xref: /freebsd/contrib/unbound/util/configparser.y (revision 90ec6a30353aa7caaf995ea50e2e23aa5a099600)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_FORCE_TOPLEVEL
73 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
74 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
75 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
76 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
77 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
78 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
79 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
80 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
81 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
82 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
83 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
84 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
85 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
86 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
87 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
88 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
89 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
90 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
91 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
92 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
93 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
94 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
95 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
96 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
97 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
98 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
99 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
100 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
101 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
102 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
103 %token VAR_CONTROL_USE_CERT
104 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
105 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
106 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
107 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
108 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
109 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
110 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
111 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
112 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
113 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
114 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
115 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
116 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
117 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
118 %token VAR_INFRA_CACHE_MIN_RTT
119 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
120 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
121 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
122 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
123 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
124 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
125 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
126 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
127 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
128 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
129 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
130 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
131 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
132 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
133 %token VAR_IP_DSCP
134 %token VAR_DISABLE_DNSSEC_LAME_CHECK
135 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
136 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
137 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
138 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
139 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
140 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
141 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
142 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
143 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
144 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
145 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
146 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
147 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
148 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
149 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
150 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
151 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA
152 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
153 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
154 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
155 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
156 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
157 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
158 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
159 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
160 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
161 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
162 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
163 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
164 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
165 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
166 %token VAR_CACHEDB_REDISEXPIRERECORDS
167 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
168 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
169 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
170 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
171 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
172 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
173 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
174 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
175 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
176 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
177 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
178 %token VAR_DYNLIB VAR_DYNLIB_FILE
179 
180 %%
181 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
182 toplevelvar: serverstart contents_server | stubstart contents_stub |
183 	forwardstart contents_forward | pythonstart contents_py |
184 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
185 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
186 	ipsetstart contents_ipset | authstart contents_auth |
187 	rpzstart contents_rpz | dynlibstart contents_dl |
188 	force_toplevel
189 	;
190 force_toplevel: VAR_FORCE_TOPLEVEL
191 	{
192 		OUTYY(("\nP(force-toplevel)\n"));
193 	}
194 	;
195 /* server: declaration */
196 serverstart: VAR_SERVER
197 	{
198 		OUTYY(("\nP(server:)\n"));
199 	}
200 	;
201 contents_server: contents_server content_server
202 	| ;
203 content_server: server_num_threads | server_verbosity | server_port |
204 	server_outgoing_range | server_do_ip4 |
205 	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
206 	server_do_udp | server_do_tcp |
207 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
208 	server_tcp_keepalive | server_tcp_keepalive_timeout |
209 	server_interface | server_chroot | server_username |
210 	server_directory | server_logfile | server_pidfile |
211 	server_msg_cache_size | server_msg_cache_slabs |
212 	server_num_queries_per_thread | server_rrset_cache_size |
213 	server_rrset_cache_slabs | server_outgoing_num_tcp |
214 	server_infra_host_ttl | server_infra_lame_ttl |
215 	server_infra_cache_slabs | server_infra_cache_numhosts |
216 	server_infra_cache_lame_size | server_target_fetch_policy |
217 	server_harden_short_bufsize | server_harden_large_queries |
218 	server_do_not_query_address | server_hide_identity |
219 	server_hide_version | server_identity | server_version |
220 	server_harden_glue | server_module_conf | server_trust_anchor_file |
221 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
222 	server_val_clean_additional | server_val_permissive_mode |
223 	server_incoming_num_tcp | server_msg_buffer_size |
224 	server_key_cache_size | server_key_cache_slabs |
225 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
226 	server_use_syslog | server_outgoing_interface | server_root_hints |
227 	server_do_not_query_localhost | server_cache_max_ttl |
228 	server_harden_dnssec_stripped | server_access_control |
229 	server_local_zone | server_local_data | server_interface_automatic |
230 	server_statistics_interval | server_do_daemonize |
231 	server_use_caps_for_id | server_statistics_cumulative |
232 	server_outgoing_port_permit | server_outgoing_port_avoid |
233 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
234 	server_harden_referral_path | server_private_address |
235 	server_private_domain | server_extended_statistics |
236 	server_local_data_ptr | server_jostle_timeout |
237 	server_unwanted_reply_threshold | server_log_time_ascii |
238 	server_domain_insecure | server_val_sig_skew_min |
239 	server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
240 	server_auto_trust_anchor_file | server_add_holddown |
241 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
242 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
243 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
244 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
245 	server_log_local_actions |
246 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
247 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
248 	server_so_reuseport | server_delay_close |
249 	server_unblock_lan_zones | server_insecure_lan_zones |
250 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
251 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
252 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
253 	server_ip_dscp |
254 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
255 	server_ip_ratelimit_size | server_ratelimit_size |
256 	server_ratelimit_for_domain |
257 	server_ratelimit_below_domain | server_ratelimit_factor |
258 	server_ip_ratelimit_factor | server_send_client_subnet |
259 	server_client_subnet_zone | server_client_subnet_always_forward |
260 	server_client_subnet_opcode |
261 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
262 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
263 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
264 	server_caps_whitelist | server_cache_max_negative_ttl |
265 	server_permit_small_holddown | server_qname_minimisation |
266 	server_ip_freebind | server_define_tag | server_local_zone_tag |
267 	server_disable_dnssec_lame_check | server_access_control_tag |
268 	server_local_zone_override | server_access_control_tag_action |
269 	server_access_control_tag_data | server_access_control_view |
270 	server_qname_minimisation_strict | server_serve_expired |
271 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
272 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
273 	server_fake_dsa | server_log_identity | server_use_systemd |
274 	server_response_ip_tag | server_response_ip | server_response_ip_data |
275 	server_shm_enable | server_shm_key | server_fake_sha1 |
276 	server_hide_trustanchor | server_trust_anchor_signaling |
277 	server_root_key_sentinel |
278 	server_ipsecmod_enabled | server_ipsecmod_hook |
279 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
280 	server_ipsecmod_whitelist | server_ipsecmod_strict |
281 	server_udp_upstream_without_downstream | server_aggressive_nsec |
282 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
283 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
284 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
285 	server_unknown_server_time_limit | server_log_tag_queryreply |
286 	server_stream_wait_size | server_tls_ciphers |
287 	server_tls_ciphersuites | server_tls_session_ticket_keys |
288 	server_tls_use_sni
289 	;
290 stubstart: VAR_STUB_ZONE
291 	{
292 		struct config_stub* s;
293 		OUTYY(("\nP(stub_zone:)\n"));
294 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
295 		if(s) {
296 			s->next = cfg_parser->cfg->stubs;
297 			cfg_parser->cfg->stubs = s;
298 		} else
299 			yyerror("out of memory");
300 	}
301 	;
302 contents_stub: contents_stub content_stub
303 	| ;
304 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
305 	stub_no_cache | stub_ssl_upstream
306 	;
307 forwardstart: VAR_FORWARD_ZONE
308 	{
309 		struct config_stub* s;
310 		OUTYY(("\nP(forward_zone:)\n"));
311 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
312 		if(s) {
313 			s->next = cfg_parser->cfg->forwards;
314 			cfg_parser->cfg->forwards = s;
315 		} else
316 			yyerror("out of memory");
317 	}
318 	;
319 contents_forward: contents_forward content_forward
320 	| ;
321 content_forward: forward_name | forward_host | forward_addr | forward_first |
322 	forward_no_cache | forward_ssl_upstream
323 	;
324 viewstart: VAR_VIEW
325 	{
326 		struct config_view* s;
327 		OUTYY(("\nP(view:)\n"));
328 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
329 		if(s) {
330 			s->next = cfg_parser->cfg->views;
331 			if(s->next && !s->next->name)
332 				yyerror("view without name");
333 			cfg_parser->cfg->views = s;
334 		} else
335 			yyerror("out of memory");
336 	}
337 	;
338 contents_view: contents_view content_view
339 	| ;
340 content_view: view_name | view_local_zone | view_local_data | view_first |
341 		view_response_ip | view_response_ip_data | view_local_data_ptr
342 	;
343 authstart: VAR_AUTH_ZONE
344 	{
345 		struct config_auth* s;
346 		OUTYY(("\nP(auth_zone:)\n"));
347 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
348 		if(s) {
349 			s->next = cfg_parser->cfg->auths;
350 			cfg_parser->cfg->auths = s;
351 			/* defaults for auth zone */
352 			s->for_downstream = 1;
353 			s->for_upstream = 1;
354 			s->fallback_enabled = 0;
355 			s->isrpz = 0;
356 		} else
357 			yyerror("out of memory");
358 	}
359 	;
360 contents_auth: contents_auth content_auth
361 	| ;
362 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
363 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
364 	auth_allow_notify
365 	;
366 
367 rpz_tag: VAR_TAGS STRING_ARG
368 	{
369 		uint8_t* bitlist;
370 		size_t len = 0;
371 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
372 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
373 			&len);
374 		free($2);
375 		if(!bitlist) {
376 			yyerror("could not parse tags, (define-tag them first)");
377 		}
378 		if(bitlist) {
379 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
380 			cfg_parser->cfg->auths->rpz_taglistlen = len;
381 
382 		}
383 	}
384 	;
385 
386 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
387 	{
388 		OUTYY(("P(rpz_action_override:%s)\n", $2));
389 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
390 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
391 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
392 			yyerror("rpz-action-override action: expected nxdomain, "
393 				"nodata, passthru, drop, cname or disabled");
394 			free($2);
395 			cfg_parser->cfg->auths->rpz_action_override = NULL;
396 		}
397 		else {
398 			cfg_parser->cfg->auths->rpz_action_override = $2;
399 		}
400 	}
401 	;
402 
403 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
404 	{
405 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
406 		free(cfg_parser->cfg->auths->rpz_cname);
407 		cfg_parser->cfg->auths->rpz_cname = $2;
408 	}
409 	;
410 
411 rpz_log: VAR_RPZ_LOG STRING_ARG
412 	{
413 		OUTYY(("P(rpz_log:%s)\n", $2));
414 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
415 			yyerror("expected yes or no.");
416 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
417 		free($2);
418 	}
419 	;
420 
421 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
422 	{
423 		OUTYY(("P(rpz_log_name:%s)\n", $2));
424 		free(cfg_parser->cfg->auths->rpz_log_name);
425 		cfg_parser->cfg->auths->rpz_log_name = $2;
426 	}
427 	;
428 
429 rpzstart: VAR_RPZ
430 	{
431 		struct config_auth* s;
432 		OUTYY(("\nP(rpz:)\n"));
433 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
434 		if(s) {
435 			s->next = cfg_parser->cfg->auths;
436 			cfg_parser->cfg->auths = s;
437 			/* defaults for RPZ auth zone */
438 			s->for_downstream = 0;
439 			s->for_upstream = 0;
440 			s->fallback_enabled = 0;
441 			s->isrpz = 1;
442 		} else
443 			yyerror("out of memory");
444 	}
445 	;
446 contents_rpz: contents_rpz content_rpz
447 	| ;
448 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
449 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
450 	   rpz_log | rpz_log_name
451 	;
452 server_num_threads: VAR_NUM_THREADS STRING_ARG
453 	{
454 		OUTYY(("P(server_num_threads:%s)\n", $2));
455 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
456 			yyerror("number expected");
457 		else cfg_parser->cfg->num_threads = atoi($2);
458 		free($2);
459 	}
460 	;
461 server_verbosity: VAR_VERBOSITY STRING_ARG
462 	{
463 		OUTYY(("P(server_verbosity:%s)\n", $2));
464 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
465 			yyerror("number expected");
466 		else cfg_parser->cfg->verbosity = atoi($2);
467 		free($2);
468 	}
469 	;
470 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
471 	{
472 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
473 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
474 			cfg_parser->cfg->stat_interval = 0;
475 		else if(atoi($2) == 0)
476 			yyerror("number expected");
477 		else cfg_parser->cfg->stat_interval = atoi($2);
478 		free($2);
479 	}
480 	;
481 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
482 	{
483 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
484 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
485 			yyerror("expected yes or no.");
486 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
487 		free($2);
488 	}
489 	;
490 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
491 	{
492 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
493 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
494 			yyerror("expected yes or no.");
495 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
496 		free($2);
497 	}
498 	;
499 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
500 	{
501 		OUTYY(("P(server_shm_enable:%s)\n", $2));
502 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
503 			yyerror("expected yes or no.");
504 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
505 		free($2);
506 	}
507 	;
508 server_shm_key: VAR_SHM_KEY STRING_ARG
509 	{
510 		OUTYY(("P(server_shm_key:%s)\n", $2));
511 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
512 			cfg_parser->cfg->shm_key = 0;
513 		else if(atoi($2) == 0)
514 			yyerror("number expected");
515 		else cfg_parser->cfg->shm_key = atoi($2);
516 		free($2);
517 	}
518 	;
519 server_port: VAR_PORT STRING_ARG
520 	{
521 		OUTYY(("P(server_port:%s)\n", $2));
522 		if(atoi($2) == 0)
523 			yyerror("port number expected");
524 		else cfg_parser->cfg->port = atoi($2);
525 		free($2);
526 	}
527 	;
528 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
529 	{
530 	#ifdef CLIENT_SUBNET
531 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
532 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
533 			fatal_exit("out of memory adding client-subnet");
534 	#else
535 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
536 		free($2);
537 	#endif
538 	}
539 	;
540 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
541 	{
542 	#ifdef CLIENT_SUBNET
543 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
544 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
545 			$2))
546 			fatal_exit("out of memory adding client-subnet-zone");
547 	#else
548 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
549 		free($2);
550 	#endif
551 	}
552 	;
553 server_client_subnet_always_forward:
554 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
555 	{
556 	#ifdef CLIENT_SUBNET
557 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
558 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
559 			yyerror("expected yes or no.");
560 		else
561 			cfg_parser->cfg->client_subnet_always_forward =
562 				(strcmp($2, "yes")==0);
563 	#else
564 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
565 	#endif
566 		free($2);
567 	}
568 	;
569 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
570 	{
571 	#ifdef CLIENT_SUBNET
572 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
573 		OUTYY(("P(Deprecated option, ignoring)\n"));
574 	#else
575 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
576 	#endif
577 		free($2);
578 	}
579 	;
580 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
581 	{
582 	#ifdef CLIENT_SUBNET
583 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
584 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
585 			yyerror("IPv4 subnet length expected");
586 		else if (atoi($2) > 32)
587 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
588 		else if (atoi($2) < 0)
589 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
590 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
591 	#else
592 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
593 	#endif
594 		free($2);
595 	}
596 	;
597 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
598 	{
599 	#ifdef CLIENT_SUBNET
600 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
601 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
602 			yyerror("Ipv6 subnet length expected");
603 		else if (atoi($2) > 128)
604 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
605 		else if (atoi($2) < 0)
606 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
607 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
608 	#else
609 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
610 	#endif
611 		free($2);
612 	}
613 	;
614 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
615 	{
616 	#ifdef CLIENT_SUBNET
617 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
618 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
619 			yyerror("IPv4 subnet length expected");
620 		else if (atoi($2) > 32)
621 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
622 		else if (atoi($2) < 0)
623 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
624 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
625 	#else
626 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
627 	#endif
628 		free($2);
629 	}
630 	;
631 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
632 	{
633 	#ifdef CLIENT_SUBNET
634 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
635 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
636 			yyerror("Ipv6 subnet length expected");
637 		else if (atoi($2) > 128)
638 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
639 		else if (atoi($2) < 0)
640 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
641 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
642 	#else
643 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
644 	#endif
645 		free($2);
646 	}
647 	;
648 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
649 	{
650 	#ifdef CLIENT_SUBNET
651 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
652 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
653 			yyerror("IPv4 ECS tree size expected");
654 		else if (atoi($2) < 0)
655 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
656 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
657 	#else
658 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
659 	#endif
660 		free($2);
661 	}
662 	;
663 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
664 	{
665 	#ifdef CLIENT_SUBNET
666 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
667 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
668 			yyerror("IPv6 ECS tree size expected");
669 		else if (atoi($2) < 0)
670 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
671 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
672 	#else
673 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
674 	#endif
675 		free($2);
676 	}
677 	;
678 server_interface: VAR_INTERFACE STRING_ARG
679 	{
680 		OUTYY(("P(server_interface:%s)\n", $2));
681 		if(cfg_parser->cfg->num_ifs == 0)
682 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
683 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
684 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
685 		if(!cfg_parser->cfg->ifs)
686 			yyerror("out of memory");
687 		else
688 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
689 	}
690 	;
691 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
692 	{
693 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
694 		if(cfg_parser->cfg->num_out_ifs == 0)
695 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
696 		else 	cfg_parser->cfg->out_ifs = realloc(
697 			cfg_parser->cfg->out_ifs,
698 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
699 		if(!cfg_parser->cfg->out_ifs)
700 			yyerror("out of memory");
701 		else
702 			cfg_parser->cfg->out_ifs[
703 				cfg_parser->cfg->num_out_ifs++] = $2;
704 	}
705 	;
706 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
707 	{
708 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
709 		if(atoi($2) == 0)
710 			yyerror("number expected");
711 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
712 		free($2);
713 	}
714 	;
715 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
716 	{
717 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
718 		if(!cfg_mark_ports($2, 1,
719 			cfg_parser->cfg->outgoing_avail_ports, 65536))
720 			yyerror("port number or range (\"low-high\") expected");
721 		free($2);
722 	}
723 	;
724 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
725 	{
726 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
727 		if(!cfg_mark_ports($2, 0,
728 			cfg_parser->cfg->outgoing_avail_ports, 65536))
729 			yyerror("port number or range (\"low-high\") expected");
730 		free($2);
731 	}
732 	;
733 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
734 	{
735 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
736 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
737 			yyerror("number expected");
738 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
739 		free($2);
740 	}
741 	;
742 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
743 	{
744 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
745 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
746 			yyerror("number expected");
747 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
748 		free($2);
749 	}
750 	;
751 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
752 	{
753 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
754 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
755 			yyerror("expected yes or no.");
756 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
757 		free($2);
758 	}
759 	;
760 server_do_ip4: VAR_DO_IP4 STRING_ARG
761 	{
762 		OUTYY(("P(server_do_ip4:%s)\n", $2));
763 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
764 			yyerror("expected yes or no.");
765 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
766 		free($2);
767 	}
768 	;
769 server_do_ip6: VAR_DO_IP6 STRING_ARG
770 	{
771 		OUTYY(("P(server_do_ip6:%s)\n", $2));
772 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
773 			yyerror("expected yes or no.");
774 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
775 		free($2);
776 	}
777 	;
778 server_do_udp: VAR_DO_UDP STRING_ARG
779 	{
780 		OUTYY(("P(server_do_udp:%s)\n", $2));
781 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
782 			yyerror("expected yes or no.");
783 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
784 		free($2);
785 	}
786 	;
787 server_do_tcp: VAR_DO_TCP STRING_ARG
788 	{
789 		OUTYY(("P(server_do_tcp:%s)\n", $2));
790 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
791 			yyerror("expected yes or no.");
792 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
793 		free($2);
794 	}
795 	;
796 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
797 	{
798 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
799 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
800 			yyerror("expected yes or no.");
801 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
802 		free($2);
803 	}
804 	;
805 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
806 	{
807 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
808 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
809 			yyerror("expected yes or no.");
810 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
811 		free($2);
812 	}
813 	;
814 server_tcp_mss: VAR_TCP_MSS STRING_ARG
815 	{
816 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
817                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
818                         yyerror("number expected");
819                 else cfg_parser->cfg->tcp_mss = atoi($2);
820                 free($2);
821 	}
822 	;
823 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
824 	{
825 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
826 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
827 			yyerror("number expected");
828 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
829 		free($2);
830 	}
831 	;
832 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
833 	{
834 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
835 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
836 			yyerror("number expected");
837 		else if (atoi($2) > 120000)
838 			cfg_parser->cfg->tcp_idle_timeout = 120000;
839 		else if (atoi($2) < 1)
840 			cfg_parser->cfg->tcp_idle_timeout = 1;
841 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
842 		free($2);
843 	}
844 	;
845 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
846 	{
847 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
848 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849 			yyerror("expected yes or no.");
850 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
851 		free($2);
852 	}
853 	;
854 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
855 	{
856 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
857 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
858 			yyerror("number expected");
859 		else if (atoi($2) > 6553500)
860 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
861 		else if (atoi($2) < 1)
862 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
863 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
864 		free($2);
865 	}
866 	;
867 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
868 	{
869 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
870 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
871 			yyerror("expected yes or no.");
872 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
873 		free($2);
874 	}
875 	;
876 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
877 	{
878 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
879 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
880 			yyerror("expected yes or no.");
881 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
882 		free($2);
883 	}
884 	;
885 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
886 	{
887 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
888 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
889 			yyerror("expected yes or no.");
890 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
891 		free($2);
892 	}
893 	;
894 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
895 	{
896 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
897 		free(cfg_parser->cfg->ssl_service_key);
898 		cfg_parser->cfg->ssl_service_key = $2;
899 	}
900 	;
901 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
902 	{
903 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
904 		free(cfg_parser->cfg->ssl_service_pem);
905 		cfg_parser->cfg->ssl_service_pem = $2;
906 	}
907 	;
908 server_ssl_port: VAR_SSL_PORT STRING_ARG
909 	{
910 		OUTYY(("P(server_ssl_port:%s)\n", $2));
911 		if(atoi($2) == 0)
912 			yyerror("port number expected");
913 		else cfg_parser->cfg->ssl_port = atoi($2);
914 		free($2);
915 	}
916 	;
917 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
918 	{
919 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
920 		free(cfg_parser->cfg->tls_cert_bundle);
921 		cfg_parser->cfg->tls_cert_bundle = $2;
922 	}
923 	;
924 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
925 	{
926 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
927 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
928 			yyerror("expected yes or no.");
929 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
930 		free($2);
931 	}
932 	;
933 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
934 	{
935 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
936 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
937 			$2))
938 			yyerror("out of memory");
939 	}
940 	;
941 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
942 	{
943 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
944 		free(cfg_parser->cfg->tls_ciphers);
945 		cfg_parser->cfg->tls_ciphers = $2;
946 	}
947 	;
948 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
949 	{
950 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
951 		free(cfg_parser->cfg->tls_ciphersuites);
952 		cfg_parser->cfg->tls_ciphersuites = $2;
953 	}
954 	;
955 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
956 	{
957 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
958 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
959 			$2))
960 			yyerror("out of memory");
961 	}
962 	;
963 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
964 	{
965 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
966 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
967 			yyerror("expected yes or no.");
968 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
969 		free($2);
970 	}
971 	;
972 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
973 	{
974 		OUTYY(("P(server_use_systemd:%s)\n", $2));
975 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
976 			yyerror("expected yes or no.");
977 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
978 		free($2);
979 	}
980 	;
981 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
982 	{
983 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
984 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
985 			yyerror("expected yes or no.");
986 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
987 		free($2);
988 	}
989 	;
990 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
991 	{
992 		OUTYY(("P(server_use_syslog:%s)\n", $2));
993 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
994 			yyerror("expected yes or no.");
995 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
996 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
997 		if(strcmp($2, "yes") == 0)
998 			yyerror("no syslog services are available. "
999 				"(reconfigure and compile to add)");
1000 #endif
1001 		free($2);
1002 	}
1003 	;
1004 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1005 	{
1006 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1007 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1008 			yyerror("expected yes or no.");
1009 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1010 		free($2);
1011 	}
1012 	;
1013 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1014 	{
1015 		OUTYY(("P(server_log_queries:%s)\n", $2));
1016 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1017 			yyerror("expected yes or no.");
1018 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1019 		free($2);
1020 	}
1021 	;
1022 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1023   {
1024   	OUTYY(("P(server_log_replies:%s)\n", $2));
1025   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1026   		yyerror("expected yes or no.");
1027   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1028   	free($2);
1029   }
1030   ;
1031 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1032   {
1033   	OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1034   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1035   		yyerror("expected yes or no.");
1036   	else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1037   	free($2);
1038   }
1039   ;
1040 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1041 	{
1042 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1043 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1044 			yyerror("expected yes or no.");
1045 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1046 		free($2);
1047 	}
1048 	;
1049 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1050   {
1051   	OUTYY(("P(server_log_local_actions:%s)\n", $2));
1052   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1053   		yyerror("expected yes or no.");
1054   	else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1055   	free($2);
1056   }
1057   ;
1058 server_chroot: VAR_CHROOT STRING_ARG
1059 	{
1060 		OUTYY(("P(server_chroot:%s)\n", $2));
1061 		free(cfg_parser->cfg->chrootdir);
1062 		cfg_parser->cfg->chrootdir = $2;
1063 	}
1064 	;
1065 server_username: VAR_USERNAME STRING_ARG
1066 	{
1067 		OUTYY(("P(server_username:%s)\n", $2));
1068 		free(cfg_parser->cfg->username);
1069 		cfg_parser->cfg->username = $2;
1070 	}
1071 	;
1072 server_directory: VAR_DIRECTORY STRING_ARG
1073 	{
1074 		OUTYY(("P(server_directory:%s)\n", $2));
1075 		free(cfg_parser->cfg->directory);
1076 		cfg_parser->cfg->directory = $2;
1077 		/* change there right away for includes relative to this */
1078 		if($2[0]) {
1079 			char* d;
1080 #ifdef UB_ON_WINDOWS
1081 			w_config_adjust_directory(cfg_parser->cfg);
1082 #endif
1083 			d = cfg_parser->cfg->directory;
1084 			/* adjust directory if we have already chroot,
1085 			 * like, we reread after sighup */
1086 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1087 				strncmp(d, cfg_parser->chroot, strlen(
1088 				cfg_parser->chroot)) == 0)
1089 				d += strlen(cfg_parser->chroot);
1090 			if(d[0]) {
1091 			    if(chdir(d))
1092 				log_err("cannot chdir to directory: %s (%s)",
1093 					d, strerror(errno));
1094 			}
1095 		}
1096 	}
1097 	;
1098 server_logfile: VAR_LOGFILE STRING_ARG
1099 	{
1100 		OUTYY(("P(server_logfile:%s)\n", $2));
1101 		free(cfg_parser->cfg->logfile);
1102 		cfg_parser->cfg->logfile = $2;
1103 		cfg_parser->cfg->use_syslog = 0;
1104 	}
1105 	;
1106 server_pidfile: VAR_PIDFILE STRING_ARG
1107 	{
1108 		OUTYY(("P(server_pidfile:%s)\n", $2));
1109 		free(cfg_parser->cfg->pidfile);
1110 		cfg_parser->cfg->pidfile = $2;
1111 	}
1112 	;
1113 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1114 	{
1115 		OUTYY(("P(server_root_hints:%s)\n", $2));
1116 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1117 			yyerror("out of memory");
1118 	}
1119 	;
1120 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1121 	{
1122 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1123 		free(cfg_parser->cfg->dlv_anchor_file);
1124 		cfg_parser->cfg->dlv_anchor_file = $2;
1125 	}
1126 	;
1127 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1128 	{
1129 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1130 		if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
1131 			yyerror("out of memory");
1132 	}
1133 	;
1134 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1135 	{
1136 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1137 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1138 			auto_trust_anchor_file_list, $2))
1139 			yyerror("out of memory");
1140 	}
1141 	;
1142 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1143 	{
1144 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1145 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1146 			trust_anchor_file_list, $2))
1147 			yyerror("out of memory");
1148 	}
1149 	;
1150 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1151 	{
1152 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1153 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1154 			trusted_keys_file_list, $2))
1155 			yyerror("out of memory");
1156 	}
1157 	;
1158 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1159 	{
1160 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1161 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1162 			yyerror("out of memory");
1163 	}
1164 	;
1165 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1166 	{
1167 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1168 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1169 			yyerror("expected yes or no.");
1170 		else
1171 			cfg_parser->cfg->trust_anchor_signaling =
1172 				(strcmp($2, "yes")==0);
1173 		free($2);
1174 	}
1175 	;
1176 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1177 	{
1178 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1179 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180 			yyerror("expected yes or no.");
1181 		else
1182 			cfg_parser->cfg->root_key_sentinel =
1183 				(strcmp($2, "yes")==0);
1184 		free($2);
1185 	}
1186 	;
1187 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1188 	{
1189 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1190 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1191 			yyerror("out of memory");
1192 	}
1193 	;
1194 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1195 	{
1196 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1197 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1198 			yyerror("expected yes or no.");
1199 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1200 		free($2);
1201 	}
1202 	;
1203 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1204 	{
1205 		OUTYY(("P(server_hide_version:%s)\n", $2));
1206 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1207 			yyerror("expected yes or no.");
1208 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1209 		free($2);
1210 	}
1211 	;
1212 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1213 	{
1214 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1215 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1216 			yyerror("expected yes or no.");
1217 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1218 		free($2);
1219 	}
1220 	;
1221 server_identity: VAR_IDENTITY STRING_ARG
1222 	{
1223 		OUTYY(("P(server_identity:%s)\n", $2));
1224 		free(cfg_parser->cfg->identity);
1225 		cfg_parser->cfg->identity = $2;
1226 	}
1227 	;
1228 server_version: VAR_VERSION STRING_ARG
1229 	{
1230 		OUTYY(("P(server_version:%s)\n", $2));
1231 		free(cfg_parser->cfg->version);
1232 		cfg_parser->cfg->version = $2;
1233 	}
1234 	;
1235 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1236 	{
1237 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1238 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1239 			yyerror("buffer size expected");
1240 		free($2);
1241 	}
1242 	;
1243 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1244 	{
1245 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1246 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1247 			yyerror("buffer size expected");
1248 		free($2);
1249 	}
1250 	;
1251 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1252     {
1253         OUTYY(("P(server_so_reuseport:%s)\n", $2));
1254         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1255             yyerror("expected yes or no.");
1256         else cfg_parser->cfg->so_reuseport =
1257             (strcmp($2, "yes")==0);
1258         free($2);
1259     }
1260     ;
1261 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1262     {
1263         OUTYY(("P(server_ip_transparent:%s)\n", $2));
1264         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1265             yyerror("expected yes or no.");
1266         else cfg_parser->cfg->ip_transparent =
1267             (strcmp($2, "yes")==0);
1268         free($2);
1269     }
1270     ;
1271 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1272     {
1273         OUTYY(("P(server_ip_freebind:%s)\n", $2));
1274         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1275             yyerror("expected yes or no.");
1276         else cfg_parser->cfg->ip_freebind =
1277             (strcmp($2, "yes")==0);
1278         free($2);
1279     }
1280     ;
1281 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1282 	{
1283 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1284 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1285 			yyerror("number expected");
1286 		else if (atoi($2) > 63)
1287 			yyerror("value too large (max 63)");
1288 		else if (atoi($2) < 0)
1289 			yyerror("value too small (min 0)");
1290 		else
1291 			cfg_parser->cfg->ip_dscp = atoi($2);
1292 		free($2);
1293 	}
1294 	;
1295 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1296 	{
1297 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1298 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1299 			yyerror("memory size expected");
1300 		free($2);
1301 	}
1302 	;
1303 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1304 	{
1305 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1306 		if(atoi($2) == 0)
1307 			yyerror("number expected");
1308 		else if (atoi($2) < 12)
1309 			yyerror("edns buffer size too small");
1310 		else if (atoi($2) > 65535)
1311 			cfg_parser->cfg->edns_buffer_size = 65535;
1312 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1313 		free($2);
1314 	}
1315 	;
1316 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1317 	{
1318 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1319 		if(atoi($2) == 0)
1320 			yyerror("number expected");
1321 		else if (atoi($2) < 4096)
1322 			yyerror("message buffer size too small (use 4096)");
1323 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1324 		free($2);
1325 	}
1326 	;
1327 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1328 	{
1329 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1330 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1331 			yyerror("memory size expected");
1332 		free($2);
1333 	}
1334 	;
1335 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1336 	{
1337 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1338 		if(atoi($2) == 0)
1339 			yyerror("number expected");
1340 		else {
1341 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1342 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1343 				yyerror("must be a power of 2");
1344 		}
1345 		free($2);
1346 	}
1347 	;
1348 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1349 	{
1350 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1351 		if(atoi($2) == 0)
1352 			yyerror("number expected");
1353 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1354 		free($2);
1355 	}
1356 	;
1357 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1358 	{
1359 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1360 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1361 			yyerror("number expected");
1362 		else cfg_parser->cfg->jostle_time = atoi($2);
1363 		free($2);
1364 	}
1365 	;
1366 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1367 	{
1368 		OUTYY(("P(server_delay_close:%s)\n", $2));
1369 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1370 			yyerror("number expected");
1371 		else cfg_parser->cfg->delay_close = atoi($2);
1372 		free($2);
1373 	}
1374 	;
1375 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1376 	{
1377 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1378 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1379 			yyerror("expected yes or no.");
1380 		else cfg_parser->cfg->unblock_lan_zones =
1381 			(strcmp($2, "yes")==0);
1382 		free($2);
1383 	}
1384 	;
1385 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1386 	{
1387 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1388 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1389 			yyerror("expected yes or no.");
1390 		else cfg_parser->cfg->insecure_lan_zones =
1391 			(strcmp($2, "yes")==0);
1392 		free($2);
1393 	}
1394 	;
1395 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1396 	{
1397 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1398 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1399 			yyerror("memory size expected");
1400 		free($2);
1401 	}
1402 	;
1403 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1404 	{
1405 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1406 		if(atoi($2) == 0)
1407 			yyerror("number expected");
1408 		else {
1409 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1410 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1411 				yyerror("must be a power of 2");
1412 		}
1413 		free($2);
1414 	}
1415 	;
1416 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1417 	{
1418 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1419 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1420 			yyerror("number expected");
1421 		else cfg_parser->cfg->host_ttl = atoi($2);
1422 		free($2);
1423 	}
1424 	;
1425 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1426 	{
1427 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1428 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1429 			"removed, use infra-host-ttl)", $2);
1430 		free($2);
1431 	}
1432 	;
1433 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1434 	{
1435 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1436 		if(atoi($2) == 0)
1437 			yyerror("number expected");
1438 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1439 		free($2);
1440 	}
1441 	;
1442 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1443 	{
1444 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1445 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1446 			"(option removed, use infra-cache-numhosts)", $2);
1447 		free($2);
1448 	}
1449 	;
1450 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1451 	{
1452 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1453 		if(atoi($2) == 0)
1454 			yyerror("number expected");
1455 		else {
1456 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1457 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1458 				yyerror("must be a power of 2");
1459 		}
1460 		free($2);
1461 	}
1462 	;
1463 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1464 	{
1465 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1466 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1467 			yyerror("number expected");
1468 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1469 		free($2);
1470 	}
1471 	;
1472 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1473 	{
1474 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1475 		free(cfg_parser->cfg->target_fetch_policy);
1476 		cfg_parser->cfg->target_fetch_policy = $2;
1477 	}
1478 	;
1479 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1480 	{
1481 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1482 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1483 			yyerror("expected yes or no.");
1484 		else cfg_parser->cfg->harden_short_bufsize =
1485 			(strcmp($2, "yes")==0);
1486 		free($2);
1487 	}
1488 	;
1489 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1490 	{
1491 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1492 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1493 			yyerror("expected yes or no.");
1494 		else cfg_parser->cfg->harden_large_queries =
1495 			(strcmp($2, "yes")==0);
1496 		free($2);
1497 	}
1498 	;
1499 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1500 	{
1501 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1502 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1503 			yyerror("expected yes or no.");
1504 		else cfg_parser->cfg->harden_glue =
1505 			(strcmp($2, "yes")==0);
1506 		free($2);
1507 	}
1508 	;
1509 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1510 	{
1511 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1512 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1513 			yyerror("expected yes or no.");
1514 		else cfg_parser->cfg->harden_dnssec_stripped =
1515 			(strcmp($2, "yes")==0);
1516 		free($2);
1517 	}
1518 	;
1519 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1520 	{
1521 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1522 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1523 			yyerror("expected yes or no.");
1524 		else cfg_parser->cfg->harden_below_nxdomain =
1525 			(strcmp($2, "yes")==0);
1526 		free($2);
1527 	}
1528 	;
1529 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1530 	{
1531 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1532 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1533 			yyerror("expected yes or no.");
1534 		else cfg_parser->cfg->harden_referral_path =
1535 			(strcmp($2, "yes")==0);
1536 		free($2);
1537 	}
1538 	;
1539 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1540 	{
1541 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1542 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1543 			yyerror("expected yes or no.");
1544 		else cfg_parser->cfg->harden_algo_downgrade =
1545 			(strcmp($2, "yes")==0);
1546 		free($2);
1547 	}
1548 	;
1549 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1550 	{
1551 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1552 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1553 			yyerror("expected yes or no.");
1554 		else cfg_parser->cfg->use_caps_bits_for_id =
1555 			(strcmp($2, "yes")==0);
1556 		free($2);
1557 	}
1558 	;
1559 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1560 	{
1561 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1562 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1563 			yyerror("out of memory");
1564 	}
1565 	;
1566 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1567 	{
1568 		OUTYY(("P(server_private_address:%s)\n", $2));
1569 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1570 			yyerror("out of memory");
1571 	}
1572 	;
1573 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1574 	{
1575 		OUTYY(("P(server_private_domain:%s)\n", $2));
1576 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1577 			yyerror("out of memory");
1578 	}
1579 	;
1580 server_prefetch: VAR_PREFETCH STRING_ARG
1581 	{
1582 		OUTYY(("P(server_prefetch:%s)\n", $2));
1583 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1584 			yyerror("expected yes or no.");
1585 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1586 		free($2);
1587 	}
1588 	;
1589 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1590 	{
1591 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1592 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1593 			yyerror("expected yes or no.");
1594 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1595 		free($2);
1596 	}
1597 	;
1598 server_deny_any: VAR_DENY_ANY STRING_ARG
1599 	{
1600 		OUTYY(("P(server_deny_any:%s)\n", $2));
1601 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1602 			yyerror("expected yes or no.");
1603 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1604 		free($2);
1605 	}
1606 	;
1607 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1608 	{
1609 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1610 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1611 			yyerror("number expected");
1612 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1613 		free($2);
1614 	}
1615 	;
1616 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1617 	{
1618 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1619 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1620 			yyerror("out of memory");
1621 	}
1622 	;
1623 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1624 	{
1625 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1626 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1627 			yyerror("expected yes or no.");
1628 		else cfg_parser->cfg->donotquery_localhost =
1629 			(strcmp($2, "yes")==0);
1630 		free($2);
1631 	}
1632 	;
1633 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1634 	{
1635 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1636 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1637 			strcmp($3, "deny_non_local")!=0 &&
1638 			strcmp($3, "refuse_non_local")!=0 &&
1639 			strcmp($3, "allow_setrd")!=0 &&
1640 			strcmp($3, "allow")!=0 &&
1641 			strcmp($3, "allow_snoop")!=0) {
1642 			yyerror("expected deny, refuse, deny_non_local, "
1643 				"refuse_non_local, allow, allow_setrd or "
1644 				"allow_snoop in access control action");
1645 			free($2);
1646 			free($3);
1647 		} else {
1648 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1649 				fatal_exit("out of memory adding acl");
1650 		}
1651 	}
1652 	;
1653 server_module_conf: VAR_MODULE_CONF STRING_ARG
1654 	{
1655 		OUTYY(("P(server_module_conf:%s)\n", $2));
1656 		free(cfg_parser->cfg->module_conf);
1657 		cfg_parser->cfg->module_conf = $2;
1658 	}
1659 	;
1660 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1661 	{
1662 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1663 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1664 			cfg_parser->cfg->val_date_override = 0;
1665 		} else if(strlen($2) == 14) {
1666 			cfg_parser->cfg->val_date_override =
1667 				cfg_convert_timeval($2);
1668 			if(!cfg_parser->cfg->val_date_override)
1669 				yyerror("bad date/time specification");
1670 		} else {
1671 			if(atoi($2) == 0)
1672 				yyerror("number expected");
1673 			cfg_parser->cfg->val_date_override = atoi($2);
1674 		}
1675 		free($2);
1676 	}
1677 	;
1678 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1679 	{
1680 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1681 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1682 			cfg_parser->cfg->val_sig_skew_min = 0;
1683 		} else {
1684 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1685 			if(!cfg_parser->cfg->val_sig_skew_min)
1686 				yyerror("number expected");
1687 		}
1688 		free($2);
1689 	}
1690 	;
1691 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1692 	{
1693 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1694 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1695 			cfg_parser->cfg->val_sig_skew_max = 0;
1696 		} else {
1697 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1698 			if(!cfg_parser->cfg->val_sig_skew_max)
1699 				yyerror("number expected");
1700 		}
1701 		free($2);
1702 	}
1703 	;
1704 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1705 	{
1706 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1707 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1708 			yyerror("number expected");
1709 		else cfg_parser->cfg->max_ttl = atoi($2);
1710 		free($2);
1711 	}
1712 	;
1713 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1714 	{
1715 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1716 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1717 			yyerror("number expected");
1718 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1719 		free($2);
1720 	}
1721 	;
1722 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1723 	{
1724 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1725 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1726 			yyerror("number expected");
1727 		else cfg_parser->cfg->min_ttl = atoi($2);
1728 		free($2);
1729 	}
1730 	;
1731 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1732 	{
1733 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1734 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1735 			yyerror("number expected");
1736 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1737 		free($2);
1738 	}
1739 	;
1740 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1741 	{
1742 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1743 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1744 			yyerror("expected yes or no.");
1745 		else cfg_parser->cfg->val_clean_additional =
1746 			(strcmp($2, "yes")==0);
1747 		free($2);
1748 	}
1749 	;
1750 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1751 	{
1752 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1753 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1754 			yyerror("expected yes or no.");
1755 		else cfg_parser->cfg->val_permissive_mode =
1756 			(strcmp($2, "yes")==0);
1757 		free($2);
1758 	}
1759 	;
1760 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1761 	{
1762 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1763 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1764 			yyerror("expected yes or no.");
1765 		else
1766 			cfg_parser->cfg->aggressive_nsec =
1767 				(strcmp($2, "yes")==0);
1768 		free($2);
1769 	}
1770 	;
1771 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1772 	{
1773 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1774 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1775 			yyerror("expected yes or no.");
1776 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1777 		free($2);
1778 	}
1779 	;
1780 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1781 	{
1782 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1783 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1784 			yyerror("expected yes or no.");
1785 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1786 		free($2);
1787 	}
1788 	;
1789 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1790 	{
1791 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1792 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1793 			yyerror("number expected");
1794 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1795 		free($2);
1796 	}
1797 	;
1798 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1799 	{
1800 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1801 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1802 			yyerror("expected yes or no.");
1803 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1804 		free($2);
1805 	}
1806 	;
1807 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
1808 	{
1809 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
1810 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1811 			yyerror("number expected");
1812 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
1813 		free($2);
1814 	}
1815 	;
1816 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
1817 	{
1818 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
1819 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1820 			yyerror("number expected");
1821 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
1822 		free($2);
1823 	}
1824 	;
1825 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1826 	{
1827 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
1828 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1829 			yyerror("expected yes or no.");
1830 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1831 		else fake_dsa = (strcmp($2, "yes")==0);
1832 		if(fake_dsa)
1833 			log_warn("test option fake_dsa is enabled");
1834 #endif
1835 		free($2);
1836 	}
1837 	;
1838 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1839 	{
1840 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
1841 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1842 			yyerror("expected yes or no.");
1843 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1844 		else fake_sha1 = (strcmp($2, "yes")==0);
1845 		if(fake_sha1)
1846 			log_warn("test option fake_sha1 is enabled");
1847 #endif
1848 		free($2);
1849 	}
1850 	;
1851 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1852 	{
1853 		OUTYY(("P(server_val_log_level:%s)\n", $2));
1854 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1855 			yyerror("number expected");
1856 		else cfg_parser->cfg->val_log_level = atoi($2);
1857 		free($2);
1858 	}
1859 	;
1860 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1861 	{
1862 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1863 		free(cfg_parser->cfg->val_nsec3_key_iterations);
1864 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
1865 	}
1866 	;
1867 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1868 	{
1869 		OUTYY(("P(server_add_holddown:%s)\n", $2));
1870 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1871 			yyerror("number expected");
1872 		else cfg_parser->cfg->add_holddown = atoi($2);
1873 		free($2);
1874 	}
1875 	;
1876 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1877 	{
1878 		OUTYY(("P(server_del_holddown:%s)\n", $2));
1879 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1880 			yyerror("number expected");
1881 		else cfg_parser->cfg->del_holddown = atoi($2);
1882 		free($2);
1883 	}
1884 	;
1885 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1886 	{
1887 		OUTYY(("P(server_keep_missing:%s)\n", $2));
1888 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1889 			yyerror("number expected");
1890 		else cfg_parser->cfg->keep_missing = atoi($2);
1891 		free($2);
1892 	}
1893 	;
1894 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1895 	{
1896 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1897 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1898 			yyerror("expected yes or no.");
1899 		else cfg_parser->cfg->permit_small_holddown =
1900 			(strcmp($2, "yes")==0);
1901 		free($2);
1902 	}
1903 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1904 	{
1905 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
1906 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1907 			yyerror("memory size expected");
1908 		free($2);
1909 	}
1910 	;
1911 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1912 	{
1913 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1914 		if(atoi($2) == 0)
1915 			yyerror("number expected");
1916 		else {
1917 			cfg_parser->cfg->key_cache_slabs = atoi($2);
1918 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1919 				yyerror("must be a power of 2");
1920 		}
1921 		free($2);
1922 	}
1923 	;
1924 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1925 	{
1926 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1927 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1928 			yyerror("memory size expected");
1929 		free($2);
1930 	}
1931 	;
1932 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1933 	{
1934 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1935 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1936 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1937 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1938 		   && strcmp($3, "typetransparent")!=0
1939 		   && strcmp($3, "always_transparent")!=0
1940 		   && strcmp($3, "always_refuse")!=0
1941 		   && strcmp($3, "always_nxdomain")!=0
1942 		   && strcmp($3, "noview")!=0
1943 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
1944 		   && strcmp($3, "inform_redirect") != 0
1945 			 && strcmp($3, "ipset") != 0) {
1946 			yyerror("local-zone type: expected static, deny, "
1947 				"refuse, redirect, transparent, "
1948 				"typetransparent, inform, inform_deny, "
1949 				"inform_redirect, always_transparent, "
1950 				"always_refuse, always_nxdomain, noview "
1951 				", nodefault or ipset");
1952 			free($2);
1953 			free($3);
1954 		} else if(strcmp($3, "nodefault")==0) {
1955 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1956 				local_zones_nodefault, $2))
1957 				fatal_exit("out of memory adding local-zone");
1958 			free($3);
1959 #ifdef USE_IPSET
1960 		} else if(strcmp($3, "ipset")==0) {
1961 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1962 				local_zones_ipset, $2))
1963 				fatal_exit("out of memory adding local-zone");
1964 			free($3);
1965 #endif
1966 		} else {
1967 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1968 				$2, $3))
1969 				fatal_exit("out of memory adding local-zone");
1970 		}
1971 	}
1972 	;
1973 server_local_data: VAR_LOCAL_DATA STRING_ARG
1974 	{
1975 		OUTYY(("P(server_local_data:%s)\n", $2));
1976 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1977 			fatal_exit("out of memory adding local-data");
1978 	}
1979 	;
1980 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1981 	{
1982 		char* ptr;
1983 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1984 		ptr = cfg_ptr_reverse($2);
1985 		free($2);
1986 		if(ptr) {
1987 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1988 				local_data, ptr))
1989 				fatal_exit("out of memory adding local-data");
1990 		} else {
1991 			yyerror("local-data-ptr could not be reversed");
1992 		}
1993 	}
1994 	;
1995 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1996 	{
1997 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
1998 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1999 			yyerror("expected yes or no.");
2000 		else cfg_parser->cfg->minimal_responses =
2001 			(strcmp($2, "yes")==0);
2002 		free($2);
2003 	}
2004 	;
2005 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2006 	{
2007 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2008 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2009 			yyerror("expected yes or no.");
2010 		else cfg_parser->cfg->rrset_roundrobin =
2011 			(strcmp($2, "yes")==0);
2012 		free($2);
2013 	}
2014 	;
2015 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2016 	{
2017 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2018 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2019 		free($2);
2020 	}
2021 	;
2022 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2023 	{
2024 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2025 		cfg_parser->cfg->max_udp_size = atoi($2);
2026 		free($2);
2027 	}
2028 	;
2029 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2030 	{
2031 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2032 		free(cfg_parser->cfg->dns64_prefix);
2033 		cfg_parser->cfg->dns64_prefix = $2;
2034 	}
2035 	;
2036 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2037 	{
2038 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2039 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2040 			yyerror("expected yes or no.");
2041 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2042 		free($2);
2043 	}
2044 	;
2045 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2046 	{
2047 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2048 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2049 			$2))
2050 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2051 	}
2052 	;
2053 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2054 	{
2055 		char* p, *s = $2;
2056 		OUTYY(("P(server_define_tag:%s)\n", $2));
2057 		while((p=strsep(&s, " \t\n")) != NULL) {
2058 			if(*p) {
2059 				if(!config_add_tag(cfg_parser->cfg, p))
2060 					yyerror("could not define-tag, "
2061 						"out of memory");
2062 			}
2063 		}
2064 		free($2);
2065 	}
2066 	;
2067 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2068 	{
2069 		size_t len = 0;
2070 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2071 			&len);
2072 		free($3);
2073 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2074 		if(!bitlist) {
2075 			yyerror("could not parse tags, (define-tag them first)");
2076 			free($2);
2077 		}
2078 		if(bitlist) {
2079 			if(!cfg_strbytelist_insert(
2080 				&cfg_parser->cfg->local_zone_tags,
2081 				$2, bitlist, len)) {
2082 				yyerror("out of memory");
2083 				free($2);
2084 			}
2085 		}
2086 	}
2087 	;
2088 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2089 	{
2090 		size_t len = 0;
2091 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2092 			&len);
2093 		free($3);
2094 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2095 		if(!bitlist) {
2096 			yyerror("could not parse tags, (define-tag them first)");
2097 			free($2);
2098 		}
2099 		if(bitlist) {
2100 			if(!cfg_strbytelist_insert(
2101 				&cfg_parser->cfg->acl_tags,
2102 				$2, bitlist, len)) {
2103 				yyerror("out of memory");
2104 				free($2);
2105 			}
2106 		}
2107 	}
2108 	;
2109 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2110 	{
2111 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2112 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2113 			$2, $3, $4)) {
2114 			yyerror("out of memory");
2115 			free($2);
2116 			free($3);
2117 			free($4);
2118 		}
2119 	}
2120 	;
2121 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2122 	{
2123 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2124 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2125 			$2, $3, $4)) {
2126 			yyerror("out of memory");
2127 			free($2);
2128 			free($3);
2129 			free($4);
2130 		}
2131 	}
2132 	;
2133 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2134 	{
2135 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2136 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2137 			$2, $3, $4)) {
2138 			yyerror("out of memory");
2139 			free($2);
2140 			free($3);
2141 			free($4);
2142 		}
2143 	}
2144 	;
2145 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2146 	{
2147 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2148 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2149 			$2, $3)) {
2150 			yyerror("out of memory");
2151 		}
2152 	}
2153 	;
2154 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2155 	{
2156 		size_t len = 0;
2157 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2158 			&len);
2159 		free($3);
2160 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2161 		if(!bitlist) {
2162 			yyerror("could not parse tags, (define-tag them first)");
2163 			free($2);
2164 		}
2165 		if(bitlist) {
2166 			if(!cfg_strbytelist_insert(
2167 				&cfg_parser->cfg->respip_tags,
2168 				$2, bitlist, len)) {
2169 				yyerror("out of memory");
2170 				free($2);
2171 			}
2172 		}
2173 	}
2174 	;
2175 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2176 	{
2177 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2178 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2179 			yyerror("number expected");
2180 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2181 		free($2);
2182 	}
2183 	;
2184 
2185 server_ratelimit: VAR_RATELIMIT STRING_ARG
2186 	{
2187 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2188 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2189 			yyerror("number expected");
2190 		else cfg_parser->cfg->ratelimit = atoi($2);
2191 		free($2);
2192 	}
2193 	;
2194 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2195   {
2196   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2197   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2198   		yyerror("memory size expected");
2199   	free($2);
2200   }
2201   ;
2202 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2203 	{
2204 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2205 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2206 			yyerror("memory size expected");
2207 		free($2);
2208 	}
2209 	;
2210 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2211   {
2212   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2213   	if(atoi($2) == 0)
2214   		yyerror("number expected");
2215   	else {
2216   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2217   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2218   			yyerror("must be a power of 2");
2219   	}
2220   	free($2);
2221   }
2222   ;
2223 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2224 	{
2225 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2226 		if(atoi($2) == 0)
2227 			yyerror("number expected");
2228 		else {
2229 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2230 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2231 				yyerror("must be a power of 2");
2232 		}
2233 		free($2);
2234 	}
2235 	;
2236 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2237 	{
2238 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2239 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2240 			yyerror("number expected");
2241 			free($2);
2242 			free($3);
2243 		} else {
2244 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2245 				ratelimit_for_domain, $2, $3))
2246 				fatal_exit("out of memory adding "
2247 					"ratelimit-for-domain");
2248 		}
2249 	}
2250 	;
2251 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2252 	{
2253 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2254 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2255 			yyerror("number expected");
2256 			free($2);
2257 			free($3);
2258 		} else {
2259 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2260 				ratelimit_below_domain, $2, $3))
2261 				fatal_exit("out of memory adding "
2262 					"ratelimit-below-domain");
2263 		}
2264 	}
2265 	;
2266 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2267   {
2268   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2269   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
2270   		yyerror("number expected");
2271   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2272   	free($2);
2273 	}
2274 	;
2275 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2276 	{
2277 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2278 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2279 			yyerror("number expected");
2280 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2281 		free($2);
2282 	}
2283 	;
2284 server_low_rtt: VAR_LOW_RTT STRING_ARG
2285 	{
2286 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2287 		free($2);
2288 	}
2289 	;
2290 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2291 	{
2292 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2293 		if(atoi($2) <= 0)
2294 			yyerror("number expected");
2295 		else cfg_parser->cfg->fast_server_num = atoi($2);
2296 		free($2);
2297 	}
2298 	;
2299 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2300 	{
2301 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2302 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2303 			yyerror("number expected");
2304 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2305 		free($2);
2306 	}
2307 	;
2308 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2309 	{
2310 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2311 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2312 			yyerror("expected yes or no.");
2313 		else cfg_parser->cfg->qname_minimisation =
2314 			(strcmp($2, "yes")==0);
2315 		free($2);
2316 	}
2317 	;
2318 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2319 	{
2320 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2321 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2322 			yyerror("expected yes or no.");
2323 		else cfg_parser->cfg->qname_minimisation_strict =
2324 			(strcmp($2, "yes")==0);
2325 		free($2);
2326 	}
2327 	;
2328 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2329 	{
2330 	#ifdef USE_IPSECMOD
2331 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2332 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2333 			yyerror("expected yes or no.");
2334 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2335 	#else
2336 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2337 	#endif
2338 		free($2);
2339 	}
2340 	;
2341 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2342 	{
2343 	#ifdef USE_IPSECMOD
2344 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2345 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2346 			yyerror("expected yes or no.");
2347 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2348 	#else
2349 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2350 	#endif
2351 		free($2);
2352 	}
2353 	;
2354 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2355 	{
2356 	#ifdef USE_IPSECMOD
2357 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2358 		free(cfg_parser->cfg->ipsecmod_hook);
2359 		cfg_parser->cfg->ipsecmod_hook = $2;
2360 	#else
2361 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2362 		free($2);
2363 	#endif
2364 	}
2365 	;
2366 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2367 	{
2368 	#ifdef USE_IPSECMOD
2369 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2370 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2371 			yyerror("number expected");
2372 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2373 		free($2);
2374 	#else
2375 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2376 		free($2);
2377 	#endif
2378 	}
2379 	;
2380 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2381 	{
2382 	#ifdef USE_IPSECMOD
2383 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2384 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2385 			yyerror("out of memory");
2386 	#else
2387 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2388 		free($2);
2389 	#endif
2390 	}
2391 	;
2392 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2393 	{
2394 	#ifdef USE_IPSECMOD
2395 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2396 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2397 			yyerror("expected yes or no.");
2398 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2399 		free($2);
2400 	#else
2401 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2402 		free($2);
2403 	#endif
2404 	}
2405 	;
2406 stub_name: VAR_NAME STRING_ARG
2407 	{
2408 		OUTYY(("P(name:%s)\n", $2));
2409 		if(cfg_parser->cfg->stubs->name)
2410 			yyerror("stub name override, there must be one name "
2411 				"for one stub-zone");
2412 		free(cfg_parser->cfg->stubs->name);
2413 		cfg_parser->cfg->stubs->name = $2;
2414 	}
2415 	;
2416 stub_host: VAR_STUB_HOST STRING_ARG
2417 	{
2418 		OUTYY(("P(stub-host:%s)\n", $2));
2419 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2420 			yyerror("out of memory");
2421 	}
2422 	;
2423 stub_addr: VAR_STUB_ADDR STRING_ARG
2424 	{
2425 		OUTYY(("P(stub-addr:%s)\n", $2));
2426 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2427 			yyerror("out of memory");
2428 	}
2429 	;
2430 stub_first: VAR_STUB_FIRST STRING_ARG
2431 	{
2432 		OUTYY(("P(stub-first:%s)\n", $2));
2433 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2434 			yyerror("expected yes or no.");
2435 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2436 		free($2);
2437 	}
2438 	;
2439 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2440 	{
2441 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2442 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2443 			yyerror("expected yes or no.");
2444 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2445 		free($2);
2446 	}
2447 	;
2448 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2449 	{
2450 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2451 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2452 			yyerror("expected yes or no.");
2453 		else cfg_parser->cfg->stubs->ssl_upstream =
2454 			(strcmp($2, "yes")==0);
2455 		free($2);
2456 	}
2457 	;
2458 stub_prime: VAR_STUB_PRIME STRING_ARG
2459 	{
2460 		OUTYY(("P(stub-prime:%s)\n", $2));
2461 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2462 			yyerror("expected yes or no.");
2463 		else cfg_parser->cfg->stubs->isprime =
2464 			(strcmp($2, "yes")==0);
2465 		free($2);
2466 	}
2467 	;
2468 forward_name: VAR_NAME STRING_ARG
2469 	{
2470 		OUTYY(("P(name:%s)\n", $2));
2471 		if(cfg_parser->cfg->forwards->name)
2472 			yyerror("forward name override, there must be one "
2473 				"name for one forward-zone");
2474 		free(cfg_parser->cfg->forwards->name);
2475 		cfg_parser->cfg->forwards->name = $2;
2476 	}
2477 	;
2478 forward_host: VAR_FORWARD_HOST STRING_ARG
2479 	{
2480 		OUTYY(("P(forward-host:%s)\n", $2));
2481 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2482 			yyerror("out of memory");
2483 	}
2484 	;
2485 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2486 	{
2487 		OUTYY(("P(forward-addr:%s)\n", $2));
2488 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2489 			yyerror("out of memory");
2490 	}
2491 	;
2492 forward_first: VAR_FORWARD_FIRST STRING_ARG
2493 	{
2494 		OUTYY(("P(forward-first:%s)\n", $2));
2495 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2496 			yyerror("expected yes or no.");
2497 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2498 		free($2);
2499 	}
2500 	;
2501 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2502 	{
2503 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2504 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2505 			yyerror("expected yes or no.");
2506 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2507 		free($2);
2508 	}
2509 	;
2510 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2511 	{
2512 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2513 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2514 			yyerror("expected yes or no.");
2515 		else cfg_parser->cfg->forwards->ssl_upstream =
2516 			(strcmp($2, "yes")==0);
2517 		free($2);
2518 	}
2519 	;
2520 auth_name: VAR_NAME STRING_ARG
2521 	{
2522 		OUTYY(("P(name:%s)\n", $2));
2523 		if(cfg_parser->cfg->auths->name)
2524 			yyerror("auth name override, there must be one name "
2525 				"for one auth-zone");
2526 		free(cfg_parser->cfg->auths->name);
2527 		cfg_parser->cfg->auths->name = $2;
2528 	}
2529 	;
2530 auth_zonefile: VAR_ZONEFILE STRING_ARG
2531 	{
2532 		OUTYY(("P(zonefile:%s)\n", $2));
2533 		free(cfg_parser->cfg->auths->zonefile);
2534 		cfg_parser->cfg->auths->zonefile = $2;
2535 	}
2536 	;
2537 auth_master: VAR_MASTER STRING_ARG
2538 	{
2539 		OUTYY(("P(master:%s)\n", $2));
2540 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2541 			yyerror("out of memory");
2542 	}
2543 	;
2544 auth_url: VAR_URL STRING_ARG
2545 	{
2546 		OUTYY(("P(url:%s)\n", $2));
2547 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2548 			yyerror("out of memory");
2549 	}
2550 	;
2551 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2552 	{
2553 		OUTYY(("P(allow-notify:%s)\n", $2));
2554 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2555 			$2))
2556 			yyerror("out of memory");
2557 	}
2558 	;
2559 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2560 	{
2561 		OUTYY(("P(for-downstream:%s)\n", $2));
2562 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2563 			yyerror("expected yes or no.");
2564 		else cfg_parser->cfg->auths->for_downstream =
2565 			(strcmp($2, "yes")==0);
2566 		free($2);
2567 	}
2568 	;
2569 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2570 	{
2571 		OUTYY(("P(for-upstream:%s)\n", $2));
2572 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2573 			yyerror("expected yes or no.");
2574 		else cfg_parser->cfg->auths->for_upstream =
2575 			(strcmp($2, "yes")==0);
2576 		free($2);
2577 	}
2578 	;
2579 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2580 	{
2581 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2582 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2583 			yyerror("expected yes or no.");
2584 		else cfg_parser->cfg->auths->fallback_enabled =
2585 			(strcmp($2, "yes")==0);
2586 		free($2);
2587 	}
2588 	;
2589 view_name: VAR_NAME STRING_ARG
2590 	{
2591 		OUTYY(("P(name:%s)\n", $2));
2592 		if(cfg_parser->cfg->views->name)
2593 			yyerror("view name override, there must be one "
2594 				"name for one view");
2595 		free(cfg_parser->cfg->views->name);
2596 		cfg_parser->cfg->views->name = $2;
2597 	}
2598 	;
2599 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2600 	{
2601 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2602 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2603 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2604 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2605 		   && strcmp($3, "typetransparent")!=0
2606 		   && strcmp($3, "always_transparent")!=0
2607 		   && strcmp($3, "always_refuse")!=0
2608 		   && strcmp($3, "always_nxdomain")!=0
2609 		   && strcmp($3, "noview")!=0
2610 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2611 			yyerror("local-zone type: expected static, deny, "
2612 				"refuse, redirect, transparent, "
2613 				"typetransparent, inform, inform_deny, "
2614 				"always_transparent, always_refuse, "
2615 				"always_nxdomain, noview or nodefault");
2616 			free($2);
2617 			free($3);
2618 		} else if(strcmp($3, "nodefault")==0) {
2619 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2620 				local_zones_nodefault, $2))
2621 				fatal_exit("out of memory adding local-zone");
2622 			free($3);
2623 #ifdef USE_IPSET
2624 		} else if(strcmp($3, "ipset")==0) {
2625 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2626 				local_zones_ipset, $2))
2627 				fatal_exit("out of memory adding local-zone");
2628 			free($3);
2629 #endif
2630 		} else {
2631 			if(!cfg_str2list_insert(
2632 				&cfg_parser->cfg->views->local_zones,
2633 				$2, $3))
2634 				fatal_exit("out of memory adding local-zone");
2635 		}
2636 	}
2637 	;
2638 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2639 	{
2640 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2641 		validate_respip_action($3);
2642 		if(!cfg_str2list_insert(
2643 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2644 			fatal_exit("out of memory adding per-view "
2645 				"response-ip action");
2646 	}
2647 	;
2648 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2649 	{
2650 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2651 		if(!cfg_str2list_insert(
2652 			&cfg_parser->cfg->views->respip_data, $2, $3))
2653 			fatal_exit("out of memory adding response-ip-data");
2654 	}
2655 	;
2656 view_local_data: VAR_LOCAL_DATA STRING_ARG
2657 	{
2658 		OUTYY(("P(view_local_data:%s)\n", $2));
2659 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2660 			fatal_exit("out of memory adding local-data");
2661 		}
2662 	}
2663 	;
2664 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2665 	{
2666 		char* ptr;
2667 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2668 		ptr = cfg_ptr_reverse($2);
2669 		free($2);
2670 		if(ptr) {
2671 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2672 				local_data, ptr))
2673 				fatal_exit("out of memory adding local-data");
2674 		} else {
2675 			yyerror("local-data-ptr could not be reversed");
2676 		}
2677 	}
2678 	;
2679 view_first: VAR_VIEW_FIRST STRING_ARG
2680 	{
2681 		OUTYY(("P(view-first:%s)\n", $2));
2682 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2683 			yyerror("expected yes or no.");
2684 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2685 		free($2);
2686 	}
2687 	;
2688 rcstart: VAR_REMOTE_CONTROL
2689 	{
2690 		OUTYY(("\nP(remote-control:)\n"));
2691 	}
2692 	;
2693 contents_rc: contents_rc content_rc
2694 	| ;
2695 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2696 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2697 	rc_control_cert_file | rc_control_use_cert
2698 	;
2699 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2700 	{
2701 		OUTYY(("P(control_enable:%s)\n", $2));
2702 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2703 			yyerror("expected yes or no.");
2704 		else cfg_parser->cfg->remote_control_enable =
2705 			(strcmp($2, "yes")==0);
2706 		free($2);
2707 	}
2708 	;
2709 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2710 	{
2711 		OUTYY(("P(control_port:%s)\n", $2));
2712 		if(atoi($2) == 0)
2713 			yyerror("control port number expected");
2714 		else cfg_parser->cfg->control_port = atoi($2);
2715 		free($2);
2716 	}
2717 	;
2718 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2719 	{
2720 		OUTYY(("P(control_interface:%s)\n", $2));
2721 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2722 			yyerror("out of memory");
2723 	}
2724 	;
2725 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2726 	{
2727 		OUTYY(("P(control_use_cert:%s)\n", $2));
2728 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2729 		free($2);
2730 	}
2731 	;
2732 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2733 	{
2734 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
2735 		free(cfg_parser->cfg->server_key_file);
2736 		cfg_parser->cfg->server_key_file = $2;
2737 	}
2738 	;
2739 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2740 	{
2741 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2742 		free(cfg_parser->cfg->server_cert_file);
2743 		cfg_parser->cfg->server_cert_file = $2;
2744 	}
2745 	;
2746 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2747 	{
2748 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
2749 		free(cfg_parser->cfg->control_key_file);
2750 		cfg_parser->cfg->control_key_file = $2;
2751 	}
2752 	;
2753 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2754 	{
2755 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2756 		free(cfg_parser->cfg->control_cert_file);
2757 		cfg_parser->cfg->control_cert_file = $2;
2758 	}
2759 	;
2760 dtstart: VAR_DNSTAP
2761 	{
2762 		OUTYY(("\nP(dnstap:)\n"));
2763 	}
2764 	;
2765 contents_dt: contents_dt content_dt
2766 	| ;
2767 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
2768 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
2769 	dt_dnstap_tls_cert_bundle |
2770 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
2771 	dt_dnstap_send_identity | dt_dnstap_send_version |
2772 	dt_dnstap_identity | dt_dnstap_version |
2773 	dt_dnstap_log_resolver_query_messages |
2774 	dt_dnstap_log_resolver_response_messages |
2775 	dt_dnstap_log_client_query_messages |
2776 	dt_dnstap_log_client_response_messages |
2777 	dt_dnstap_log_forwarder_query_messages |
2778 	dt_dnstap_log_forwarder_response_messages
2779 	;
2780 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2781 	{
2782 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2783 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784 			yyerror("expected yes or no.");
2785 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2786 		free($2);
2787 	}
2788 	;
2789 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
2790 	{
2791 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
2792 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2793 			yyerror("expected yes or no.");
2794 		else cfg_parser->cfg->dnstap_bidirectional =
2795 			(strcmp($2, "yes")==0);
2796 		free($2);
2797 	}
2798 	;
2799 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2800 	{
2801 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2802 		free(cfg_parser->cfg->dnstap_socket_path);
2803 		cfg_parser->cfg->dnstap_socket_path = $2;
2804 	}
2805 	;
2806 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
2807 	{
2808 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
2809 		free(cfg_parser->cfg->dnstap_ip);
2810 		cfg_parser->cfg->dnstap_ip = $2;
2811 	}
2812 	;
2813 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
2814 	{
2815 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
2816 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2817 			yyerror("expected yes or no.");
2818 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
2819 		free($2);
2820 	}
2821 	;
2822 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
2823 	{
2824 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
2825 		free(cfg_parser->cfg->dnstap_tls_server_name);
2826 		cfg_parser->cfg->dnstap_tls_server_name = $2;
2827 	}
2828 	;
2829 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
2830 	{
2831 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
2832 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
2833 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
2834 	}
2835 	;
2836 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
2837 	{
2838 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
2839 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
2840 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
2841 	}
2842 	;
2843 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
2844 	{
2845 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
2846 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
2847 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
2848 	}
2849 	;
2850 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2851 	{
2852 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2853 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2854 			yyerror("expected yes or no.");
2855 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2856 		free($2);
2857 	}
2858 	;
2859 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2860 	{
2861 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2862 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2863 			yyerror("expected yes or no.");
2864 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2865 		free($2);
2866 	}
2867 	;
2868 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2869 	{
2870 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2871 		free(cfg_parser->cfg->dnstap_identity);
2872 		cfg_parser->cfg->dnstap_identity = $2;
2873 	}
2874 	;
2875 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2876 	{
2877 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2878 		free(cfg_parser->cfg->dnstap_version);
2879 		cfg_parser->cfg->dnstap_version = $2;
2880 	}
2881 	;
2882 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2883 	{
2884 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2885 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2886 			yyerror("expected yes or no.");
2887 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2888 			(strcmp($2, "yes")==0);
2889 		free($2);
2890 	}
2891 	;
2892 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2893 	{
2894 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2895 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2896 			yyerror("expected yes or no.");
2897 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2898 			(strcmp($2, "yes")==0);
2899 		free($2);
2900 	}
2901 	;
2902 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2903 	{
2904 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2905 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2906 			yyerror("expected yes or no.");
2907 		else cfg_parser->cfg->dnstap_log_client_query_messages =
2908 			(strcmp($2, "yes")==0);
2909 		free($2);
2910 	}
2911 	;
2912 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2913 	{
2914 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2915 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2916 			yyerror("expected yes or no.");
2917 		else cfg_parser->cfg->dnstap_log_client_response_messages =
2918 			(strcmp($2, "yes")==0);
2919 		free($2);
2920 	}
2921 	;
2922 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2923 	{
2924 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2925 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2926 			yyerror("expected yes or no.");
2927 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2928 			(strcmp($2, "yes")==0);
2929 		free($2);
2930 	}
2931 	;
2932 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2933 	{
2934 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2935 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2936 			yyerror("expected yes or no.");
2937 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2938 			(strcmp($2, "yes")==0);
2939 		free($2);
2940 	}
2941 	;
2942 pythonstart: VAR_PYTHON
2943 	{
2944 		OUTYY(("\nP(python:)\n"));
2945 	}
2946 	;
2947 contents_py: contents_py content_py
2948 	| ;
2949 content_py: py_script
2950 	;
2951 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2952 	{
2953 		OUTYY(("P(python-script:%s)\n", $2));
2954 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
2955 			yyerror("out of memory");
2956 	}
2957 dynlibstart: VAR_DYNLIB
2958 	{
2959 		OUTYY(("\nP(dynlib:)\n"));
2960 	}
2961 	;
2962 contents_dl: contents_dl content_dl
2963 	| ;
2964 content_dl: dl_file
2965 	;
2966 dl_file: VAR_DYNLIB_FILE STRING_ARG
2967 	{
2968 		OUTYY(("P(dynlib-file:%s)\n", $2));
2969 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
2970 			yyerror("out of memory");
2971 	}
2972 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2973 	{
2974 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2975 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2976 			yyerror("expected yes or no.");
2977 		else cfg_parser->cfg->disable_dnssec_lame_check =
2978 			(strcmp($2, "yes")==0);
2979 		free($2);
2980 	}
2981 	;
2982 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2983 	{
2984 		OUTYY(("P(server_log_identity:%s)\n", $2));
2985 		free(cfg_parser->cfg->log_identity);
2986 		cfg_parser->cfg->log_identity = $2;
2987 	}
2988 	;
2989 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2990 	{
2991 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2992 		validate_respip_action($3);
2993 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2994 			$2, $3))
2995 			fatal_exit("out of memory adding response-ip");
2996 	}
2997 	;
2998 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2999 	{
3000 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3001 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3002 			$2, $3))
3003 			fatal_exit("out of memory adding response-ip-data");
3004 	}
3005 	;
3006 dnscstart: VAR_DNSCRYPT
3007 	{
3008 		OUTYY(("\nP(dnscrypt:)\n"));
3009 	}
3010 	;
3011 contents_dnsc: contents_dnsc content_dnsc
3012 	| ;
3013 content_dnsc:
3014 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3015 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3016 	dnsc_dnscrypt_provider_cert_rotated |
3017 	dnsc_dnscrypt_shared_secret_cache_size |
3018 	dnsc_dnscrypt_shared_secret_cache_slabs |
3019 	dnsc_dnscrypt_nonce_cache_size |
3020 	dnsc_dnscrypt_nonce_cache_slabs
3021 	;
3022 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3023 	{
3024 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3025 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3026 			yyerror("expected yes or no.");
3027 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3028 		free($2);
3029 	}
3030 	;
3031 
3032 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3033 	{
3034 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3035 		if(atoi($2) == 0)
3036 			yyerror("port number expected");
3037 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3038 		free($2);
3039 	}
3040 	;
3041 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3042 	{
3043 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3044 		free(cfg_parser->cfg->dnscrypt_provider);
3045 		cfg_parser->cfg->dnscrypt_provider = $2;
3046 	}
3047 	;
3048 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3049 	{
3050 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3051 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3052 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3053 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3054 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3055 	}
3056 	;
3057 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3058 	{
3059 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3060 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3061 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3062 	}
3063 	;
3064 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3065 	{
3066 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3067 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3068 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3069 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3070 			fatal_exit("out of memory adding dnscrypt-secret-key");
3071 	}
3072 	;
3073 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3074   {
3075   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3076   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3077   		yyerror("memory size expected");
3078   	free($2);
3079   }
3080   ;
3081 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3082   {
3083   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3084   	if(atoi($2) == 0)
3085   		yyerror("number expected");
3086   	else {
3087   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3088   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3089   			yyerror("must be a power of 2");
3090   	}
3091   	free($2);
3092   }
3093   ;
3094 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3095   {
3096   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3097   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3098   		yyerror("memory size expected");
3099   	free($2);
3100   }
3101   ;
3102 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3103   {
3104   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3105   	if(atoi($2) == 0)
3106   		yyerror("number expected");
3107   	else {
3108   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3109   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3110   			yyerror("must be a power of 2");
3111   	}
3112   	free($2);
3113   }
3114   ;
3115 cachedbstart: VAR_CACHEDB
3116 	{
3117 		OUTYY(("\nP(cachedb:)\n"));
3118 	}
3119 	;
3120 contents_cachedb: contents_cachedb content_cachedb
3121 	| ;
3122 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3123 	redis_server_host | redis_server_port | redis_timeout |
3124 	redis_expire_records
3125 	;
3126 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3127 	{
3128 	#ifdef USE_CACHEDB
3129 		OUTYY(("P(backend:%s)\n", $2));
3130 		free(cfg_parser->cfg->cachedb_backend);
3131 		cfg_parser->cfg->cachedb_backend = $2;
3132 	#else
3133 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3134 		free($2);
3135 	#endif
3136 	}
3137 	;
3138 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3139 	{
3140 	#ifdef USE_CACHEDB
3141 		OUTYY(("P(secret-seed:%s)\n", $2));
3142 		free(cfg_parser->cfg->cachedb_secret);
3143 		cfg_parser->cfg->cachedb_secret = $2;
3144 	#else
3145 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3146 		free($2);
3147 	#endif
3148 	}
3149 	;
3150 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3151 	{
3152 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3153 		OUTYY(("P(redis_server_host:%s)\n", $2));
3154 		free(cfg_parser->cfg->redis_server_host);
3155 		cfg_parser->cfg->redis_server_host = $2;
3156 	#else
3157 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3158 		free($2);
3159 	#endif
3160 	}
3161 	;
3162 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3163 	{
3164 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3165 		int port;
3166 		OUTYY(("P(redis_server_port:%s)\n", $2));
3167 		port = atoi($2);
3168 		if(port == 0 || port < 0 || port > 65535)
3169 			yyerror("valid redis server port number expected");
3170 		else cfg_parser->cfg->redis_server_port = port;
3171 	#else
3172 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3173 	#endif
3174 		free($2);
3175 	}
3176 	;
3177 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3178 	{
3179 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3180 		OUTYY(("P(redis_timeout:%s)\n", $2));
3181 		if(atoi($2) == 0)
3182 			yyerror("redis timeout value expected");
3183 		else cfg_parser->cfg->redis_timeout = atoi($2);
3184 	#else
3185 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3186 	#endif
3187 		free($2);
3188 	}
3189 	;
3190 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3191 	{
3192 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3193 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3194 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3195 			yyerror("expected yes or no.");
3196 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3197 	#else
3198 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3199 	#endif
3200 		free($2);
3201 	}
3202 	;
3203 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3204 	{
3205 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3206 		if (atoi($3) < 0)
3207 			yyerror("positive number expected");
3208 		else {
3209 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3210 				fatal_exit("out of memory adding tcp connection limit");
3211 		}
3212 	}
3213 	;
3214 	ipsetstart: VAR_IPSET
3215 		{
3216 			OUTYY(("\nP(ipset:)\n"));
3217 		}
3218 		;
3219 	contents_ipset: contents_ipset content_ipset
3220 		| ;
3221 	content_ipset: ipset_name_v4 | ipset_name_v6
3222 		;
3223 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3224 		{
3225 		#ifdef USE_IPSET
3226 			OUTYY(("P(name-v4:%s)\n", $2));
3227 			if(cfg_parser->cfg->ipset_name_v4)
3228 				yyerror("ipset name v4 override, there must be one "
3229 					"name for ip v4");
3230 			free(cfg_parser->cfg->ipset_name_v4);
3231 			cfg_parser->cfg->ipset_name_v4 = $2;
3232 		#else
3233 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3234 			free($2);
3235 		#endif
3236 		}
3237 	;
3238 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3239 	{
3240 		#ifdef USE_IPSET
3241 			OUTYY(("P(name-v6:%s)\n", $2));
3242 			if(cfg_parser->cfg->ipset_name_v6)
3243 				yyerror("ipset name v6 override, there must be one "
3244 					"name for ip v6");
3245 			free(cfg_parser->cfg->ipset_name_v6);
3246 			cfg_parser->cfg->ipset_name_v6 = $2;
3247 		#else
3248 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3249 			free($2);
3250 		#endif
3251 		}
3252 	;
3253 %%
3254 
3255 /* parse helper routines could be here */
3256 static void
3257 validate_respip_action(const char* action)
3258 {
3259 	if(strcmp(action, "deny")!=0 &&
3260 		strcmp(action, "redirect")!=0 &&
3261 		strcmp(action, "inform")!=0 &&
3262 		strcmp(action, "inform_deny")!=0 &&
3263 		strcmp(action, "always_transparent")!=0 &&
3264 		strcmp(action, "always_refuse")!=0 &&
3265 		strcmp(action, "always_nxdomain")!=0)
3266 	{
3267 		yyerror("response-ip action: expected deny, redirect, "
3268 			"inform, inform_deny, always_transparent, "
3269 			"always_refuse or always_nxdomain");
3270 	}
3271 }
3272 
3273 
3274