xref: /freebsd/contrib/unbound/util/configparser.y (revision 963f5dc7a30624e95d72fb7f87b8892651164e46)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_FORCE_TOPLEVEL
73 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
74 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
75 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
76 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
77 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
78 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
79 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
80 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
81 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
82 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
83 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
84 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
85 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
86 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
87 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
88 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
89 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
90 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
91 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
92 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
93 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
94 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
95 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
96 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
97 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
98 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
99 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
100 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
101 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
102 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
103 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
104 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
105 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
106 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
107 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
108 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
109 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
110 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
111 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
112 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
113 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
114 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
115 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
116 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
117 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
118 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
119 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
120 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
121 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
122 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
123 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
124 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
125 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
126 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
127 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
128 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
129 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
130 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
131 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
132 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
133 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
134 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
136 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
137 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
138 %token VAR_IP_DSCP
139 %token VAR_DISABLE_DNSSEC_LAME_CHECK
140 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
141 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
142 %token VAR_OUTBOUND_MSG_RETRY
143 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
144 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
145 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
146 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
147 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
148 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
149 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
150 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
151 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
152 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
153 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
154 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
155 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
156 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
157 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
158 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
159 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
160 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
161 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
162 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
163 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
164 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
165 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
166 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
167 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
168 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
169 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
170 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
171 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
172 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
173 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
174 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
175 %token VAR_CACHEDB_REDISEXPIRERECORDS
176 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
177 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
178 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
179 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
180 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
181 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
182 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
183 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
184 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
185 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
186 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
187 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
188 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
189 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
190 
191 %%
192 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
193 toplevelvar: serverstart contents_server | stubstart contents_stub |
194 	forwardstart contents_forward | pythonstart contents_py |
195 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
196 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
197 	ipsetstart contents_ipset | authstart contents_auth |
198 	rpzstart contents_rpz | dynlibstart contents_dl |
199 	force_toplevel
200 	;
201 force_toplevel: VAR_FORCE_TOPLEVEL
202 	{
203 		OUTYY(("\nP(force-toplevel)\n"));
204 	}
205 	;
206 /* server: declaration */
207 serverstart: VAR_SERVER
208 	{
209 		OUTYY(("\nP(server:)\n"));
210 	}
211 	;
212 contents_server: contents_server content_server
213 	| ;
214 content_server: server_num_threads | server_verbosity | server_port |
215 	server_outgoing_range | server_do_ip4 |
216 	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
217 	server_do_udp | server_do_tcp |
218 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
219 	server_tcp_keepalive | server_tcp_keepalive_timeout |
220 	server_interface | server_chroot | server_username |
221 	server_directory | server_logfile | server_pidfile |
222 	server_msg_cache_size | server_msg_cache_slabs |
223 	server_num_queries_per_thread | server_rrset_cache_size |
224 	server_rrset_cache_slabs | server_outgoing_num_tcp |
225 	server_infra_host_ttl | server_infra_lame_ttl |
226 	server_infra_cache_slabs | server_infra_cache_numhosts |
227 	server_infra_cache_lame_size | server_target_fetch_policy |
228 	server_harden_short_bufsize | server_harden_large_queries |
229 	server_do_not_query_address | server_hide_identity |
230 	server_hide_version | server_identity | server_version |
231 	server_hide_http_user_agent | server_http_user_agent |
232 	server_harden_glue | server_module_conf | server_trust_anchor_file |
233 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
234 	server_val_clean_additional | server_val_permissive_mode |
235 	server_incoming_num_tcp | server_msg_buffer_size |
236 	server_key_cache_size | server_key_cache_slabs |
237 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
238 	server_use_syslog | server_outgoing_interface | server_root_hints |
239 	server_do_not_query_localhost | server_cache_max_ttl |
240 	server_harden_dnssec_stripped | server_access_control |
241 	server_local_zone | server_local_data | server_interface_automatic |
242 	server_statistics_interval | server_do_daemonize |
243 	server_use_caps_for_id | server_statistics_cumulative |
244 	server_outgoing_port_permit | server_outgoing_port_avoid |
245 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
246 	server_harden_referral_path | server_private_address |
247 	server_private_domain | server_extended_statistics |
248 	server_local_data_ptr | server_jostle_timeout |
249 	server_unwanted_reply_threshold | server_log_time_ascii |
250 	server_domain_insecure | server_val_sig_skew_min |
251 	server_val_sig_skew_max | server_val_max_restart |
252 	server_cache_min_ttl | server_val_log_level |
253 	server_auto_trust_anchor_file |	server_add_holddown |
254 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
255 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
256 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
257 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
258 	server_log_local_actions |
259 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
260 	server_https_port | server_http_endpoint | server_http_max_streams |
261 	server_http_query_buffer_size | server_http_response_buffer_size |
262 	server_http_nodelay | server_http_notls_downstream |
263 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
264 	server_so_reuseport | server_delay_close | server_udp_connect |
265 	server_unblock_lan_zones | server_insecure_lan_zones |
266 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
267 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
268 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
269 	server_ip_dscp | server_infra_keep_probing |
270 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
271 	server_ip_ratelimit_size | server_ratelimit_size |
272 	server_ratelimit_for_domain |
273 	server_ratelimit_below_domain | server_ratelimit_factor |
274 	server_ip_ratelimit_factor | server_outbound_msg_retry |
275 	server_send_client_subnet | server_client_subnet_zone |
276 	server_client_subnet_always_forward | server_client_subnet_opcode |
277 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
278 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
279 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
280 	server_caps_whitelist | server_cache_max_negative_ttl |
281 	server_permit_small_holddown | server_qname_minimisation |
282 	server_ip_freebind | server_define_tag | server_local_zone_tag |
283 	server_disable_dnssec_lame_check | server_access_control_tag |
284 	server_local_zone_override | server_access_control_tag_action |
285 	server_access_control_tag_data | server_access_control_view |
286 	server_qname_minimisation_strict |
287 	server_pad_responses | server_pad_responses_block_size |
288 	server_pad_queries | server_pad_queries_block_size |
289 	server_serve_expired |
290 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
291 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
292 	server_serve_original_ttl | server_fake_dsa |
293 	server_log_identity | server_use_systemd |
294 	server_response_ip_tag | server_response_ip | server_response_ip_data |
295 	server_shm_enable | server_shm_key | server_fake_sha1 |
296 	server_hide_trustanchor | server_trust_anchor_signaling |
297 	server_root_key_sentinel |
298 	server_ipsecmod_enabled | server_ipsecmod_hook |
299 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
300 	server_ipsecmod_whitelist | server_ipsecmod_strict |
301 	server_udp_upstream_without_downstream | server_aggressive_nsec |
302 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
303 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
304 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
305 	server_unknown_server_time_limit | server_log_tag_queryreply |
306 	server_stream_wait_size | server_tls_ciphers |
307 	server_tls_ciphersuites | server_tls_session_ticket_keys |
308 	server_tls_use_sni | server_edns_client_string |
309 	server_edns_client_string_opcode | server_nsid |
310 	server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
311 	server_tcp_reuse_timeout | server_tcp_auth_query_timeout
312 
313 	;
314 stubstart: VAR_STUB_ZONE
315 	{
316 		struct config_stub* s;
317 		OUTYY(("\nP(stub_zone:)\n"));
318 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
319 		if(s) {
320 			s->next = cfg_parser->cfg->stubs;
321 			cfg_parser->cfg->stubs = s;
322 		} else {
323 			yyerror("out of memory");
324 		}
325 	}
326 	;
327 contents_stub: contents_stub content_stub
328 	| ;
329 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
330 	stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
331 	;
332 forwardstart: VAR_FORWARD_ZONE
333 	{
334 		struct config_stub* s;
335 		OUTYY(("\nP(forward_zone:)\n"));
336 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
337 		if(s) {
338 			s->next = cfg_parser->cfg->forwards;
339 			cfg_parser->cfg->forwards = s;
340 		} else {
341 			yyerror("out of memory");
342 		}
343 	}
344 	;
345 contents_forward: contents_forward content_forward
346 	| ;
347 content_forward: forward_name | forward_host | forward_addr | forward_first |
348 	forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
349 	;
350 viewstart: VAR_VIEW
351 	{
352 		struct config_view* s;
353 		OUTYY(("\nP(view:)\n"));
354 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
355 		if(s) {
356 			s->next = cfg_parser->cfg->views;
357 			if(s->next && !s->next->name)
358 				yyerror("view without name");
359 			cfg_parser->cfg->views = s;
360 		} else {
361 			yyerror("out of memory");
362 		}
363 	}
364 	;
365 contents_view: contents_view content_view
366 	| ;
367 content_view: view_name | view_local_zone | view_local_data | view_first |
368 		view_response_ip | view_response_ip_data | view_local_data_ptr
369 	;
370 authstart: VAR_AUTH_ZONE
371 	{
372 		struct config_auth* s;
373 		OUTYY(("\nP(auth_zone:)\n"));
374 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
375 		if(s) {
376 			s->next = cfg_parser->cfg->auths;
377 			cfg_parser->cfg->auths = s;
378 			/* defaults for auth zone */
379 			s->for_downstream = 1;
380 			s->for_upstream = 1;
381 			s->fallback_enabled = 0;
382 			s->zonemd_check = 0;
383 			s->zonemd_reject_absence = 0;
384 			s->isrpz = 0;
385 		} else {
386 			yyerror("out of memory");
387 		}
388 	}
389 	;
390 contents_auth: contents_auth content_auth
391 	| ;
392 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
393 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
394 	auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
395 	;
396 
397 rpz_tag: VAR_TAGS STRING_ARG
398 	{
399 		uint8_t* bitlist;
400 		size_t len = 0;
401 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
402 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
403 			&len);
404 		free($2);
405 		if(!bitlist) {
406 			yyerror("could not parse tags, (define-tag them first)");
407 		}
408 		if(bitlist) {
409 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
410 			cfg_parser->cfg->auths->rpz_taglistlen = len;
411 
412 		}
413 	}
414 	;
415 
416 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
417 	{
418 		OUTYY(("P(rpz_action_override:%s)\n", $2));
419 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
420 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
421 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
422 			yyerror("rpz-action-override action: expected nxdomain, "
423 				"nodata, passthru, drop, cname or disabled");
424 			free($2);
425 			cfg_parser->cfg->auths->rpz_action_override = NULL;
426 		}
427 		else {
428 			cfg_parser->cfg->auths->rpz_action_override = $2;
429 		}
430 	}
431 	;
432 
433 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
434 	{
435 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
436 		free(cfg_parser->cfg->auths->rpz_cname);
437 		cfg_parser->cfg->auths->rpz_cname = $2;
438 	}
439 	;
440 
441 rpz_log: VAR_RPZ_LOG STRING_ARG
442 	{
443 		OUTYY(("P(rpz_log:%s)\n", $2));
444 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
445 			yyerror("expected yes or no.");
446 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
447 		free($2);
448 	}
449 	;
450 
451 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
452 	{
453 		OUTYY(("P(rpz_log_name:%s)\n", $2));
454 		free(cfg_parser->cfg->auths->rpz_log_name);
455 		cfg_parser->cfg->auths->rpz_log_name = $2;
456 	}
457 	;
458 
459 rpzstart: VAR_RPZ
460 	{
461 		struct config_auth* s;
462 		OUTYY(("\nP(rpz:)\n"));
463 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
464 		if(s) {
465 			s->next = cfg_parser->cfg->auths;
466 			cfg_parser->cfg->auths = s;
467 			/* defaults for RPZ auth zone */
468 			s->for_downstream = 0;
469 			s->for_upstream = 0;
470 			s->fallback_enabled = 0;
471 			s->isrpz = 1;
472 		} else {
473 			yyerror("out of memory");
474 		}
475 	}
476 	;
477 contents_rpz: contents_rpz content_rpz
478 	| ;
479 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
480 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
481 	   rpz_log | rpz_log_name
482 	;
483 server_num_threads: VAR_NUM_THREADS STRING_ARG
484 	{
485 		OUTYY(("P(server_num_threads:%s)\n", $2));
486 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
487 			yyerror("number expected");
488 		else cfg_parser->cfg->num_threads = atoi($2);
489 		free($2);
490 	}
491 	;
492 server_verbosity: VAR_VERBOSITY STRING_ARG
493 	{
494 		OUTYY(("P(server_verbosity:%s)\n", $2));
495 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
496 			yyerror("number expected");
497 		else cfg_parser->cfg->verbosity = atoi($2);
498 		free($2);
499 	}
500 	;
501 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
502 	{
503 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
504 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
505 			cfg_parser->cfg->stat_interval = 0;
506 		else if(atoi($2) == 0)
507 			yyerror("number expected");
508 		else cfg_parser->cfg->stat_interval = atoi($2);
509 		free($2);
510 	}
511 	;
512 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
513 	{
514 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
515 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
516 			yyerror("expected yes or no.");
517 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
518 		free($2);
519 	}
520 	;
521 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
522 	{
523 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
524 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
525 			yyerror("expected yes or no.");
526 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
527 		free($2);
528 	}
529 	;
530 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
531 	{
532 		OUTYY(("P(server_shm_enable:%s)\n", $2));
533 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
534 			yyerror("expected yes or no.");
535 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
536 		free($2);
537 	}
538 	;
539 server_shm_key: VAR_SHM_KEY STRING_ARG
540 	{
541 		OUTYY(("P(server_shm_key:%s)\n", $2));
542 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
543 			cfg_parser->cfg->shm_key = 0;
544 		else if(atoi($2) == 0)
545 			yyerror("number expected");
546 		else cfg_parser->cfg->shm_key = atoi($2);
547 		free($2);
548 	}
549 	;
550 server_port: VAR_PORT STRING_ARG
551 	{
552 		OUTYY(("P(server_port:%s)\n", $2));
553 		if(atoi($2) == 0)
554 			yyerror("port number expected");
555 		else cfg_parser->cfg->port = atoi($2);
556 		free($2);
557 	}
558 	;
559 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
560 	{
561 	#ifdef CLIENT_SUBNET
562 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
563 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
564 			fatal_exit("out of memory adding client-subnet");
565 	#else
566 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
567 		free($2);
568 	#endif
569 	}
570 	;
571 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
572 	{
573 	#ifdef CLIENT_SUBNET
574 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
575 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
576 			$2))
577 			fatal_exit("out of memory adding client-subnet-zone");
578 	#else
579 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
580 		free($2);
581 	#endif
582 	}
583 	;
584 server_client_subnet_always_forward:
585 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
586 	{
587 	#ifdef CLIENT_SUBNET
588 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
589 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
590 			yyerror("expected yes or no.");
591 		else
592 			cfg_parser->cfg->client_subnet_always_forward =
593 				(strcmp($2, "yes")==0);
594 	#else
595 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
596 	#endif
597 		free($2);
598 	}
599 	;
600 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
601 	{
602 	#ifdef CLIENT_SUBNET
603 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
604 		OUTYY(("P(Deprecated option, ignoring)\n"));
605 	#else
606 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
607 	#endif
608 		free($2);
609 	}
610 	;
611 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
612 	{
613 	#ifdef CLIENT_SUBNET
614 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
615 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
616 			yyerror("IPv4 subnet length expected");
617 		else if (atoi($2) > 32)
618 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
619 		else if (atoi($2) < 0)
620 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
621 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
622 	#else
623 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
624 	#endif
625 		free($2);
626 	}
627 	;
628 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
629 	{
630 	#ifdef CLIENT_SUBNET
631 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
632 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
633 			yyerror("Ipv6 subnet length expected");
634 		else if (atoi($2) > 128)
635 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
636 		else if (atoi($2) < 0)
637 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
638 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
639 	#else
640 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
641 	#endif
642 		free($2);
643 	}
644 	;
645 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
646 	{
647 	#ifdef CLIENT_SUBNET
648 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
649 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
650 			yyerror("IPv4 subnet length expected");
651 		else if (atoi($2) > 32)
652 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
653 		else if (atoi($2) < 0)
654 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
655 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
656 	#else
657 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
658 	#endif
659 		free($2);
660 	}
661 	;
662 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
663 	{
664 	#ifdef CLIENT_SUBNET
665 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
666 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
667 			yyerror("Ipv6 subnet length expected");
668 		else if (atoi($2) > 128)
669 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
670 		else if (atoi($2) < 0)
671 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
672 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
673 	#else
674 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
675 	#endif
676 		free($2);
677 	}
678 	;
679 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
680 	{
681 	#ifdef CLIENT_SUBNET
682 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
683 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
684 			yyerror("IPv4 ECS tree size expected");
685 		else if (atoi($2) < 0)
686 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
687 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
688 	#else
689 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
690 	#endif
691 		free($2);
692 	}
693 	;
694 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
695 	{
696 	#ifdef CLIENT_SUBNET
697 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
698 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
699 			yyerror("IPv6 ECS tree size expected");
700 		else if (atoi($2) < 0)
701 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
702 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
703 	#else
704 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
705 	#endif
706 		free($2);
707 	}
708 	;
709 server_interface: VAR_INTERFACE STRING_ARG
710 	{
711 		OUTYY(("P(server_interface:%s)\n", $2));
712 		if(cfg_parser->cfg->num_ifs == 0)
713 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
714 		else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
715 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
716 		if(!cfg_parser->cfg->ifs)
717 			yyerror("out of memory");
718 		else
719 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
720 	}
721 	;
722 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
723 	{
724 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
725 		if(cfg_parser->cfg->num_out_ifs == 0)
726 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
727 		else cfg_parser->cfg->out_ifs = realloc(
728 			cfg_parser->cfg->out_ifs,
729 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
730 		if(!cfg_parser->cfg->out_ifs)
731 			yyerror("out of memory");
732 		else
733 			cfg_parser->cfg->out_ifs[
734 				cfg_parser->cfg->num_out_ifs++] = $2;
735 	}
736 	;
737 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
738 	{
739 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
740 		if(atoi($2) == 0)
741 			yyerror("number expected");
742 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
743 		free($2);
744 	}
745 	;
746 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
747 	{
748 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
749 		if(!cfg_mark_ports($2, 1,
750 			cfg_parser->cfg->outgoing_avail_ports, 65536))
751 			yyerror("port number or range (\"low-high\") expected");
752 		free($2);
753 	}
754 	;
755 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
756 	{
757 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
758 		if(!cfg_mark_ports($2, 0,
759 			cfg_parser->cfg->outgoing_avail_ports, 65536))
760 			yyerror("port number or range (\"low-high\") expected");
761 		free($2);
762 	}
763 	;
764 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
765 	{
766 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
767 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
768 			yyerror("number expected");
769 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
770 		free($2);
771 	}
772 	;
773 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
774 	{
775 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
776 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
777 			yyerror("number expected");
778 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
779 		free($2);
780 	}
781 	;
782 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
783 	{
784 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
785 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
786 			yyerror("expected yes or no.");
787 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
788 		free($2);
789 	}
790 	;
791 server_do_ip4: VAR_DO_IP4 STRING_ARG
792 	{
793 		OUTYY(("P(server_do_ip4:%s)\n", $2));
794 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
795 			yyerror("expected yes or no.");
796 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
797 		free($2);
798 	}
799 	;
800 server_do_ip6: VAR_DO_IP6 STRING_ARG
801 	{
802 		OUTYY(("P(server_do_ip6:%s)\n", $2));
803 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
804 			yyerror("expected yes or no.");
805 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
806 		free($2);
807 	}
808 	;
809 server_do_udp: VAR_DO_UDP STRING_ARG
810 	{
811 		OUTYY(("P(server_do_udp:%s)\n", $2));
812 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
813 			yyerror("expected yes or no.");
814 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
815 		free($2);
816 	}
817 	;
818 server_do_tcp: VAR_DO_TCP STRING_ARG
819 	{
820 		OUTYY(("P(server_do_tcp:%s)\n", $2));
821 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
822 			yyerror("expected yes or no.");
823 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
824 		free($2);
825 	}
826 	;
827 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
828 	{
829 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
830 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
831 			yyerror("expected yes or no.");
832 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
833 		free($2);
834 	}
835 	;
836 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
837 	{
838 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
839 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
840 			yyerror("expected yes or no.");
841 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
842 		free($2);
843 	}
844 	;
845 server_tcp_mss: VAR_TCP_MSS STRING_ARG
846 	{
847 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
848 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
849 				yyerror("number expected");
850 		else cfg_parser->cfg->tcp_mss = atoi($2);
851 		free($2);
852 	}
853 	;
854 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
855 	{
856 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
857 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
858 			yyerror("number expected");
859 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
860 		free($2);
861 	}
862 	;
863 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
864 	{
865 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
866 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
867 			yyerror("number expected");
868 		else if (atoi($2) > 120000)
869 			cfg_parser->cfg->tcp_idle_timeout = 120000;
870 		else if (atoi($2) < 1)
871 			cfg_parser->cfg->tcp_idle_timeout = 1;
872 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
873 		free($2);
874 	}
875 	;
876 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
877 	{
878 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
879 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
880 			yyerror("number expected");
881 		else if (atoi($2) < 1)
882 			cfg_parser->cfg->max_reuse_tcp_queries = 0;
883 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
884 		free($2);
885 	}
886 	;
887 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
888 	{
889 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
890 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
891 			yyerror("number expected");
892 		else if (atoi($2) < 1)
893 			cfg_parser->cfg->tcp_reuse_timeout = 0;
894 		else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
895 		free($2);
896 	}
897 	;
898 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
899 	{
900 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
901 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
902 			yyerror("number expected");
903 		else if (atoi($2) < 1)
904 			cfg_parser->cfg->tcp_auth_query_timeout = 0;
905 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
906 		free($2);
907 	}
908 	;
909 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
910 	{
911 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
912 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
913 			yyerror("expected yes or no.");
914 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
915 		free($2);
916 	}
917 	;
918 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
919 	{
920 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
921 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
922 			yyerror("number expected");
923 		else if (atoi($2) > 6553500)
924 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
925 		else if (atoi($2) < 1)
926 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
927 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
928 		free($2);
929 	}
930 	;
931 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
932 	{
933 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
934 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
935 			yyerror("expected yes or no.");
936 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
937 		free($2);
938 	}
939 	;
940 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
941 	{
942 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
943 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
944 			yyerror("expected yes or no.");
945 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
946 		free($2);
947 	}
948 	;
949 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
950 	{
951 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
952 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
953 			yyerror("expected yes or no.");
954 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
955 		free($2);
956 	}
957 	;
958 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
959 	{
960 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
961 		free(cfg_parser->cfg->ssl_service_key);
962 		cfg_parser->cfg->ssl_service_key = $2;
963 	}
964 	;
965 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
966 	{
967 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
968 		free(cfg_parser->cfg->ssl_service_pem);
969 		cfg_parser->cfg->ssl_service_pem = $2;
970 	}
971 	;
972 server_ssl_port: VAR_SSL_PORT STRING_ARG
973 	{
974 		OUTYY(("P(server_ssl_port:%s)\n", $2));
975 		if(atoi($2) == 0)
976 			yyerror("port number expected");
977 		else cfg_parser->cfg->ssl_port = atoi($2);
978 		free($2);
979 	}
980 	;
981 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
982 	{
983 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
984 		free(cfg_parser->cfg->tls_cert_bundle);
985 		cfg_parser->cfg->tls_cert_bundle = $2;
986 	}
987 	;
988 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
989 	{
990 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
991 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
992 			yyerror("expected yes or no.");
993 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
994 		free($2);
995 	}
996 	;
997 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
998 	{
999 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1000 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1001 			$2))
1002 			yyerror("out of memory");
1003 	}
1004 	;
1005 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1006 	{
1007 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1008 		free(cfg_parser->cfg->tls_ciphers);
1009 		cfg_parser->cfg->tls_ciphers = $2;
1010 	}
1011 	;
1012 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1013 	{
1014 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1015 		free(cfg_parser->cfg->tls_ciphersuites);
1016 		cfg_parser->cfg->tls_ciphersuites = $2;
1017 	}
1018 	;
1019 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1020 	{
1021 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1022 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1023 			$2))
1024 			yyerror("out of memory");
1025 	}
1026 	;
1027 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1028 	{
1029 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1030 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1031 			yyerror("expected yes or no.");
1032 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1033 		free($2);
1034 	}
1035 	;
1036 server_https_port: VAR_HTTPS_PORT STRING_ARG
1037 	{
1038 		OUTYY(("P(server_https_port:%s)\n", $2));
1039 		if(atoi($2) == 0)
1040 			yyerror("port number expected");
1041 		else cfg_parser->cfg->https_port = atoi($2);
1042 		free($2);
1043 	};
1044 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1045 	{
1046 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
1047 		free(cfg_parser->cfg->http_endpoint);
1048 		if($2 && $2[0] != '/') {
1049 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1050 			if(!cfg_parser->cfg->http_endpoint)
1051 				yyerror("out of memory");
1052 			cfg_parser->cfg->http_endpoint[0] = '/';
1053 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
1054 				strlen($2)+1);
1055 			free($2);
1056 		} else {
1057 			cfg_parser->cfg->http_endpoint = $2;
1058 		}
1059 	};
1060 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1061 	{
1062 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1063 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1064 			yyerror("number expected");
1065 		else cfg_parser->cfg->http_max_streams = atoi($2);
1066 		free($2);
1067 	};
1068 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1069 	{
1070 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1071 		if(!cfg_parse_memsize($2,
1072 			&cfg_parser->cfg->http_query_buffer_size))
1073 			yyerror("memory size expected");
1074 		free($2);
1075 	};
1076 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1077 	{
1078 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1079 		if(!cfg_parse_memsize($2,
1080 			&cfg_parser->cfg->http_response_buffer_size))
1081 			yyerror("memory size expected");
1082 		free($2);
1083 	};
1084 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1085 	{
1086 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1087 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1088 			yyerror("expected yes or no.");
1089 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1090 		free($2);
1091 	}
1092 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1093 	{
1094 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1095 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1096 			yyerror("expected yes or no.");
1097 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1098 		free($2);
1099 	};
1100 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1101 	{
1102 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1103 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1104 			yyerror("expected yes or no.");
1105 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1106 		free($2);
1107 	}
1108 	;
1109 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1110 	{
1111 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1112 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1113 			yyerror("expected yes or no.");
1114 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1115 		free($2);
1116 	}
1117 	;
1118 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1119 	{
1120 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1121 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1122 			yyerror("expected yes or no.");
1123 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1124 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1125 		if(strcmp($2, "yes") == 0)
1126 			yyerror("no syslog services are available. "
1127 				"(reconfigure and compile to add)");
1128 #endif
1129 		free($2);
1130 	}
1131 	;
1132 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1133 	{
1134 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1135 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1136 			yyerror("expected yes or no.");
1137 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1138 		free($2);
1139 	}
1140 	;
1141 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1142 	{
1143 		OUTYY(("P(server_log_queries:%s)\n", $2));
1144 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1145 			yyerror("expected yes or no.");
1146 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1147 		free($2);
1148 	}
1149 	;
1150 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1151 	{
1152 		OUTYY(("P(server_log_replies:%s)\n", $2));
1153 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1154 			yyerror("expected yes or no.");
1155 		else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1156 		free($2);
1157 	}
1158 	;
1159 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1160 	{
1161 		OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1162 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1163 			yyerror("expected yes or no.");
1164 		else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1165 		free($2);
1166 	}
1167 	;
1168 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1169 	{
1170 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1171 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1172 			yyerror("expected yes or no.");
1173 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1174 		free($2);
1175 	}
1176 	;
1177 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1178 	{
1179 		OUTYY(("P(server_log_local_actions:%s)\n", $2));
1180 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1181 			yyerror("expected yes or no.");
1182 		else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1183 		free($2);
1184 	}
1185 	;
1186 server_chroot: VAR_CHROOT STRING_ARG
1187 	{
1188 		OUTYY(("P(server_chroot:%s)\n", $2));
1189 		free(cfg_parser->cfg->chrootdir);
1190 		cfg_parser->cfg->chrootdir = $2;
1191 	}
1192 	;
1193 server_username: VAR_USERNAME STRING_ARG
1194 	{
1195 		OUTYY(("P(server_username:%s)\n", $2));
1196 		free(cfg_parser->cfg->username);
1197 		cfg_parser->cfg->username = $2;
1198 	}
1199 	;
1200 server_directory: VAR_DIRECTORY STRING_ARG
1201 	{
1202 		OUTYY(("P(server_directory:%s)\n", $2));
1203 		free(cfg_parser->cfg->directory);
1204 		cfg_parser->cfg->directory = $2;
1205 		/* change there right away for includes relative to this */
1206 		if($2[0]) {
1207 			char* d;
1208 #ifdef UB_ON_WINDOWS
1209 			w_config_adjust_directory(cfg_parser->cfg);
1210 #endif
1211 			d = cfg_parser->cfg->directory;
1212 			/* adjust directory if we have already chroot,
1213 			 * like, we reread after sighup */
1214 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1215 				strncmp(d, cfg_parser->chroot, strlen(
1216 				cfg_parser->chroot)) == 0)
1217 				d += strlen(cfg_parser->chroot);
1218 			if(d[0]) {
1219 				if(chdir(d))
1220 				log_err("cannot chdir to directory: %s (%s)",
1221 					d, strerror(errno));
1222 			}
1223 		}
1224 	}
1225 	;
1226 server_logfile: VAR_LOGFILE STRING_ARG
1227 	{
1228 		OUTYY(("P(server_logfile:%s)\n", $2));
1229 		free(cfg_parser->cfg->logfile);
1230 		cfg_parser->cfg->logfile = $2;
1231 		cfg_parser->cfg->use_syslog = 0;
1232 	}
1233 	;
1234 server_pidfile: VAR_PIDFILE STRING_ARG
1235 	{
1236 		OUTYY(("P(server_pidfile:%s)\n", $2));
1237 		free(cfg_parser->cfg->pidfile);
1238 		cfg_parser->cfg->pidfile = $2;
1239 	}
1240 	;
1241 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1242 	{
1243 		OUTYY(("P(server_root_hints:%s)\n", $2));
1244 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1245 			yyerror("out of memory");
1246 	}
1247 	;
1248 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1249 	{
1250 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1251 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1252 		free($2);
1253 	}
1254 	;
1255 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1256 	{
1257 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1258 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1259 		free($2);
1260 	}
1261 	;
1262 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1263 	{
1264 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1265 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1266 			auto_trust_anchor_file_list, $2))
1267 			yyerror("out of memory");
1268 	}
1269 	;
1270 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1271 	{
1272 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1273 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1274 			trust_anchor_file_list, $2))
1275 			yyerror("out of memory");
1276 	}
1277 	;
1278 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1279 	{
1280 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1281 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1282 			trusted_keys_file_list, $2))
1283 			yyerror("out of memory");
1284 	}
1285 	;
1286 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1287 	{
1288 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1289 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1290 			yyerror("out of memory");
1291 	}
1292 	;
1293 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1294 	{
1295 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1296 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1297 			yyerror("expected yes or no.");
1298 		else
1299 			cfg_parser->cfg->trust_anchor_signaling =
1300 				(strcmp($2, "yes")==0);
1301 		free($2);
1302 	}
1303 	;
1304 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1305 	{
1306 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1307 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1308 			yyerror("expected yes or no.");
1309 		else
1310 			cfg_parser->cfg->root_key_sentinel =
1311 				(strcmp($2, "yes")==0);
1312 		free($2);
1313 	}
1314 	;
1315 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1316 	{
1317 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1318 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1319 			yyerror("out of memory");
1320 	}
1321 	;
1322 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1323 	{
1324 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1325 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1326 			yyerror("expected yes or no.");
1327 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1328 		free($2);
1329 	}
1330 	;
1331 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1332 	{
1333 		OUTYY(("P(server_hide_version:%s)\n", $2));
1334 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1335 			yyerror("expected yes or no.");
1336 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1337 		free($2);
1338 	}
1339 	;
1340 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1341 	{
1342 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1343 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1344 			yyerror("expected yes or no.");
1345 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1346 		free($2);
1347 	}
1348 	;
1349 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1350 	{
1351 		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1352 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1353 			yyerror("expected yes or no.");
1354 		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1355 		free($2);
1356 	}
1357 	;
1358 server_identity: VAR_IDENTITY STRING_ARG
1359 	{
1360 		OUTYY(("P(server_identity:%s)\n", $2));
1361 		free(cfg_parser->cfg->identity);
1362 		cfg_parser->cfg->identity = $2;
1363 	}
1364 	;
1365 server_version: VAR_VERSION STRING_ARG
1366 	{
1367 		OUTYY(("P(server_version:%s)\n", $2));
1368 		free(cfg_parser->cfg->version);
1369 		cfg_parser->cfg->version = $2;
1370 	}
1371 	;
1372 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1373 	{
1374 		OUTYY(("P(server_http_user_agent:%s)\n", $2));
1375 		free(cfg_parser->cfg->http_user_agent);
1376 		cfg_parser->cfg->http_user_agent = $2;
1377 	}
1378 	;
1379 server_nsid: VAR_NSID STRING_ARG
1380 	{
1381 		OUTYY(("P(server_nsid:%s)\n", $2));
1382 		free(cfg_parser->cfg->nsid_cfg_str);
1383 		cfg_parser->cfg->nsid_cfg_str = $2;
1384 		free(cfg_parser->cfg->nsid);
1385 		cfg_parser->cfg->nsid = NULL;
1386 		cfg_parser->cfg->nsid_len = 0;
1387 		if (*$2 == 0)
1388 			; /* pass; empty string is not setting nsid */
1389 		else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1390 					$2, &cfg_parser->cfg->nsid_len)))
1391 			yyerror("the NSID must be either a hex string or an "
1392 			    "ascii character string prepended with ascii_.");
1393 	}
1394 	;
1395 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1396 	{
1397 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1398 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1399 			yyerror("buffer size expected");
1400 		free($2);
1401 	}
1402 	;
1403 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1404 	{
1405 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1406 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1407 			yyerror("buffer size expected");
1408 		free($2);
1409 	}
1410 	;
1411 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1412 	{
1413 		OUTYY(("P(server_so_reuseport:%s)\n", $2));
1414 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1415 			yyerror("expected yes or no.");
1416 		else cfg_parser->cfg->so_reuseport =
1417 			(strcmp($2, "yes")==0);
1418 		free($2);
1419 	}
1420 	;
1421 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1422 	{
1423 		OUTYY(("P(server_ip_transparent:%s)\n", $2));
1424 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1425 			yyerror("expected yes or no.");
1426 		else cfg_parser->cfg->ip_transparent =
1427 			(strcmp($2, "yes")==0);
1428 		free($2);
1429 	}
1430 	;
1431 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1432 	{
1433 		OUTYY(("P(server_ip_freebind:%s)\n", $2));
1434 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1435 			yyerror("expected yes or no.");
1436 		else cfg_parser->cfg->ip_freebind =
1437 			(strcmp($2, "yes")==0);
1438 		free($2);
1439 	}
1440 	;
1441 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1442 	{
1443 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1444 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1445 			yyerror("number expected");
1446 		else if (atoi($2) > 63)
1447 			yyerror("value too large (max 63)");
1448 		else if (atoi($2) < 0)
1449 			yyerror("value too small (min 0)");
1450 		else
1451 			cfg_parser->cfg->ip_dscp = atoi($2);
1452 		free($2);
1453 	}
1454 	;
1455 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1456 	{
1457 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1458 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1459 			yyerror("memory size expected");
1460 		free($2);
1461 	}
1462 	;
1463 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1464 	{
1465 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1466 		if(atoi($2) == 0)
1467 			yyerror("number expected");
1468 		else if (atoi($2) < 12)
1469 			yyerror("edns buffer size too small");
1470 		else if (atoi($2) > 65535)
1471 			cfg_parser->cfg->edns_buffer_size = 65535;
1472 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1473 		free($2);
1474 	}
1475 	;
1476 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1477 	{
1478 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1479 		if(atoi($2) == 0)
1480 			yyerror("number expected");
1481 		else if (atoi($2) < 4096)
1482 			yyerror("message buffer size too small (use 4096)");
1483 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1484 		free($2);
1485 	}
1486 	;
1487 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1488 	{
1489 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1490 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1491 			yyerror("memory size expected");
1492 		free($2);
1493 	}
1494 	;
1495 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1496 	{
1497 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1498 		if(atoi($2) == 0) {
1499 			yyerror("number expected");
1500 		} else {
1501 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1502 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1503 				yyerror("must be a power of 2");
1504 		}
1505 		free($2);
1506 	}
1507 	;
1508 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1509 	{
1510 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1511 		if(atoi($2) == 0)
1512 			yyerror("number expected");
1513 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1514 		free($2);
1515 	}
1516 	;
1517 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1518 	{
1519 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1520 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1521 			yyerror("number expected");
1522 		else cfg_parser->cfg->jostle_time = atoi($2);
1523 		free($2);
1524 	}
1525 	;
1526 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1527 	{
1528 		OUTYY(("P(server_delay_close:%s)\n", $2));
1529 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1530 			yyerror("number expected");
1531 		else cfg_parser->cfg->delay_close = atoi($2);
1532 		free($2);
1533 	}
1534 	;
1535 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1536 	{
1537 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1538 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1539 			yyerror("expected yes or no.");
1540 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1541 		free($2);
1542 	}
1543 	;
1544 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1545 	{
1546 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1547 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1548 			yyerror("expected yes or no.");
1549 		else cfg_parser->cfg->unblock_lan_zones =
1550 			(strcmp($2, "yes")==0);
1551 		free($2);
1552 	}
1553 	;
1554 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1555 	{
1556 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1557 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1558 			yyerror("expected yes or no.");
1559 		else cfg_parser->cfg->insecure_lan_zones =
1560 			(strcmp($2, "yes")==0);
1561 		free($2);
1562 	}
1563 	;
1564 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1565 	{
1566 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1567 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1568 			yyerror("memory size expected");
1569 		free($2);
1570 	}
1571 	;
1572 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1573 	{
1574 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1575 		if(atoi($2) == 0) {
1576 			yyerror("number expected");
1577 		} else {
1578 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1579 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1580 				yyerror("must be a power of 2");
1581 		}
1582 		free($2);
1583 	}
1584 	;
1585 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1586 	{
1587 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1588 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1589 			yyerror("number expected");
1590 		else cfg_parser->cfg->host_ttl = atoi($2);
1591 		free($2);
1592 	}
1593 	;
1594 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1595 	{
1596 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1597 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1598 			"removed, use infra-host-ttl)", $2);
1599 		free($2);
1600 	}
1601 	;
1602 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1603 	{
1604 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1605 		if(atoi($2) == 0)
1606 			yyerror("number expected");
1607 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1608 		free($2);
1609 	}
1610 	;
1611 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1612 	{
1613 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1614 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1615 			"(option removed, use infra-cache-numhosts)", $2);
1616 		free($2);
1617 	}
1618 	;
1619 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1620 	{
1621 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1622 		if(atoi($2) == 0) {
1623 			yyerror("number expected");
1624 		} else {
1625 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1626 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1627 				yyerror("must be a power of 2");
1628 		}
1629 		free($2);
1630 	}
1631 	;
1632 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1633 	{
1634 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1635 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1636 			yyerror("number expected");
1637 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1638 		free($2);
1639 	}
1640 	;
1641 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1642 	{
1643 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1644 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1645 			yyerror("expected yes or no.");
1646 		else cfg_parser->cfg->infra_keep_probing =
1647 			(strcmp($2, "yes")==0);
1648 		free($2);
1649 	}
1650 	;
1651 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1652 	{
1653 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1654 		free(cfg_parser->cfg->target_fetch_policy);
1655 		cfg_parser->cfg->target_fetch_policy = $2;
1656 	}
1657 	;
1658 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1659 	{
1660 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1661 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1662 			yyerror("expected yes or no.");
1663 		else cfg_parser->cfg->harden_short_bufsize =
1664 			(strcmp($2, "yes")==0);
1665 		free($2);
1666 	}
1667 	;
1668 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1669 	{
1670 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1671 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1672 			yyerror("expected yes or no.");
1673 		else cfg_parser->cfg->harden_large_queries =
1674 			(strcmp($2, "yes")==0);
1675 		free($2);
1676 	}
1677 	;
1678 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1679 	{
1680 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1681 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1682 			yyerror("expected yes or no.");
1683 		else cfg_parser->cfg->harden_glue =
1684 			(strcmp($2, "yes")==0);
1685 		free($2);
1686 	}
1687 	;
1688 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1689 	{
1690 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1691 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1692 			yyerror("expected yes or no.");
1693 		else cfg_parser->cfg->harden_dnssec_stripped =
1694 			(strcmp($2, "yes")==0);
1695 		free($2);
1696 	}
1697 	;
1698 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1699 	{
1700 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1701 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1702 			yyerror("expected yes or no.");
1703 		else cfg_parser->cfg->harden_below_nxdomain =
1704 			(strcmp($2, "yes")==0);
1705 		free($2);
1706 	}
1707 	;
1708 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1709 	{
1710 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1711 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1712 			yyerror("expected yes or no.");
1713 		else cfg_parser->cfg->harden_referral_path =
1714 			(strcmp($2, "yes")==0);
1715 		free($2);
1716 	}
1717 	;
1718 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1719 	{
1720 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1721 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1722 			yyerror("expected yes or no.");
1723 		else cfg_parser->cfg->harden_algo_downgrade =
1724 			(strcmp($2, "yes")==0);
1725 		free($2);
1726 	}
1727 	;
1728 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1729 	{
1730 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1731 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1732 			yyerror("expected yes or no.");
1733 		else cfg_parser->cfg->use_caps_bits_for_id =
1734 			(strcmp($2, "yes")==0);
1735 		free($2);
1736 	}
1737 	;
1738 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1739 	{
1740 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1741 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1742 			yyerror("out of memory");
1743 	}
1744 	;
1745 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1746 	{
1747 		OUTYY(("P(server_private_address:%s)\n", $2));
1748 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1749 			yyerror("out of memory");
1750 	}
1751 	;
1752 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1753 	{
1754 		OUTYY(("P(server_private_domain:%s)\n", $2));
1755 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1756 			yyerror("out of memory");
1757 	}
1758 	;
1759 server_prefetch: VAR_PREFETCH STRING_ARG
1760 	{
1761 		OUTYY(("P(server_prefetch:%s)\n", $2));
1762 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1763 			yyerror("expected yes or no.");
1764 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1765 		free($2);
1766 	}
1767 	;
1768 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1769 	{
1770 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1771 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1772 			yyerror("expected yes or no.");
1773 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1774 		free($2);
1775 	}
1776 	;
1777 server_deny_any: VAR_DENY_ANY STRING_ARG
1778 	{
1779 		OUTYY(("P(server_deny_any:%s)\n", $2));
1780 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1781 			yyerror("expected yes or no.");
1782 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1783 		free($2);
1784 	}
1785 	;
1786 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1787 	{
1788 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1789 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1790 			yyerror("number expected");
1791 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1792 		free($2);
1793 	}
1794 	;
1795 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1796 	{
1797 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1798 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1799 			yyerror("out of memory");
1800 	}
1801 	;
1802 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1803 	{
1804 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1805 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1806 			yyerror("expected yes or no.");
1807 		else cfg_parser->cfg->donotquery_localhost =
1808 			(strcmp($2, "yes")==0);
1809 		free($2);
1810 	}
1811 	;
1812 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1813 	{
1814 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1815 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1816 			strcmp($3, "deny_non_local")!=0 &&
1817 			strcmp($3, "refuse_non_local")!=0 &&
1818 			strcmp($3, "allow_setrd")!=0 &&
1819 			strcmp($3, "allow")!=0 &&
1820 			strcmp($3, "allow_snoop")!=0) {
1821 			yyerror("expected deny, refuse, deny_non_local, "
1822 				"refuse_non_local, allow, allow_setrd or "
1823 				"allow_snoop in access control action");
1824 			free($2);
1825 			free($3);
1826 		} else {
1827 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1828 				fatal_exit("out of memory adding acl");
1829 		}
1830 	}
1831 	;
1832 server_module_conf: VAR_MODULE_CONF STRING_ARG
1833 	{
1834 		OUTYY(("P(server_module_conf:%s)\n", $2));
1835 		free(cfg_parser->cfg->module_conf);
1836 		cfg_parser->cfg->module_conf = $2;
1837 	}
1838 	;
1839 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1840 	{
1841 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1842 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1843 			cfg_parser->cfg->val_date_override = 0;
1844 		} else if(strlen($2) == 14) {
1845 			cfg_parser->cfg->val_date_override =
1846 				cfg_convert_timeval($2);
1847 			if(!cfg_parser->cfg->val_date_override)
1848 				yyerror("bad date/time specification");
1849 		} else {
1850 			if(atoi($2) == 0)
1851 				yyerror("number expected");
1852 			cfg_parser->cfg->val_date_override = atoi($2);
1853 		}
1854 		free($2);
1855 	}
1856 	;
1857 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1858 	{
1859 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1860 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1861 			cfg_parser->cfg->val_sig_skew_min = 0;
1862 		} else {
1863 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1864 			if(!cfg_parser->cfg->val_sig_skew_min)
1865 				yyerror("number expected");
1866 		}
1867 		free($2);
1868 	}
1869 	;
1870 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1871 	{
1872 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1873 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1874 			cfg_parser->cfg->val_sig_skew_max = 0;
1875 		} else {
1876 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1877 			if(!cfg_parser->cfg->val_sig_skew_max)
1878 				yyerror("number expected");
1879 		}
1880 		free($2);
1881 	}
1882 	;
1883 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1884 	{
1885 		OUTYY(("P(server_val_max_restart:%s)\n", $2));
1886 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1887 			cfg_parser->cfg->val_max_restart = 0;
1888 		} else {
1889 			cfg_parser->cfg->val_max_restart = atoi($2);
1890 			if(!cfg_parser->cfg->val_max_restart)
1891 				yyerror("number expected");
1892 		}
1893 		free($2);
1894 	}
1895 	;
1896 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1897 	{
1898 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1899 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1900 			yyerror("number expected");
1901 		else cfg_parser->cfg->max_ttl = atoi($2);
1902 		free($2);
1903 	}
1904 	;
1905 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1906 	{
1907 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1908 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1909 			yyerror("number expected");
1910 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1911 		free($2);
1912 	}
1913 	;
1914 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1915 	{
1916 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1917 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1918 			yyerror("number expected");
1919 		else cfg_parser->cfg->min_ttl = atoi($2);
1920 		free($2);
1921 	}
1922 	;
1923 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1924 	{
1925 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1926 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1927 			yyerror("number expected");
1928 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1929 		free($2);
1930 	}
1931 	;
1932 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1933 	{
1934 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1935 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1936 			yyerror("expected yes or no.");
1937 		else cfg_parser->cfg->val_clean_additional =
1938 			(strcmp($2, "yes")==0);
1939 		free($2);
1940 	}
1941 	;
1942 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1943 	{
1944 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1945 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1946 			yyerror("expected yes or no.");
1947 		else cfg_parser->cfg->val_permissive_mode =
1948 			(strcmp($2, "yes")==0);
1949 		free($2);
1950 	}
1951 	;
1952 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1953 	{
1954 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1955 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1956 			yyerror("expected yes or no.");
1957 		else
1958 			cfg_parser->cfg->aggressive_nsec =
1959 				(strcmp($2, "yes")==0);
1960 		free($2);
1961 	}
1962 	;
1963 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1964 	{
1965 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1966 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1967 			yyerror("expected yes or no.");
1968 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1969 		free($2);
1970 	}
1971 	;
1972 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1973 	{
1974 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1975 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1976 			yyerror("expected yes or no.");
1977 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1978 		free($2);
1979 	}
1980 	;
1981 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1982 	{
1983 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1984 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1985 			yyerror("number expected");
1986 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1987 		free($2);
1988 	}
1989 	;
1990 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1991 	{
1992 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1993 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1994 			yyerror("expected yes or no.");
1995 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1996 		free($2);
1997 	}
1998 	;
1999 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2000 	{
2001 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2002 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2003 			yyerror("number expected");
2004 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2005 		free($2);
2006 	}
2007 	;
2008 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2009 	{
2010 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2011 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2012 			yyerror("number expected");
2013 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2014 		free($2);
2015 	}
2016 	;
2017 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2018 	{
2019 		OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2020 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2021 			yyerror("expected yes or no.");
2022 		else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2023 		free($2);
2024 	}
2025 	;
2026 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2027 	{
2028 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
2029 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2030 			yyerror("expected yes or no.");
2031 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2032 		else fake_dsa = (strcmp($2, "yes")==0);
2033 		if(fake_dsa)
2034 			log_warn("test option fake_dsa is enabled");
2035 #endif
2036 		free($2);
2037 	}
2038 	;
2039 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2040 	{
2041 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
2042 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2043 			yyerror("expected yes or no.");
2044 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2045 		else fake_sha1 = (strcmp($2, "yes")==0);
2046 		if(fake_sha1)
2047 			log_warn("test option fake_sha1 is enabled");
2048 #endif
2049 		free($2);
2050 	}
2051 	;
2052 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2053 	{
2054 		OUTYY(("P(server_val_log_level:%s)\n", $2));
2055 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2056 			yyerror("number expected");
2057 		else cfg_parser->cfg->val_log_level = atoi($2);
2058 		free($2);
2059 	}
2060 	;
2061 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2062 	{
2063 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2064 		free(cfg_parser->cfg->val_nsec3_key_iterations);
2065 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
2066 	}
2067 	;
2068 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2069 	{
2070 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2071 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2072 			yyerror("expected yes or no.");
2073 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2074 		free($2);
2075 	}
2076 	;
2077 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2078 	{
2079 		OUTYY(("P(server_add_holddown:%s)\n", $2));
2080 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2081 			yyerror("number expected");
2082 		else cfg_parser->cfg->add_holddown = atoi($2);
2083 		free($2);
2084 	}
2085 	;
2086 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2087 	{
2088 		OUTYY(("P(server_del_holddown:%s)\n", $2));
2089 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2090 			yyerror("number expected");
2091 		else cfg_parser->cfg->del_holddown = atoi($2);
2092 		free($2);
2093 	}
2094 	;
2095 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2096 	{
2097 		OUTYY(("P(server_keep_missing:%s)\n", $2));
2098 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2099 			yyerror("number expected");
2100 		else cfg_parser->cfg->keep_missing = atoi($2);
2101 		free($2);
2102 	}
2103 	;
2104 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2105 	{
2106 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2107 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2108 			yyerror("expected yes or no.");
2109 		else cfg_parser->cfg->permit_small_holddown =
2110 			(strcmp($2, "yes")==0);
2111 		free($2);
2112 	}
2113 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2114 	{
2115 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
2116 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2117 			yyerror("memory size expected");
2118 		free($2);
2119 	}
2120 	;
2121 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2122 	{
2123 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2124 		if(atoi($2) == 0) {
2125 			yyerror("number expected");
2126 		} else {
2127 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2128 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2129 				yyerror("must be a power of 2");
2130 		}
2131 		free($2);
2132 	}
2133 	;
2134 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2135 	{
2136 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2137 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2138 			yyerror("memory size expected");
2139 		free($2);
2140 	}
2141 	;
2142 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2143 	{
2144 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2145 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2146 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2147 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2148 		   && strcmp($3, "typetransparent")!=0
2149 		   && strcmp($3, "always_transparent")!=0
2150 		   && strcmp($3, "always_refuse")!=0
2151 		   && strcmp($3, "always_nxdomain")!=0
2152 		   && strcmp($3, "always_nodata")!=0
2153 		   && strcmp($3, "always_deny")!=0
2154 		   && strcmp($3, "always_null")!=0
2155 		   && strcmp($3, "noview")!=0
2156 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2157 		   && strcmp($3, "inform_redirect") != 0
2158 			 && strcmp($3, "ipset") != 0) {
2159 			yyerror("local-zone type: expected static, deny, "
2160 				"refuse, redirect, transparent, "
2161 				"typetransparent, inform, inform_deny, "
2162 				"inform_redirect, always_transparent, "
2163 				"always_refuse, always_nxdomain, "
2164 				"always_nodata, always_deny, always_null, "
2165 				"noview, nodefault or ipset");
2166 			free($2);
2167 			free($3);
2168 		} else if(strcmp($3, "nodefault")==0) {
2169 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2170 				local_zones_nodefault, $2))
2171 				fatal_exit("out of memory adding local-zone");
2172 			free($3);
2173 #ifdef USE_IPSET
2174 		} else if(strcmp($3, "ipset")==0) {
2175 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2176 				local_zones_ipset, $2))
2177 				fatal_exit("out of memory adding local-zone");
2178 			free($3);
2179 #endif
2180 		} else {
2181 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2182 				$2, $3))
2183 				fatal_exit("out of memory adding local-zone");
2184 		}
2185 	}
2186 	;
2187 server_local_data: VAR_LOCAL_DATA STRING_ARG
2188 	{
2189 		OUTYY(("P(server_local_data:%s)\n", $2));
2190 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2191 			fatal_exit("out of memory adding local-data");
2192 	}
2193 	;
2194 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2195 	{
2196 		char* ptr;
2197 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2198 		ptr = cfg_ptr_reverse($2);
2199 		free($2);
2200 		if(ptr) {
2201 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2202 				local_data, ptr))
2203 				fatal_exit("out of memory adding local-data");
2204 		} else {
2205 			yyerror("local-data-ptr could not be reversed");
2206 		}
2207 	}
2208 	;
2209 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2210 	{
2211 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2212 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2213 			yyerror("expected yes or no.");
2214 		else cfg_parser->cfg->minimal_responses =
2215 			(strcmp($2, "yes")==0);
2216 		free($2);
2217 	}
2218 	;
2219 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2220 	{
2221 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2222 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2223 			yyerror("expected yes or no.");
2224 		else cfg_parser->cfg->rrset_roundrobin =
2225 			(strcmp($2, "yes")==0);
2226 		free($2);
2227 	}
2228 	;
2229 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2230 	{
2231 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2232 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2233 		free($2);
2234 	}
2235 	;
2236 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2237 	{
2238 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2239 		cfg_parser->cfg->max_udp_size = atoi($2);
2240 		free($2);
2241 	}
2242 	;
2243 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2244 	{
2245 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2246 		free(cfg_parser->cfg->dns64_prefix);
2247 		cfg_parser->cfg->dns64_prefix = $2;
2248 	}
2249 	;
2250 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2251 	{
2252 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2253 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2254 			yyerror("expected yes or no.");
2255 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2256 		free($2);
2257 	}
2258 	;
2259 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2260 	{
2261 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2262 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2263 			$2))
2264 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2265 	}
2266 	;
2267 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2268 	{
2269 		char* p, *s = $2;
2270 		OUTYY(("P(server_define_tag:%s)\n", $2));
2271 		while((p=strsep(&s, " \t\n")) != NULL) {
2272 			if(*p) {
2273 				if(!config_add_tag(cfg_parser->cfg, p))
2274 					yyerror("could not define-tag, "
2275 						"out of memory");
2276 			}
2277 		}
2278 		free($2);
2279 	}
2280 	;
2281 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2282 	{
2283 		size_t len = 0;
2284 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2285 			&len);
2286 		free($3);
2287 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2288 		if(!bitlist) {
2289 			yyerror("could not parse tags, (define-tag them first)");
2290 			free($2);
2291 		}
2292 		if(bitlist) {
2293 			if(!cfg_strbytelist_insert(
2294 				&cfg_parser->cfg->local_zone_tags,
2295 				$2, bitlist, len)) {
2296 				yyerror("out of memory");
2297 				free($2);
2298 			}
2299 		}
2300 	}
2301 	;
2302 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2303 	{
2304 		size_t len = 0;
2305 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2306 			&len);
2307 		free($3);
2308 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2309 		if(!bitlist) {
2310 			yyerror("could not parse tags, (define-tag them first)");
2311 			free($2);
2312 		}
2313 		if(bitlist) {
2314 			if(!cfg_strbytelist_insert(
2315 				&cfg_parser->cfg->acl_tags,
2316 				$2, bitlist, len)) {
2317 				yyerror("out of memory");
2318 				free($2);
2319 			}
2320 		}
2321 	}
2322 	;
2323 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2324 	{
2325 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2326 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2327 			$2, $3, $4)) {
2328 			yyerror("out of memory");
2329 			free($2);
2330 			free($3);
2331 			free($4);
2332 		}
2333 	}
2334 	;
2335 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2336 	{
2337 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2338 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2339 			$2, $3, $4)) {
2340 			yyerror("out of memory");
2341 			free($2);
2342 			free($3);
2343 			free($4);
2344 		}
2345 	}
2346 	;
2347 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2348 	{
2349 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2350 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2351 			$2, $3, $4)) {
2352 			yyerror("out of memory");
2353 			free($2);
2354 			free($3);
2355 			free($4);
2356 		}
2357 	}
2358 	;
2359 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2360 	{
2361 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2362 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2363 			$2, $3)) {
2364 			yyerror("out of memory");
2365 		}
2366 	}
2367 	;
2368 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2369 	{
2370 		size_t len = 0;
2371 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2372 			&len);
2373 		free($3);
2374 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2375 		if(!bitlist) {
2376 			yyerror("could not parse tags, (define-tag them first)");
2377 			free($2);
2378 		}
2379 		if(bitlist) {
2380 			if(!cfg_strbytelist_insert(
2381 				&cfg_parser->cfg->respip_tags,
2382 				$2, bitlist, len)) {
2383 				yyerror("out of memory");
2384 				free($2);
2385 			}
2386 		}
2387 	}
2388 	;
2389 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2390 	{
2391 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2392 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2393 			yyerror("number expected");
2394 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2395 		free($2);
2396 	}
2397 	;
2398 server_ratelimit: VAR_RATELIMIT STRING_ARG
2399 	{
2400 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2401 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2402 			yyerror("number expected");
2403 		else cfg_parser->cfg->ratelimit = atoi($2);
2404 		free($2);
2405 	}
2406 	;
2407 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2408 	{
2409 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2410 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2411 			yyerror("memory size expected");
2412 		free($2);
2413 	}
2414 	;
2415 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2416 	{
2417 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2418 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2419 			yyerror("memory size expected");
2420 		free($2);
2421 	}
2422 	;
2423 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2424 	{
2425 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2426 		if(atoi($2) == 0) {
2427 			yyerror("number expected");
2428 		} else {
2429 			cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2430 			if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2431 				yyerror("must be a power of 2");
2432 		}
2433 		free($2);
2434 	}
2435 	;
2436 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2437 	{
2438 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2439 		if(atoi($2) == 0) {
2440 			yyerror("number expected");
2441 		} else {
2442 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2443 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2444 				yyerror("must be a power of 2");
2445 		}
2446 		free($2);
2447 	}
2448 	;
2449 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2450 	{
2451 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2452 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2453 			yyerror("number expected");
2454 			free($2);
2455 			free($3);
2456 		} else {
2457 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2458 				ratelimit_for_domain, $2, $3))
2459 				fatal_exit("out of memory adding "
2460 					"ratelimit-for-domain");
2461 		}
2462 	}
2463 	;
2464 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2465 	{
2466 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2467 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2468 			yyerror("number expected");
2469 			free($2);
2470 			free($3);
2471 		} else {
2472 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2473 				ratelimit_below_domain, $2, $3))
2474 				fatal_exit("out of memory adding "
2475 					"ratelimit-below-domain");
2476 		}
2477 	}
2478 	;
2479 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2480 	{
2481 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2482 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2483 			yyerror("number expected");
2484 		else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2485 		free($2);
2486 	}
2487 	;
2488 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2489 	{
2490 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2491 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2492 			yyerror("number expected");
2493 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2494 		free($2);
2495 	}
2496 	;
2497 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2498 	{
2499 		OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2500 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2501 			yyerror("number expected");
2502 		else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2503 		free($2);
2504 	}
2505 	;
2506 server_low_rtt: VAR_LOW_RTT STRING_ARG
2507 	{
2508 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2509 		free($2);
2510 	}
2511 	;
2512 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2513 	{
2514 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2515 		if(atoi($2) <= 0)
2516 			yyerror("number expected");
2517 		else cfg_parser->cfg->fast_server_num = atoi($2);
2518 		free($2);
2519 	}
2520 	;
2521 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2522 	{
2523 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2524 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2525 			yyerror("number expected");
2526 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2527 		free($2);
2528 	}
2529 	;
2530 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2531 	{
2532 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2533 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2534 			yyerror("expected yes or no.");
2535 		else cfg_parser->cfg->qname_minimisation =
2536 			(strcmp($2, "yes")==0);
2537 		free($2);
2538 	}
2539 	;
2540 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2541 	{
2542 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2543 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2544 			yyerror("expected yes or no.");
2545 		else cfg_parser->cfg->qname_minimisation_strict =
2546 			(strcmp($2, "yes")==0);
2547 		free($2);
2548 	}
2549 	;
2550 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2551 	{
2552 		OUTYY(("P(server_pad_responses:%s)\n", $2));
2553 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2554 			yyerror("expected yes or no.");
2555 		else cfg_parser->cfg->pad_responses =
2556 			(strcmp($2, "yes")==0);
2557 		free($2);
2558 	}
2559 	;
2560 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2561 	{
2562 		OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2563 		if(atoi($2) == 0)
2564 			yyerror("number expected");
2565 		else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2566 		free($2);
2567 	}
2568 	;
2569 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2570 	{
2571 		OUTYY(("P(server_pad_queries:%s)\n", $2));
2572 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2573 			yyerror("expected yes or no.");
2574 		else cfg_parser->cfg->pad_queries =
2575 			(strcmp($2, "yes")==0);
2576 		free($2);
2577 	}
2578 	;
2579 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2580 	{
2581 		OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2582 		if(atoi($2) == 0)
2583 			yyerror("number expected");
2584 		else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2585 		free($2);
2586 	}
2587 	;
2588 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2589 	{
2590 	#ifdef USE_IPSECMOD
2591 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2592 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2593 			yyerror("expected yes or no.");
2594 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2595 	#else
2596 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2597 	#endif
2598 		free($2);
2599 	}
2600 	;
2601 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2602 	{
2603 	#ifdef USE_IPSECMOD
2604 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2605 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2606 			yyerror("expected yes or no.");
2607 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2608 	#else
2609 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2610 	#endif
2611 		free($2);
2612 	}
2613 	;
2614 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2615 	{
2616 	#ifdef USE_IPSECMOD
2617 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2618 		free(cfg_parser->cfg->ipsecmod_hook);
2619 		cfg_parser->cfg->ipsecmod_hook = $2;
2620 	#else
2621 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2622 		free($2);
2623 	#endif
2624 	}
2625 	;
2626 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2627 	{
2628 	#ifdef USE_IPSECMOD
2629 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2630 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2631 			yyerror("number expected");
2632 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2633 		free($2);
2634 	#else
2635 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2636 		free($2);
2637 	#endif
2638 	}
2639 	;
2640 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2641 	{
2642 	#ifdef USE_IPSECMOD
2643 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2644 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2645 			yyerror("out of memory");
2646 	#else
2647 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2648 		free($2);
2649 	#endif
2650 	}
2651 	;
2652 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2653 	{
2654 	#ifdef USE_IPSECMOD
2655 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2656 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2657 			yyerror("expected yes or no.");
2658 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2659 		free($2);
2660 	#else
2661 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2662 		free($2);
2663 	#endif
2664 	}
2665 	;
2666 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2667 	{
2668 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2669 		if(!cfg_str2list_insert(
2670 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2671 			fatal_exit("out of memory adding "
2672 				"edns-client-string");
2673 	}
2674 	;
2675 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2676 	{
2677 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2678 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2679 			yyerror("option code expected");
2680 		else if(atoi($2) > 65535 || atoi($2) < 0)
2681 			yyerror("option code must be in interval [0, 65535]");
2682 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2683 		free($2);
2684 
2685 	}
2686 	;
2687 stub_name: VAR_NAME STRING_ARG
2688 	{
2689 		OUTYY(("P(name:%s)\n", $2));
2690 		if(cfg_parser->cfg->stubs->name)
2691 			yyerror("stub name override, there must be one name "
2692 				"for one stub-zone");
2693 		free(cfg_parser->cfg->stubs->name);
2694 		cfg_parser->cfg->stubs->name = $2;
2695 	}
2696 	;
2697 stub_host: VAR_STUB_HOST STRING_ARG
2698 	{
2699 		OUTYY(("P(stub-host:%s)\n", $2));
2700 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2701 			yyerror("out of memory");
2702 	}
2703 	;
2704 stub_addr: VAR_STUB_ADDR STRING_ARG
2705 	{
2706 		OUTYY(("P(stub-addr:%s)\n", $2));
2707 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2708 			yyerror("out of memory");
2709 	}
2710 	;
2711 stub_first: VAR_STUB_FIRST STRING_ARG
2712 	{
2713 		OUTYY(("P(stub-first:%s)\n", $2));
2714 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2715 			yyerror("expected yes or no.");
2716 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2717 		free($2);
2718 	}
2719 	;
2720 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2721 	{
2722 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2723 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2724 			yyerror("expected yes or no.");
2725 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2726 		free($2);
2727 	}
2728 	;
2729 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2730 	{
2731 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2732 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2733 			yyerror("expected yes or no.");
2734 		else cfg_parser->cfg->stubs->ssl_upstream =
2735 			(strcmp($2, "yes")==0);
2736 		free($2);
2737 	}
2738 	;
2739 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2740         {
2741                 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2742                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2743                         yyerror("expected yes or no.");
2744                 else cfg_parser->cfg->stubs->tcp_upstream =
2745                         (strcmp($2, "yes")==0);
2746                 free($2);
2747         }
2748         ;
2749 stub_prime: VAR_STUB_PRIME STRING_ARG
2750 	{
2751 		OUTYY(("P(stub-prime:%s)\n", $2));
2752 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2753 			yyerror("expected yes or no.");
2754 		else cfg_parser->cfg->stubs->isprime =
2755 			(strcmp($2, "yes")==0);
2756 		free($2);
2757 	}
2758 	;
2759 forward_name: VAR_NAME STRING_ARG
2760 	{
2761 		OUTYY(("P(name:%s)\n", $2));
2762 		if(cfg_parser->cfg->forwards->name)
2763 			yyerror("forward name override, there must be one "
2764 				"name for one forward-zone");
2765 		free(cfg_parser->cfg->forwards->name);
2766 		cfg_parser->cfg->forwards->name = $2;
2767 	}
2768 	;
2769 forward_host: VAR_FORWARD_HOST STRING_ARG
2770 	{
2771 		OUTYY(("P(forward-host:%s)\n", $2));
2772 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2773 			yyerror("out of memory");
2774 	}
2775 	;
2776 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2777 	{
2778 		OUTYY(("P(forward-addr:%s)\n", $2));
2779 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2780 			yyerror("out of memory");
2781 	}
2782 	;
2783 forward_first: VAR_FORWARD_FIRST STRING_ARG
2784 	{
2785 		OUTYY(("P(forward-first:%s)\n", $2));
2786 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2787 			yyerror("expected yes or no.");
2788 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2789 		free($2);
2790 	}
2791 	;
2792 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2793 	{
2794 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2795 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2796 			yyerror("expected yes or no.");
2797 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2798 		free($2);
2799 	}
2800 	;
2801 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2802 	{
2803 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2804 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2805 			yyerror("expected yes or no.");
2806 		else cfg_parser->cfg->forwards->ssl_upstream =
2807 			(strcmp($2, "yes")==0);
2808 		free($2);
2809 	}
2810 	;
2811 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
2812         {
2813                 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
2814                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2815                         yyerror("expected yes or no.");
2816                 else cfg_parser->cfg->forwards->tcp_upstream =
2817                         (strcmp($2, "yes")==0);
2818                 free($2);
2819         }
2820         ;
2821 auth_name: VAR_NAME STRING_ARG
2822 	{
2823 		OUTYY(("P(name:%s)\n", $2));
2824 		if(cfg_parser->cfg->auths->name)
2825 			yyerror("auth name override, there must be one name "
2826 				"for one auth-zone");
2827 		free(cfg_parser->cfg->auths->name);
2828 		cfg_parser->cfg->auths->name = $2;
2829 	}
2830 	;
2831 auth_zonefile: VAR_ZONEFILE STRING_ARG
2832 	{
2833 		OUTYY(("P(zonefile:%s)\n", $2));
2834 		free(cfg_parser->cfg->auths->zonefile);
2835 		cfg_parser->cfg->auths->zonefile = $2;
2836 	}
2837 	;
2838 auth_master: VAR_MASTER STRING_ARG
2839 	{
2840 		OUTYY(("P(master:%s)\n", $2));
2841 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2842 			yyerror("out of memory");
2843 	}
2844 	;
2845 auth_url: VAR_URL STRING_ARG
2846 	{
2847 		OUTYY(("P(url:%s)\n", $2));
2848 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2849 			yyerror("out of memory");
2850 	}
2851 	;
2852 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2853 	{
2854 		OUTYY(("P(allow-notify:%s)\n", $2));
2855 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2856 			$2))
2857 			yyerror("out of memory");
2858 	}
2859 	;
2860 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
2861 	{
2862 		OUTYY(("P(zonemd-check:%s)\n", $2));
2863 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2864 			yyerror("expected yes or no.");
2865 		else cfg_parser->cfg->auths->zonemd_check =
2866 			(strcmp($2, "yes")==0);
2867 		free($2);
2868 	}
2869 	;
2870 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
2871 	{
2872 		OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
2873 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2874 			yyerror("expected yes or no.");
2875 		else cfg_parser->cfg->auths->zonemd_reject_absence =
2876 			(strcmp($2, "yes")==0);
2877 		free($2);
2878 	}
2879 	;
2880 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2881 	{
2882 		OUTYY(("P(for-downstream:%s)\n", $2));
2883 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2884 			yyerror("expected yes or no.");
2885 		else cfg_parser->cfg->auths->for_downstream =
2886 			(strcmp($2, "yes")==0);
2887 		free($2);
2888 	}
2889 	;
2890 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2891 	{
2892 		OUTYY(("P(for-upstream:%s)\n", $2));
2893 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2894 			yyerror("expected yes or no.");
2895 		else cfg_parser->cfg->auths->for_upstream =
2896 			(strcmp($2, "yes")==0);
2897 		free($2);
2898 	}
2899 	;
2900 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2901 	{
2902 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2903 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2904 			yyerror("expected yes or no.");
2905 		else cfg_parser->cfg->auths->fallback_enabled =
2906 			(strcmp($2, "yes")==0);
2907 		free($2);
2908 	}
2909 	;
2910 view_name: VAR_NAME STRING_ARG
2911 	{
2912 		OUTYY(("P(name:%s)\n", $2));
2913 		if(cfg_parser->cfg->views->name)
2914 			yyerror("view name override, there must be one "
2915 				"name for one view");
2916 		free(cfg_parser->cfg->views->name);
2917 		cfg_parser->cfg->views->name = $2;
2918 	}
2919 	;
2920 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2921 	{
2922 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2923 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2924 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2925 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2926 		   && strcmp($3, "typetransparent")!=0
2927 		   && strcmp($3, "always_transparent")!=0
2928 		   && strcmp($3, "always_refuse")!=0
2929 		   && strcmp($3, "always_nxdomain")!=0
2930 		   && strcmp($3, "always_nodata")!=0
2931 		   && strcmp($3, "always_deny")!=0
2932 		   && strcmp($3, "always_null")!=0
2933 		   && strcmp($3, "noview")!=0
2934 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2935 		   && strcmp($3, "inform_redirect") != 0
2936 		   && strcmp($3, "ipset") != 0) {
2937 			yyerror("local-zone type: expected static, deny, "
2938 				"refuse, redirect, transparent, "
2939 				"typetransparent, inform, inform_deny, "
2940 				"inform_redirect, always_transparent, "
2941 				"always_refuse, always_nxdomain, "
2942 				"always_nodata, always_deny, always_null, "
2943 				"noview, nodefault or ipset");
2944 			free($2);
2945 			free($3);
2946 		} else if(strcmp($3, "nodefault")==0) {
2947 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2948 				local_zones_nodefault, $2))
2949 				fatal_exit("out of memory adding local-zone");
2950 			free($3);
2951 #ifdef USE_IPSET
2952 		} else if(strcmp($3, "ipset")==0) {
2953 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2954 				local_zones_ipset, $2))
2955 				fatal_exit("out of memory adding local-zone");
2956 			free($3);
2957 #endif
2958 		} else {
2959 			if(!cfg_str2list_insert(
2960 				&cfg_parser->cfg->views->local_zones,
2961 				$2, $3))
2962 				fatal_exit("out of memory adding local-zone");
2963 		}
2964 	}
2965 	;
2966 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2967 	{
2968 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2969 		validate_respip_action($3);
2970 		if(!cfg_str2list_insert(
2971 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2972 			fatal_exit("out of memory adding per-view "
2973 				"response-ip action");
2974 	}
2975 	;
2976 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2977 	{
2978 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2979 		if(!cfg_str2list_insert(
2980 			&cfg_parser->cfg->views->respip_data, $2, $3))
2981 			fatal_exit("out of memory adding response-ip-data");
2982 	}
2983 	;
2984 view_local_data: VAR_LOCAL_DATA STRING_ARG
2985 	{
2986 		OUTYY(("P(view_local_data:%s)\n", $2));
2987 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2988 			fatal_exit("out of memory adding local-data");
2989 		}
2990 	}
2991 	;
2992 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2993 	{
2994 		char* ptr;
2995 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2996 		ptr = cfg_ptr_reverse($2);
2997 		free($2);
2998 		if(ptr) {
2999 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3000 				local_data, ptr))
3001 				fatal_exit("out of memory adding local-data");
3002 		} else {
3003 			yyerror("local-data-ptr could not be reversed");
3004 		}
3005 	}
3006 	;
3007 view_first: VAR_VIEW_FIRST STRING_ARG
3008 	{
3009 		OUTYY(("P(view-first:%s)\n", $2));
3010 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3011 			yyerror("expected yes or no.");
3012 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3013 		free($2);
3014 	}
3015 	;
3016 rcstart: VAR_REMOTE_CONTROL
3017 	{
3018 		OUTYY(("\nP(remote-control:)\n"));
3019 	}
3020 	;
3021 contents_rc: contents_rc content_rc
3022 	| ;
3023 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3024 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3025 	rc_control_cert_file | rc_control_use_cert
3026 	;
3027 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3028 	{
3029 		OUTYY(("P(control_enable:%s)\n", $2));
3030 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3031 			yyerror("expected yes or no.");
3032 		else cfg_parser->cfg->remote_control_enable =
3033 			(strcmp($2, "yes")==0);
3034 		free($2);
3035 	}
3036 	;
3037 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3038 	{
3039 		OUTYY(("P(control_port:%s)\n", $2));
3040 		if(atoi($2) == 0)
3041 			yyerror("control port number expected");
3042 		else cfg_parser->cfg->control_port = atoi($2);
3043 		free($2);
3044 	}
3045 	;
3046 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3047 	{
3048 		OUTYY(("P(control_interface:%s)\n", $2));
3049 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3050 			yyerror("out of memory");
3051 	}
3052 	;
3053 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3054 	{
3055 		OUTYY(("P(control_use_cert:%s)\n", $2));
3056 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3057 		free($2);
3058 	}
3059 	;
3060 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3061 	{
3062 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
3063 		free(cfg_parser->cfg->server_key_file);
3064 		cfg_parser->cfg->server_key_file = $2;
3065 	}
3066 	;
3067 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3068 	{
3069 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3070 		free(cfg_parser->cfg->server_cert_file);
3071 		cfg_parser->cfg->server_cert_file = $2;
3072 	}
3073 	;
3074 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3075 	{
3076 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
3077 		free(cfg_parser->cfg->control_key_file);
3078 		cfg_parser->cfg->control_key_file = $2;
3079 	}
3080 	;
3081 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3082 	{
3083 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3084 		free(cfg_parser->cfg->control_cert_file);
3085 		cfg_parser->cfg->control_cert_file = $2;
3086 	}
3087 	;
3088 dtstart: VAR_DNSTAP
3089 	{
3090 		OUTYY(("\nP(dnstap:)\n"));
3091 	}
3092 	;
3093 contents_dt: contents_dt content_dt
3094 	| ;
3095 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3096 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3097 	dt_dnstap_tls_cert_bundle |
3098 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3099 	dt_dnstap_send_identity | dt_dnstap_send_version |
3100 	dt_dnstap_identity | dt_dnstap_version |
3101 	dt_dnstap_log_resolver_query_messages |
3102 	dt_dnstap_log_resolver_response_messages |
3103 	dt_dnstap_log_client_query_messages |
3104 	dt_dnstap_log_client_response_messages |
3105 	dt_dnstap_log_forwarder_query_messages |
3106 	dt_dnstap_log_forwarder_response_messages
3107 	;
3108 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3109 	{
3110 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3111 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3112 			yyerror("expected yes or no.");
3113 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3114 		free($2);
3115 	}
3116 	;
3117 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3118 	{
3119 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3120 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3121 			yyerror("expected yes or no.");
3122 		else cfg_parser->cfg->dnstap_bidirectional =
3123 			(strcmp($2, "yes")==0);
3124 		free($2);
3125 	}
3126 	;
3127 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3128 	{
3129 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3130 		free(cfg_parser->cfg->dnstap_socket_path);
3131 		cfg_parser->cfg->dnstap_socket_path = $2;
3132 	}
3133 	;
3134 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3135 	{
3136 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3137 		free(cfg_parser->cfg->dnstap_ip);
3138 		cfg_parser->cfg->dnstap_ip = $2;
3139 	}
3140 	;
3141 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3142 	{
3143 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3144 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3145 			yyerror("expected yes or no.");
3146 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3147 		free($2);
3148 	}
3149 	;
3150 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3151 	{
3152 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3153 		free(cfg_parser->cfg->dnstap_tls_server_name);
3154 		cfg_parser->cfg->dnstap_tls_server_name = $2;
3155 	}
3156 	;
3157 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3158 	{
3159 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3160 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3161 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3162 	}
3163 	;
3164 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3165 	{
3166 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3167 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
3168 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3169 	}
3170 	;
3171 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3172 	{
3173 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3174 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3175 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3176 	}
3177 	;
3178 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3179 	{
3180 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3181 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3182 			yyerror("expected yes or no.");
3183 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3184 		free($2);
3185 	}
3186 	;
3187 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3188 	{
3189 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3190 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3191 			yyerror("expected yes or no.");
3192 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3193 		free($2);
3194 	}
3195 	;
3196 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3197 	{
3198 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3199 		free(cfg_parser->cfg->dnstap_identity);
3200 		cfg_parser->cfg->dnstap_identity = $2;
3201 	}
3202 	;
3203 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3204 	{
3205 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3206 		free(cfg_parser->cfg->dnstap_version);
3207 		cfg_parser->cfg->dnstap_version = $2;
3208 	}
3209 	;
3210 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3211 	{
3212 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3213 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3214 			yyerror("expected yes or no.");
3215 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3216 			(strcmp($2, "yes")==0);
3217 		free($2);
3218 	}
3219 	;
3220 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3221 	{
3222 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3223 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3224 			yyerror("expected yes or no.");
3225 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3226 			(strcmp($2, "yes")==0);
3227 		free($2);
3228 	}
3229 	;
3230 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3231 	{
3232 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3233 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3234 			yyerror("expected yes or no.");
3235 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3236 			(strcmp($2, "yes")==0);
3237 		free($2);
3238 	}
3239 	;
3240 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3241 	{
3242 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3243 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3244 			yyerror("expected yes or no.");
3245 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3246 			(strcmp($2, "yes")==0);
3247 		free($2);
3248 	}
3249 	;
3250 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3251 	{
3252 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3253 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3254 			yyerror("expected yes or no.");
3255 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3256 			(strcmp($2, "yes")==0);
3257 		free($2);
3258 	}
3259 	;
3260 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3261 	{
3262 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3263 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3264 			yyerror("expected yes or no.");
3265 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3266 			(strcmp($2, "yes")==0);
3267 		free($2);
3268 	}
3269 	;
3270 pythonstart: VAR_PYTHON
3271 	{
3272 		OUTYY(("\nP(python:)\n"));
3273 	}
3274 	;
3275 contents_py: contents_py content_py
3276 	| ;
3277 content_py: py_script
3278 	;
3279 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3280 	{
3281 		OUTYY(("P(python-script:%s)\n", $2));
3282 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3283 			yyerror("out of memory");
3284 	}
3285 dynlibstart: VAR_DYNLIB
3286 	{
3287 		OUTYY(("\nP(dynlib:)\n"));
3288 	}
3289 	;
3290 contents_dl: contents_dl content_dl
3291 	| ;
3292 content_dl: dl_file
3293 	;
3294 dl_file: VAR_DYNLIB_FILE STRING_ARG
3295 	{
3296 		OUTYY(("P(dynlib-file:%s)\n", $2));
3297 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3298 			yyerror("out of memory");
3299 	}
3300 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3301 	{
3302 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3303 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3304 			yyerror("expected yes or no.");
3305 		else cfg_parser->cfg->disable_dnssec_lame_check =
3306 			(strcmp($2, "yes")==0);
3307 		free($2);
3308 	}
3309 	;
3310 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3311 	{
3312 		OUTYY(("P(server_log_identity:%s)\n", $2));
3313 		free(cfg_parser->cfg->log_identity);
3314 		cfg_parser->cfg->log_identity = $2;
3315 	}
3316 	;
3317 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3318 	{
3319 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3320 		validate_respip_action($3);
3321 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3322 			$2, $3))
3323 			fatal_exit("out of memory adding response-ip");
3324 	}
3325 	;
3326 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3327 	{
3328 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3329 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3330 			$2, $3))
3331 			fatal_exit("out of memory adding response-ip-data");
3332 	}
3333 	;
3334 dnscstart: VAR_DNSCRYPT
3335 	{
3336 		OUTYY(("\nP(dnscrypt:)\n"));
3337 	}
3338 	;
3339 contents_dnsc: contents_dnsc content_dnsc
3340 	| ;
3341 content_dnsc:
3342 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3343 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3344 	dnsc_dnscrypt_provider_cert_rotated |
3345 	dnsc_dnscrypt_shared_secret_cache_size |
3346 	dnsc_dnscrypt_shared_secret_cache_slabs |
3347 	dnsc_dnscrypt_nonce_cache_size |
3348 	dnsc_dnscrypt_nonce_cache_slabs
3349 	;
3350 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3351 	{
3352 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3353 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3354 			yyerror("expected yes or no.");
3355 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3356 		free($2);
3357 	}
3358 	;
3359 
3360 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3361 	{
3362 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3363 		if(atoi($2) == 0)
3364 			yyerror("port number expected");
3365 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3366 		free($2);
3367 	}
3368 	;
3369 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3370 	{
3371 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3372 		free(cfg_parser->cfg->dnscrypt_provider);
3373 		cfg_parser->cfg->dnscrypt_provider = $2;
3374 	}
3375 	;
3376 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3377 	{
3378 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3379 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3380 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3381 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3382 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3383 	}
3384 	;
3385 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3386 	{
3387 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3388 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3389 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3390 	}
3391 	;
3392 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3393 	{
3394 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3395 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3396 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3397 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3398 			fatal_exit("out of memory adding dnscrypt-secret-key");
3399 	}
3400 	;
3401 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3402   {
3403 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3404 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3405 		yyerror("memory size expected");
3406 	free($2);
3407   }
3408   ;
3409 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3410   {
3411 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3412 	if(atoi($2) == 0) {
3413 		yyerror("number expected");
3414 	} else {
3415 		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3416 		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3417 			yyerror("must be a power of 2");
3418 	}
3419 	free($2);
3420   }
3421   ;
3422 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3423   {
3424 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3425 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3426 		yyerror("memory size expected");
3427 	free($2);
3428   }
3429   ;
3430 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3431   {
3432 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3433 	if(atoi($2) == 0) {
3434 		yyerror("number expected");
3435 	} else {
3436 		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3437 		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3438 			yyerror("must be a power of 2");
3439 	}
3440 	free($2);
3441   }
3442   ;
3443 cachedbstart: VAR_CACHEDB
3444 	{
3445 		OUTYY(("\nP(cachedb:)\n"));
3446 	}
3447 	;
3448 contents_cachedb: contents_cachedb content_cachedb
3449 	| ;
3450 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3451 	redis_server_host | redis_server_port | redis_timeout |
3452 	redis_expire_records
3453 	;
3454 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3455 	{
3456 	#ifdef USE_CACHEDB
3457 		OUTYY(("P(backend:%s)\n", $2));
3458 		free(cfg_parser->cfg->cachedb_backend);
3459 		cfg_parser->cfg->cachedb_backend = $2;
3460 	#else
3461 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3462 		free($2);
3463 	#endif
3464 	}
3465 	;
3466 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3467 	{
3468 	#ifdef USE_CACHEDB
3469 		OUTYY(("P(secret-seed:%s)\n", $2));
3470 		free(cfg_parser->cfg->cachedb_secret);
3471 		cfg_parser->cfg->cachedb_secret = $2;
3472 	#else
3473 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3474 		free($2);
3475 	#endif
3476 	}
3477 	;
3478 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3479 	{
3480 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3481 		OUTYY(("P(redis_server_host:%s)\n", $2));
3482 		free(cfg_parser->cfg->redis_server_host);
3483 		cfg_parser->cfg->redis_server_host = $2;
3484 	#else
3485 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3486 		free($2);
3487 	#endif
3488 	}
3489 	;
3490 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3491 	{
3492 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3493 		int port;
3494 		OUTYY(("P(redis_server_port:%s)\n", $2));
3495 		port = atoi($2);
3496 		if(port == 0 || port < 0 || port > 65535)
3497 			yyerror("valid redis server port number expected");
3498 		else cfg_parser->cfg->redis_server_port = port;
3499 	#else
3500 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3501 	#endif
3502 		free($2);
3503 	}
3504 	;
3505 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3506 	{
3507 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3508 		OUTYY(("P(redis_timeout:%s)\n", $2));
3509 		if(atoi($2) == 0)
3510 			yyerror("redis timeout value expected");
3511 		else cfg_parser->cfg->redis_timeout = atoi($2);
3512 	#else
3513 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3514 	#endif
3515 		free($2);
3516 	}
3517 	;
3518 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3519 	{
3520 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3521 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3522 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3523 			yyerror("expected yes or no.");
3524 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3525 	#else
3526 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3527 	#endif
3528 		free($2);
3529 	}
3530 	;
3531 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3532 	{
3533 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3534 		if (atoi($3) < 0)
3535 			yyerror("positive number expected");
3536 		else {
3537 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3538 				fatal_exit("out of memory adding tcp connection limit");
3539 		}
3540 	}
3541 	;
3542 	ipsetstart: VAR_IPSET
3543 		{
3544 			OUTYY(("\nP(ipset:)\n"));
3545 		}
3546 		;
3547 	contents_ipset: contents_ipset content_ipset
3548 		| ;
3549 	content_ipset: ipset_name_v4 | ipset_name_v6
3550 		;
3551 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3552 		{
3553 		#ifdef USE_IPSET
3554 			OUTYY(("P(name-v4:%s)\n", $2));
3555 			if(cfg_parser->cfg->ipset_name_v4)
3556 				yyerror("ipset name v4 override, there must be one "
3557 					"name for ip v4");
3558 			free(cfg_parser->cfg->ipset_name_v4);
3559 			cfg_parser->cfg->ipset_name_v4 = $2;
3560 		#else
3561 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3562 			free($2);
3563 		#endif
3564 		}
3565 	;
3566 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3567 	{
3568 		#ifdef USE_IPSET
3569 			OUTYY(("P(name-v6:%s)\n", $2));
3570 			if(cfg_parser->cfg->ipset_name_v6)
3571 				yyerror("ipset name v6 override, there must be one "
3572 					"name for ip v6");
3573 			free(cfg_parser->cfg->ipset_name_v6);
3574 			cfg_parser->cfg->ipset_name_v6 = $2;
3575 		#else
3576 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3577 			free($2);
3578 		#endif
3579 		}
3580 	;
3581 %%
3582 
3583 /* parse helper routines could be here */
3584 static void
3585 validate_respip_action(const char* action)
3586 {
3587 	if(strcmp(action, "deny")!=0 &&
3588 		strcmp(action, "redirect")!=0 &&
3589 		strcmp(action, "inform")!=0 &&
3590 		strcmp(action, "inform_deny")!=0 &&
3591 		strcmp(action, "always_transparent")!=0 &&
3592 		strcmp(action, "always_refuse")!=0 &&
3593 		strcmp(action, "always_nxdomain")!=0)
3594 	{
3595 		yyerror("response-ip action: expected deny, redirect, "
3596 			"inform, inform_deny, always_transparent, "
3597 			"always_refuse or always_nxdomain");
3598 	}
3599 }
3600 
3601 
3602