 	}
2828 	;
2829 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2830 	{
2831 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2832 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2833 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2834 	}
2835 	;
2836 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2837 	{
2838 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2839 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2840 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2841 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2842 			fatal_exit("out of memory adding dnscrypt-secret-key");
2843 	}
2844 	;
2845 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2846   {
2847   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2848   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2849   		yyerror("memory size expected");
2850   	free($2);
2851   }
2852   ;
2853 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2854   {
2855   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2856   	if(atoi($2) == 0)
2857   		yyerror("number expected");
2858   	else {
2859   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2860   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2861   			yyerror("must be a power of 2");
2862   	}
2863   	free($2);
2864   }
2865   ;
2866 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2867   {
2868   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2869   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2870   		yyerror("memory size expected");
2871   	free($2);
2872   }
2873   ;
2874 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2875   {
2876   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2877   	if(atoi($2) == 0)
2878   		yyerror("number expected");
2879   	else {
2880   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2881   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2882   			yyerror("must be a power of 2");
2883   	}
2884   	free($2);
2885   }
2886   ;
2887 cachedbstart: VAR_CACHEDB
2888 	{
2889 		OUTYY(("\nP(cachedb:)\n"));
2890 	}
2891 	;
2892 contents_cachedb: contents_cachedb content_cachedb
2893 	| ;
2894 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
2895 	redis_server_host | redis_server_port | redis_timeout
2896 	;
2897 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
2898 	{
2899 	#ifdef USE_CACHEDB
2900 		OUTYY(("P(backend:%s)\n", $2));
2901 		if(cfg_parser->cfg->cachedb_backend)
2902 			yyerror("cachedb backend override, there must be one "
2903 				"backend");
2904 		free(cfg_parser->cfg->cachedb_backend);
2905 		cfg_parser->cfg->cachedb_backend = $2;
2906 	#else
2907 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2908 		free($2);
2909 	#endif
2910 	}
2911 	;
2912 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
2913 	{
2914 	#ifdef USE_CACHEDB
2915 		OUTYY(("P(secret-seed:%s)\n", $2));
2916 		if(cfg_parser->cfg->cachedb_secret)
2917 			yyerror("cachedb secret-seed override, there must be "
2918 				"only one secret");
2919 		free(cfg_parser->cfg->cachedb_secret);
2920 		cfg_parser->cfg->cachedb_secret = $2;
2921 	#else
2922 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2923 		free($2);
2924 	#endif
2925 	}
2926 	;
2927 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
2928 	{
2929 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
2930 		OUTYY(("P(redis_server_host:%s)\n", $2));
2931 		free(cfg_parser->cfg->redis_server_host);
2932 		cfg_parser->cfg->redis_server_host = $2;
2933 	#else
2934 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2935 		free($2);
2936 	#endif
2937 	}
2938 	;
2939 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
2940 	{
2941 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
2942 		int port;
2943 		OUTYY(("P(redis_server_port:%s)\n", $2));
2944 		port = atoi($2);
2945 		if(port == 0 || port < 0 || port > 65535)
2946 			yyerror("valid redis server port number expected");
2947 		else cfg_parser->cfg->redis_server_port = port;
2948 	#else
2949 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2950 	#endif
2951 		free($2);
2952 	}
2953 	;
2954 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
2955 	{
2956 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
2957 		OUTYY(("P(redis_timeout:%s)\n", $2));
2958 		if(atoi($2) == 0)
2959 			yyerror("redis timeout value expected");
2960 		else cfg_parser->cfg->redis_timeout = atoi($2);
2961 	#else
2962 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2963 	#endif
2964 		free($2);
2965 	}
2966 	;
2967 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
2968 	{
2969 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
2970 		if (atoi($3) < 0)
2971 			yyerror("positive number expected");
2972 		else {
2973 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
2974 				fatal_exit("out of memory adding tcp connection limit");
2975 		}
2976 	}
2977 	;
2978 	ipsetstart: VAR_IPSET
2979 		{
2980 			OUTYY(("\nP(ipset:)\n"));
2981 		}
2982 		;
2983 	contents_ipset: contents_ipset content_ipset
2984 		| ;
2985 	content_ipset: ipset_name_v4 | ipset_name_v6
2986 		;
2987 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
2988 		{
2989 		#ifdef USE_IPSET
2990 			OUTYY(("P(name-v4:%s)\n", $2));
2991 			if(cfg_parser->cfg->ipset_name_v4)
2992 				yyerror("ipset name v4 override, there must be one "
2993 					"name for ip v4");
2994 			free(cfg_parser->cfg->ipset_name_v4);
2995 			cfg_parser->cfg->ipset_name_v4 = $2;
2996 		#else
2997 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
2998 			free($2);
2999 		#endif
3000 		}
3001 	;
3002 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3003 	{
3004 		#ifdef USE_IPSET
3005 			OUTYY(("P(name-v6:%s)\n", $2));
3006 			if(cfg_parser->cfg->ipset_name_v6)
3007 				yyerror("ipset name v6 override, there must be one "
3008 					"name for ip v6");
3009 			free(cfg_parser->cfg->ipset_name_v6);
3010 			cfg_parser->cfg->ipset_name_v6 = $2;
3011 		#else
3012 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3013 			free($2);
3014 		#endif
3015 		}
3016 	;
3017 %%
3018 
3019 /* parse helper routines could be here */
3020 static void
3021 validate_respip_action(const char* action)
3022 {
3023 	if(strcmp(action, "deny")!=0 &&
3024 		strcmp(action, "redirect")!=0 &&
3025 		strcmp(action, "inform")!=0 &&
3026 		strcmp(action, "inform_deny")!=0 &&
3027 		strcmp(action, "always_transparent")!=0 &&
3028 		strcmp(action, "always_refuse")!=0 &&
3029 		strcmp(action, "always_nxdomain")!=0)
3030 	{
3031 		yyerror("response-ip action: expected deny, redirect, "
3032 			"inform, inform_deny, always_transparent, "
3033 			"always_refuse or always_nxdomain");
3034 	}
3035 }
3036 
3037 
3038