xref: /freebsd/contrib/unbound/util/configparser.y (revision a3266ba2697a383d2ede56803320d941866c7e76)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_FORCE_TOPLEVEL
73 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
74 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
75 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
76 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
77 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
78 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
79 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
80 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
81 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
82 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
83 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
84 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
85 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
86 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
87 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
88 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
89 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
90 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
91 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
92 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
93 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
94 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
95 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
96 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
97 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
98 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
99 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
100 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
101 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
102 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
103 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
104 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
105 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
106 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
107 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
108 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
109 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
110 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
111 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
112 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
113 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
114 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
115 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
116 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
117 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
118 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
119 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
120 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
121 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
122 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
123 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
124 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
125 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
126 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
127 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
128 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
129 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
130 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
131 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
132 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
133 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
134 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
135 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
136 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
137 %token VAR_IP_DSCP
138 %token VAR_DISABLE_DNSSEC_LAME_CHECK
139 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
140 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
141 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
142 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
143 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
144 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
145 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
146 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
147 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
148 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
149 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
150 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
151 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
152 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
153 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
154 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
155 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
156 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
157 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
158 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
159 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
160 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
161 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
162 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
163 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
164 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
165 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
166 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
167 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
168 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
169 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
170 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
171 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
172 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
173 %token VAR_CACHEDB_REDISEXPIRERECORDS
174 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
175 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
176 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
177 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
178 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
179 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
180 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
181 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
182 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
183 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
184 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
185 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
186 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
187 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
188 
189 %%
190 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
191 toplevelvar: serverstart contents_server | stubstart contents_stub |
192 	forwardstart contents_forward | pythonstart contents_py |
193 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
194 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
195 	ipsetstart contents_ipset | authstart contents_auth |
196 	rpzstart contents_rpz | dynlibstart contents_dl |
197 	force_toplevel
198 	;
199 force_toplevel: VAR_FORCE_TOPLEVEL
200 	{
201 		OUTYY(("\nP(force-toplevel)\n"));
202 	}
203 	;
204 /* server: declaration */
205 serverstart: VAR_SERVER
206 	{
207 		OUTYY(("\nP(server:)\n"));
208 	}
209 	;
210 contents_server: contents_server content_server
211 	| ;
212 content_server: server_num_threads | server_verbosity | server_port |
213 	server_outgoing_range | server_do_ip4 |
214 	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
215 	server_do_udp | server_do_tcp |
216 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
217 	server_tcp_keepalive | server_tcp_keepalive_timeout |
218 	server_interface | server_chroot | server_username |
219 	server_directory | server_logfile | server_pidfile |
220 	server_msg_cache_size | server_msg_cache_slabs |
221 	server_num_queries_per_thread | server_rrset_cache_size |
222 	server_rrset_cache_slabs | server_outgoing_num_tcp |
223 	server_infra_host_ttl | server_infra_lame_ttl |
224 	server_infra_cache_slabs | server_infra_cache_numhosts |
225 	server_infra_cache_lame_size | server_target_fetch_policy |
226 	server_harden_short_bufsize | server_harden_large_queries |
227 	server_do_not_query_address | server_hide_identity |
228 	server_hide_version | server_identity | server_version |
229 	server_hide_http_user_agent | server_http_user_agent |
230 	server_harden_glue | server_module_conf | server_trust_anchor_file |
231 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
232 	server_val_clean_additional | server_val_permissive_mode |
233 	server_incoming_num_tcp | server_msg_buffer_size |
234 	server_key_cache_size | server_key_cache_slabs |
235 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
236 	server_use_syslog | server_outgoing_interface | server_root_hints |
237 	server_do_not_query_localhost | server_cache_max_ttl |
238 	server_harden_dnssec_stripped | server_access_control |
239 	server_local_zone | server_local_data | server_interface_automatic |
240 	server_statistics_interval | server_do_daemonize |
241 	server_use_caps_for_id | server_statistics_cumulative |
242 	server_outgoing_port_permit | server_outgoing_port_avoid |
243 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
244 	server_harden_referral_path | server_private_address |
245 	server_private_domain | server_extended_statistics |
246 	server_local_data_ptr | server_jostle_timeout |
247 	server_unwanted_reply_threshold | server_log_time_ascii |
248 	server_domain_insecure | server_val_sig_skew_min |
249 	server_val_sig_skew_max | server_val_max_restart |
250 	server_cache_min_ttl | server_val_log_level |
251 	server_auto_trust_anchor_file |	server_add_holddown |
252 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
253 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
254 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
255 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
256 	server_log_local_actions |
257 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
258 	server_https_port | server_http_endpoint | server_http_max_streams |
259 	server_http_query_buffer_size | server_http_response_buffer_size |
260 	server_http_nodelay | server_http_notls_downstream |
261 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
262 	server_so_reuseport | server_delay_close | server_udp_connect |
263 	server_unblock_lan_zones | server_insecure_lan_zones |
264 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
265 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
266 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
267 	server_ip_dscp | server_infra_keep_probing |
268 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
269 	server_ip_ratelimit_size | server_ratelimit_size |
270 	server_ratelimit_for_domain |
271 	server_ratelimit_below_domain | server_ratelimit_factor |
272 	server_ip_ratelimit_factor | server_send_client_subnet |
273 	server_client_subnet_zone | server_client_subnet_always_forward |
274 	server_client_subnet_opcode |
275 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
276 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
277 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
278 	server_caps_whitelist | server_cache_max_negative_ttl |
279 	server_permit_small_holddown | server_qname_minimisation |
280 	server_ip_freebind | server_define_tag | server_local_zone_tag |
281 	server_disable_dnssec_lame_check | server_access_control_tag |
282 	server_local_zone_override | server_access_control_tag_action |
283 	server_access_control_tag_data | server_access_control_view |
284 	server_qname_minimisation_strict |
285 	server_pad_responses | server_pad_responses_block_size |
286 	server_pad_queries | server_pad_queries_block_size |
287 	server_serve_expired |
288 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
289 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
290 	server_serve_original_ttl | server_fake_dsa |
291 	server_log_identity | server_use_systemd |
292 	server_response_ip_tag | server_response_ip | server_response_ip_data |
293 	server_shm_enable | server_shm_key | server_fake_sha1 |
294 	server_hide_trustanchor | server_trust_anchor_signaling |
295 	server_root_key_sentinel |
296 	server_ipsecmod_enabled | server_ipsecmod_hook |
297 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
298 	server_ipsecmod_whitelist | server_ipsecmod_strict |
299 	server_udp_upstream_without_downstream | server_aggressive_nsec |
300 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
301 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
302 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
303 	server_unknown_server_time_limit | server_log_tag_queryreply |
304 	server_stream_wait_size | server_tls_ciphers |
305 	server_tls_ciphersuites | server_tls_session_ticket_keys |
306 	server_tls_use_sni | server_edns_client_string |
307 	server_edns_client_string_opcode | server_nsid |
308 	server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
309 	server_tcp_reuse_timeout | server_tcp_auth_query_timeout
310 
311 	;
312 stubstart: VAR_STUB_ZONE
313 	{
314 		struct config_stub* s;
315 		OUTYY(("\nP(stub_zone:)\n"));
316 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
317 		if(s) {
318 			s->next = cfg_parser->cfg->stubs;
319 			cfg_parser->cfg->stubs = s;
320 		} else
321 			yyerror("out of memory");
322 	}
323 	;
324 contents_stub: contents_stub content_stub
325 	| ;
326 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
327 	stub_no_cache | stub_ssl_upstream
328 	;
329 forwardstart: VAR_FORWARD_ZONE
330 	{
331 		struct config_stub* s;
332 		OUTYY(("\nP(forward_zone:)\n"));
333 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
334 		if(s) {
335 			s->next = cfg_parser->cfg->forwards;
336 			cfg_parser->cfg->forwards = s;
337 		} else
338 			yyerror("out of memory");
339 	}
340 	;
341 contents_forward: contents_forward content_forward
342 	| ;
343 content_forward: forward_name | forward_host | forward_addr | forward_first |
344 	forward_no_cache | forward_ssl_upstream
345 	;
346 viewstart: VAR_VIEW
347 	{
348 		struct config_view* s;
349 		OUTYY(("\nP(view:)\n"));
350 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
351 		if(s) {
352 			s->next = cfg_parser->cfg->views;
353 			if(s->next && !s->next->name)
354 				yyerror("view without name");
355 			cfg_parser->cfg->views = s;
356 		} else
357 			yyerror("out of memory");
358 	}
359 	;
360 contents_view: contents_view content_view
361 	| ;
362 content_view: view_name | view_local_zone | view_local_data | view_first |
363 		view_response_ip | view_response_ip_data | view_local_data_ptr
364 	;
365 authstart: VAR_AUTH_ZONE
366 	{
367 		struct config_auth* s;
368 		OUTYY(("\nP(auth_zone:)\n"));
369 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
370 		if(s) {
371 			s->next = cfg_parser->cfg->auths;
372 			cfg_parser->cfg->auths = s;
373 			/* defaults for auth zone */
374 			s->for_downstream = 1;
375 			s->for_upstream = 1;
376 			s->fallback_enabled = 0;
377 			s->zonemd_check = 0;
378 			s->zonemd_reject_absence = 0;
379 			s->isrpz = 0;
380 		} else
381 			yyerror("out of memory");
382 	}
383 	;
384 contents_auth: contents_auth content_auth
385 	| ;
386 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
387 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
388 	auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
389 	;
390 
391 rpz_tag: VAR_TAGS STRING_ARG
392 	{
393 		uint8_t* bitlist;
394 		size_t len = 0;
395 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
396 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
397 			&len);
398 		free($2);
399 		if(!bitlist) {
400 			yyerror("could not parse tags, (define-tag them first)");
401 		}
402 		if(bitlist) {
403 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
404 			cfg_parser->cfg->auths->rpz_taglistlen = len;
405 
406 		}
407 	}
408 	;
409 
410 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
411 	{
412 		OUTYY(("P(rpz_action_override:%s)\n", $2));
413 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
414 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
415 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
416 			yyerror("rpz-action-override action: expected nxdomain, "
417 				"nodata, passthru, drop, cname or disabled");
418 			free($2);
419 			cfg_parser->cfg->auths->rpz_action_override = NULL;
420 		}
421 		else {
422 			cfg_parser->cfg->auths->rpz_action_override = $2;
423 		}
424 	}
425 	;
426 
427 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
428 	{
429 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
430 		free(cfg_parser->cfg->auths->rpz_cname);
431 		cfg_parser->cfg->auths->rpz_cname = $2;
432 	}
433 	;
434 
435 rpz_log: VAR_RPZ_LOG STRING_ARG
436 	{
437 		OUTYY(("P(rpz_log:%s)\n", $2));
438 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
439 			yyerror("expected yes or no.");
440 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
441 		free($2);
442 	}
443 	;
444 
445 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
446 	{
447 		OUTYY(("P(rpz_log_name:%s)\n", $2));
448 		free(cfg_parser->cfg->auths->rpz_log_name);
449 		cfg_parser->cfg->auths->rpz_log_name = $2;
450 	}
451 	;
452 
453 rpzstart: VAR_RPZ
454 	{
455 		struct config_auth* s;
456 		OUTYY(("\nP(rpz:)\n"));
457 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
458 		if(s) {
459 			s->next = cfg_parser->cfg->auths;
460 			cfg_parser->cfg->auths = s;
461 			/* defaults for RPZ auth zone */
462 			s->for_downstream = 0;
463 			s->for_upstream = 0;
464 			s->fallback_enabled = 0;
465 			s->isrpz = 1;
466 		} else
467 			yyerror("out of memory");
468 	}
469 	;
470 contents_rpz: contents_rpz content_rpz
471 	| ;
472 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
473 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
474 	   rpz_log | rpz_log_name
475 	;
476 server_num_threads: VAR_NUM_THREADS STRING_ARG
477 	{
478 		OUTYY(("P(server_num_threads:%s)\n", $2));
479 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
480 			yyerror("number expected");
481 		else cfg_parser->cfg->num_threads = atoi($2);
482 		free($2);
483 	}
484 	;
485 server_verbosity: VAR_VERBOSITY STRING_ARG
486 	{
487 		OUTYY(("P(server_verbosity:%s)\n", $2));
488 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
489 			yyerror("number expected");
490 		else cfg_parser->cfg->verbosity = atoi($2);
491 		free($2);
492 	}
493 	;
494 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
495 	{
496 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
497 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
498 			cfg_parser->cfg->stat_interval = 0;
499 		else if(atoi($2) == 0)
500 			yyerror("number expected");
501 		else cfg_parser->cfg->stat_interval = atoi($2);
502 		free($2);
503 	}
504 	;
505 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
506 	{
507 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
508 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
509 			yyerror("expected yes or no.");
510 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
511 		free($2);
512 	}
513 	;
514 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
515 	{
516 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
517 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
518 			yyerror("expected yes or no.");
519 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
520 		free($2);
521 	}
522 	;
523 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
524 	{
525 		OUTYY(("P(server_shm_enable:%s)\n", $2));
526 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
527 			yyerror("expected yes or no.");
528 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
529 		free($2);
530 	}
531 	;
532 server_shm_key: VAR_SHM_KEY STRING_ARG
533 	{
534 		OUTYY(("P(server_shm_key:%s)\n", $2));
535 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
536 			cfg_parser->cfg->shm_key = 0;
537 		else if(atoi($2) == 0)
538 			yyerror("number expected");
539 		else cfg_parser->cfg->shm_key = atoi($2);
540 		free($2);
541 	}
542 	;
543 server_port: VAR_PORT STRING_ARG
544 	{
545 		OUTYY(("P(server_port:%s)\n", $2));
546 		if(atoi($2) == 0)
547 			yyerror("port number expected");
548 		else cfg_parser->cfg->port = atoi($2);
549 		free($2);
550 	}
551 	;
552 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
553 	{
554 	#ifdef CLIENT_SUBNET
555 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
556 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
557 			fatal_exit("out of memory adding client-subnet");
558 	#else
559 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
560 		free($2);
561 	#endif
562 	}
563 	;
564 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
565 	{
566 	#ifdef CLIENT_SUBNET
567 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
568 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
569 			$2))
570 			fatal_exit("out of memory adding client-subnet-zone");
571 	#else
572 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
573 		free($2);
574 	#endif
575 	}
576 	;
577 server_client_subnet_always_forward:
578 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
579 	{
580 	#ifdef CLIENT_SUBNET
581 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
582 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
583 			yyerror("expected yes or no.");
584 		else
585 			cfg_parser->cfg->client_subnet_always_forward =
586 				(strcmp($2, "yes")==0);
587 	#else
588 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
589 	#endif
590 		free($2);
591 	}
592 	;
593 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
594 	{
595 	#ifdef CLIENT_SUBNET
596 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
597 		OUTYY(("P(Deprecated option, ignoring)\n"));
598 	#else
599 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
600 	#endif
601 		free($2);
602 	}
603 	;
604 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
605 	{
606 	#ifdef CLIENT_SUBNET
607 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
608 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
609 			yyerror("IPv4 subnet length expected");
610 		else if (atoi($2) > 32)
611 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
612 		else if (atoi($2) < 0)
613 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
614 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
615 	#else
616 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
617 	#endif
618 		free($2);
619 	}
620 	;
621 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
622 	{
623 	#ifdef CLIENT_SUBNET
624 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
625 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
626 			yyerror("Ipv6 subnet length expected");
627 		else if (atoi($2) > 128)
628 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
629 		else if (atoi($2) < 0)
630 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
631 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
632 	#else
633 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
634 	#endif
635 		free($2);
636 	}
637 	;
638 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
639 	{
640 	#ifdef CLIENT_SUBNET
641 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
642 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
643 			yyerror("IPv4 subnet length expected");
644 		else if (atoi($2) > 32)
645 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
646 		else if (atoi($2) < 0)
647 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
648 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
649 	#else
650 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
651 	#endif
652 		free($2);
653 	}
654 	;
655 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
656 	{
657 	#ifdef CLIENT_SUBNET
658 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
659 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
660 			yyerror("Ipv6 subnet length expected");
661 		else if (atoi($2) > 128)
662 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
663 		else if (atoi($2) < 0)
664 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
665 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
666 	#else
667 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
668 	#endif
669 		free($2);
670 	}
671 	;
672 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
673 	{
674 	#ifdef CLIENT_SUBNET
675 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
676 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
677 			yyerror("IPv4 ECS tree size expected");
678 		else if (atoi($2) < 0)
679 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
680 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
681 	#else
682 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
683 	#endif
684 		free($2);
685 	}
686 	;
687 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
688 	{
689 	#ifdef CLIENT_SUBNET
690 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
691 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
692 			yyerror("IPv6 ECS tree size expected");
693 		else if (atoi($2) < 0)
694 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
695 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
696 	#else
697 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
698 	#endif
699 		free($2);
700 	}
701 	;
702 server_interface: VAR_INTERFACE STRING_ARG
703 	{
704 		OUTYY(("P(server_interface:%s)\n", $2));
705 		if(cfg_parser->cfg->num_ifs == 0)
706 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
707 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
708 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
709 		if(!cfg_parser->cfg->ifs)
710 			yyerror("out of memory");
711 		else
712 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
713 	}
714 	;
715 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
716 	{
717 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
718 		if(cfg_parser->cfg->num_out_ifs == 0)
719 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
720 		else 	cfg_parser->cfg->out_ifs = realloc(
721 			cfg_parser->cfg->out_ifs,
722 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
723 		if(!cfg_parser->cfg->out_ifs)
724 			yyerror("out of memory");
725 		else
726 			cfg_parser->cfg->out_ifs[
727 				cfg_parser->cfg->num_out_ifs++] = $2;
728 	}
729 	;
730 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
731 	{
732 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
733 		if(atoi($2) == 0)
734 			yyerror("number expected");
735 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
736 		free($2);
737 	}
738 	;
739 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
740 	{
741 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
742 		if(!cfg_mark_ports($2, 1,
743 			cfg_parser->cfg->outgoing_avail_ports, 65536))
744 			yyerror("port number or range (\"low-high\") expected");
745 		free($2);
746 	}
747 	;
748 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
749 	{
750 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
751 		if(!cfg_mark_ports($2, 0,
752 			cfg_parser->cfg->outgoing_avail_ports, 65536))
753 			yyerror("port number or range (\"low-high\") expected");
754 		free($2);
755 	}
756 	;
757 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
758 	{
759 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
760 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
761 			yyerror("number expected");
762 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
763 		free($2);
764 	}
765 	;
766 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
767 	{
768 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
769 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
770 			yyerror("number expected");
771 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
772 		free($2);
773 	}
774 	;
775 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
776 	{
777 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
778 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
779 			yyerror("expected yes or no.");
780 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
781 		free($2);
782 	}
783 	;
784 server_do_ip4: VAR_DO_IP4 STRING_ARG
785 	{
786 		OUTYY(("P(server_do_ip4:%s)\n", $2));
787 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
788 			yyerror("expected yes or no.");
789 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
790 		free($2);
791 	}
792 	;
793 server_do_ip6: VAR_DO_IP6 STRING_ARG
794 	{
795 		OUTYY(("P(server_do_ip6:%s)\n", $2));
796 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
797 			yyerror("expected yes or no.");
798 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
799 		free($2);
800 	}
801 	;
802 server_do_udp: VAR_DO_UDP STRING_ARG
803 	{
804 		OUTYY(("P(server_do_udp:%s)\n", $2));
805 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
806 			yyerror("expected yes or no.");
807 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
808 		free($2);
809 	}
810 	;
811 server_do_tcp: VAR_DO_TCP STRING_ARG
812 	{
813 		OUTYY(("P(server_do_tcp:%s)\n", $2));
814 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
815 			yyerror("expected yes or no.");
816 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
817 		free($2);
818 	}
819 	;
820 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
821 	{
822 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
823 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
824 			yyerror("expected yes or no.");
825 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
826 		free($2);
827 	}
828 	;
829 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
830 	{
831 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
832 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
833 			yyerror("expected yes or no.");
834 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
835 		free($2);
836 	}
837 	;
838 server_tcp_mss: VAR_TCP_MSS STRING_ARG
839 	{
840 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
841                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
842                         yyerror("number expected");
843                 else cfg_parser->cfg->tcp_mss = atoi($2);
844                 free($2);
845 	}
846 	;
847 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
848 	{
849 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
850 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
851 			yyerror("number expected");
852 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
853 		free($2);
854 	}
855 	;
856 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
857 	{
858 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
859 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
860 			yyerror("number expected");
861 		else if (atoi($2) > 120000)
862 			cfg_parser->cfg->tcp_idle_timeout = 120000;
863 		else if (atoi($2) < 1)
864 			cfg_parser->cfg->tcp_idle_timeout = 1;
865 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
866 		free($2);
867 	}
868 	;
869 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
870 	{
871 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
872 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
873 			yyerror("number expected");
874 		else if (atoi($2) < 1)
875 			cfg_parser->cfg->max_reuse_tcp_queries = 0;
876 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
877 		free($2);
878 	}
879 	;
880 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
881 	{
882 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
883 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
884 			yyerror("number expected");
885 		else if (atoi($2) < 1)
886 			cfg_parser->cfg->tcp_reuse_timeout = 0;
887 		else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
888 		free($2);
889 	}
890 	;
891 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
892 	{
893 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
894 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
895 			yyerror("number expected");
896 		else if (atoi($2) < 1)
897 			cfg_parser->cfg->tcp_auth_query_timeout = 0;
898 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
899 		free($2);
900 	}
901 	;
902 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
903 	{
904 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
905 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
906 			yyerror("expected yes or no.");
907 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
908 		free($2);
909 	}
910 	;
911 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
912 	{
913 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
914 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
915 			yyerror("number expected");
916 		else if (atoi($2) > 6553500)
917 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
918 		else if (atoi($2) < 1)
919 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
920 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
921 		free($2);
922 	}
923 	;
924 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
925 	{
926 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
927 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
928 			yyerror("expected yes or no.");
929 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
930 		free($2);
931 	}
932 	;
933 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
934 	{
935 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
936 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
937 			yyerror("expected yes or no.");
938 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
939 		free($2);
940 	}
941 	;
942 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
943 	{
944 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
945 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
946 			yyerror("expected yes or no.");
947 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
948 		free($2);
949 	}
950 	;
951 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
952 	{
953 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
954 		free(cfg_parser->cfg->ssl_service_key);
955 		cfg_parser->cfg->ssl_service_key = $2;
956 	}
957 	;
958 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
959 	{
960 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
961 		free(cfg_parser->cfg->ssl_service_pem);
962 		cfg_parser->cfg->ssl_service_pem = $2;
963 	}
964 	;
965 server_ssl_port: VAR_SSL_PORT STRING_ARG
966 	{
967 		OUTYY(("P(server_ssl_port:%s)\n", $2));
968 		if(atoi($2) == 0)
969 			yyerror("port number expected");
970 		else cfg_parser->cfg->ssl_port = atoi($2);
971 		free($2);
972 	}
973 	;
974 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
975 	{
976 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
977 		free(cfg_parser->cfg->tls_cert_bundle);
978 		cfg_parser->cfg->tls_cert_bundle = $2;
979 	}
980 	;
981 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
982 	{
983 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
984 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
985 			yyerror("expected yes or no.");
986 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
987 		free($2);
988 	}
989 	;
990 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
991 	{
992 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
993 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
994 			$2))
995 			yyerror("out of memory");
996 	}
997 	;
998 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
999 	{
1000 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1001 		free(cfg_parser->cfg->tls_ciphers);
1002 		cfg_parser->cfg->tls_ciphers = $2;
1003 	}
1004 	;
1005 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1006 	{
1007 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1008 		free(cfg_parser->cfg->tls_ciphersuites);
1009 		cfg_parser->cfg->tls_ciphersuites = $2;
1010 	}
1011 	;
1012 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1013 	{
1014 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1015 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1016 			$2))
1017 			yyerror("out of memory");
1018 	}
1019 	;
1020 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1021 	{
1022 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1023 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1024 			yyerror("expected yes or no.");
1025 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1026 		free($2);
1027 	}
1028 	;
1029 server_https_port: VAR_HTTPS_PORT STRING_ARG
1030 	{
1031 		OUTYY(("P(server_https_port:%s)\n", $2));
1032 		if(atoi($2) == 0)
1033 			yyerror("port number expected");
1034 		else cfg_parser->cfg->https_port = atoi($2);
1035 		free($2);
1036 	};
1037 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1038 	{
1039 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
1040 		free(cfg_parser->cfg->http_endpoint);
1041 		if($2 && $2[0] != '/') {
1042 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1043 			if(!cfg_parser->cfg->http_endpoint)
1044 				yyerror("out of memory");
1045 			cfg_parser->cfg->http_endpoint[0] = '/';
1046 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
1047 				strlen($2)+1);
1048 			free($2);
1049 		} else {
1050 			cfg_parser->cfg->http_endpoint = $2;
1051 		}
1052 	};
1053 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1054 	{
1055 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1056 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1057 			yyerror("number expected");
1058 		else cfg_parser->cfg->http_max_streams = atoi($2);
1059 		free($2);
1060 	};
1061 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1062 	{
1063 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1064 		if(!cfg_parse_memsize($2,
1065 			&cfg_parser->cfg->http_query_buffer_size))
1066 			yyerror("memory size expected");
1067 		free($2);
1068 	};
1069 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1070 	{
1071 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1072 		if(!cfg_parse_memsize($2,
1073 			&cfg_parser->cfg->http_response_buffer_size))
1074 			yyerror("memory size expected");
1075 		free($2);
1076 	};
1077 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1078 	{
1079 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1080 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1081 			yyerror("expected yes or no.");
1082 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1083 		free($2);
1084 	}
1085 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1086 	{
1087 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1088 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1089 			yyerror("expected yes or no.");
1090 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1091 		free($2);
1092 	};
1093 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1094 	{
1095 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1096 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1097 			yyerror("expected yes or no.");
1098 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1099 		free($2);
1100 	}
1101 	;
1102 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1103 	{
1104 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1105 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1106 			yyerror("expected yes or no.");
1107 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1108 		free($2);
1109 	}
1110 	;
1111 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1112 	{
1113 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1114 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1115 			yyerror("expected yes or no.");
1116 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1117 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1118 		if(strcmp($2, "yes") == 0)
1119 			yyerror("no syslog services are available. "
1120 				"(reconfigure and compile to add)");
1121 #endif
1122 		free($2);
1123 	}
1124 	;
1125 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1126 	{
1127 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1128 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1129 			yyerror("expected yes or no.");
1130 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1131 		free($2);
1132 	}
1133 	;
1134 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1135 	{
1136 		OUTYY(("P(server_log_queries:%s)\n", $2));
1137 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1138 			yyerror("expected yes or no.");
1139 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1140 		free($2);
1141 	}
1142 	;
1143 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1144   {
1145   	OUTYY(("P(server_log_replies:%s)\n", $2));
1146   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1147   		yyerror("expected yes or no.");
1148   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1149   	free($2);
1150   }
1151   ;
1152 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1153   {
1154   	OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1155   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1156   		yyerror("expected yes or no.");
1157   	else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1158   	free($2);
1159   }
1160   ;
1161 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1162 	{
1163 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1164 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1165 			yyerror("expected yes or no.");
1166 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1167 		free($2);
1168 	}
1169 	;
1170 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1171   {
1172   	OUTYY(("P(server_log_local_actions:%s)\n", $2));
1173   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1174   		yyerror("expected yes or no.");
1175   	else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1176   	free($2);
1177   }
1178   ;
1179 server_chroot: VAR_CHROOT STRING_ARG
1180 	{
1181 		OUTYY(("P(server_chroot:%s)\n", $2));
1182 		free(cfg_parser->cfg->chrootdir);
1183 		cfg_parser->cfg->chrootdir = $2;
1184 	}
1185 	;
1186 server_username: VAR_USERNAME STRING_ARG
1187 	{
1188 		OUTYY(("P(server_username:%s)\n", $2));
1189 		free(cfg_parser->cfg->username);
1190 		cfg_parser->cfg->username = $2;
1191 	}
1192 	;
1193 server_directory: VAR_DIRECTORY STRING_ARG
1194 	{
1195 		OUTYY(("P(server_directory:%s)\n", $2));
1196 		free(cfg_parser->cfg->directory);
1197 		cfg_parser->cfg->directory = $2;
1198 		/* change there right away for includes relative to this */
1199 		if($2[0]) {
1200 			char* d;
1201 #ifdef UB_ON_WINDOWS
1202 			w_config_adjust_directory(cfg_parser->cfg);
1203 #endif
1204 			d = cfg_parser->cfg->directory;
1205 			/* adjust directory if we have already chroot,
1206 			 * like, we reread after sighup */
1207 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1208 				strncmp(d, cfg_parser->chroot, strlen(
1209 				cfg_parser->chroot)) == 0)
1210 				d += strlen(cfg_parser->chroot);
1211 			if(d[0]) {
1212 			    if(chdir(d))
1213 				log_err("cannot chdir to directory: %s (%s)",
1214 					d, strerror(errno));
1215 			}
1216 		}
1217 	}
1218 	;
1219 server_logfile: VAR_LOGFILE STRING_ARG
1220 	{
1221 		OUTYY(("P(server_logfile:%s)\n", $2));
1222 		free(cfg_parser->cfg->logfile);
1223 		cfg_parser->cfg->logfile = $2;
1224 		cfg_parser->cfg->use_syslog = 0;
1225 	}
1226 	;
1227 server_pidfile: VAR_PIDFILE STRING_ARG
1228 	{
1229 		OUTYY(("P(server_pidfile:%s)\n", $2));
1230 		free(cfg_parser->cfg->pidfile);
1231 		cfg_parser->cfg->pidfile = $2;
1232 	}
1233 	;
1234 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1235 	{
1236 		OUTYY(("P(server_root_hints:%s)\n", $2));
1237 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1238 			yyerror("out of memory");
1239 	}
1240 	;
1241 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1242 	{
1243 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1244 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1245 		free($2);
1246 	}
1247 	;
1248 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1249 	{
1250 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1251 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1252 		free($2);
1253 	}
1254 	;
1255 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1256 	{
1257 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1258 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1259 			auto_trust_anchor_file_list, $2))
1260 			yyerror("out of memory");
1261 	}
1262 	;
1263 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1264 	{
1265 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1266 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1267 			trust_anchor_file_list, $2))
1268 			yyerror("out of memory");
1269 	}
1270 	;
1271 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1272 	{
1273 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1274 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1275 			trusted_keys_file_list, $2))
1276 			yyerror("out of memory");
1277 	}
1278 	;
1279 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1280 	{
1281 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1282 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1283 			yyerror("out of memory");
1284 	}
1285 	;
1286 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1287 	{
1288 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1289 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1290 			yyerror("expected yes or no.");
1291 		else
1292 			cfg_parser->cfg->trust_anchor_signaling =
1293 				(strcmp($2, "yes")==0);
1294 		free($2);
1295 	}
1296 	;
1297 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1298 	{
1299 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1300 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1301 			yyerror("expected yes or no.");
1302 		else
1303 			cfg_parser->cfg->root_key_sentinel =
1304 				(strcmp($2, "yes")==0);
1305 		free($2);
1306 	}
1307 	;
1308 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1309 	{
1310 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1311 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1312 			yyerror("out of memory");
1313 	}
1314 	;
1315 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1316 	{
1317 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1318 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1319 			yyerror("expected yes or no.");
1320 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1321 		free($2);
1322 	}
1323 	;
1324 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1325 	{
1326 		OUTYY(("P(server_hide_version:%s)\n", $2));
1327 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1328 			yyerror("expected yes or no.");
1329 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1330 		free($2);
1331 	}
1332 	;
1333 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1334 	{
1335 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1336 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1337 			yyerror("expected yes or no.");
1338 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1339 		free($2);
1340 	}
1341 	;
1342 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1343 	{
1344 		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1345 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1346 			yyerror("expected yes or no.");
1347 		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1348 		free($2);
1349 	}
1350 	;
1351 server_identity: VAR_IDENTITY STRING_ARG
1352 	{
1353 		OUTYY(("P(server_identity:%s)\n", $2));
1354 		free(cfg_parser->cfg->identity);
1355 		cfg_parser->cfg->identity = $2;
1356 	}
1357 	;
1358 server_version: VAR_VERSION STRING_ARG
1359 	{
1360 		OUTYY(("P(server_version:%s)\n", $2));
1361 		free(cfg_parser->cfg->version);
1362 		cfg_parser->cfg->version = $2;
1363 	}
1364 	;
1365 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1366 	{
1367 		OUTYY(("P(server_http_user_agent:%s)\n", $2));
1368 		free(cfg_parser->cfg->http_user_agent);
1369 		cfg_parser->cfg->http_user_agent = $2;
1370 	}
1371 	;
1372 server_nsid: VAR_NSID STRING_ARG
1373 	{
1374 		OUTYY(("P(server_nsid:%s)\n", $2));
1375 		free(cfg_parser->cfg->nsid_cfg_str);
1376 		cfg_parser->cfg->nsid_cfg_str = $2;
1377 		free(cfg_parser->cfg->nsid);
1378 		cfg_parser->cfg->nsid = NULL;
1379 		cfg_parser->cfg->nsid_len = 0;
1380 		if (*$2 == 0)
1381 			; /* pass; empty string is not setting nsid */
1382 		else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1383 					$2, &cfg_parser->cfg->nsid_len)))
1384 			yyerror("the NSID must be either a hex string or an "
1385 			    "ascii character string prepended with ascii_.");
1386 	}
1387 	;
1388 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1389 	{
1390 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1391 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1392 			yyerror("buffer size expected");
1393 		free($2);
1394 	}
1395 	;
1396 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1397 	{
1398 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1399 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1400 			yyerror("buffer size expected");
1401 		free($2);
1402 	}
1403 	;
1404 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1405     {
1406         OUTYY(("P(server_so_reuseport:%s)\n", $2));
1407         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1408             yyerror("expected yes or no.");
1409         else cfg_parser->cfg->so_reuseport =
1410             (strcmp($2, "yes")==0);
1411         free($2);
1412     }
1413     ;
1414 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1415     {
1416         OUTYY(("P(server_ip_transparent:%s)\n", $2));
1417         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1418             yyerror("expected yes or no.");
1419         else cfg_parser->cfg->ip_transparent =
1420             (strcmp($2, "yes")==0);
1421         free($2);
1422     }
1423     ;
1424 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1425     {
1426         OUTYY(("P(server_ip_freebind:%s)\n", $2));
1427         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1428             yyerror("expected yes or no.");
1429         else cfg_parser->cfg->ip_freebind =
1430             (strcmp($2, "yes")==0);
1431         free($2);
1432     }
1433     ;
1434 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1435 	{
1436 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1437 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1438 			yyerror("number expected");
1439 		else if (atoi($2) > 63)
1440 			yyerror("value too large (max 63)");
1441 		else if (atoi($2) < 0)
1442 			yyerror("value too small (min 0)");
1443 		else
1444 			cfg_parser->cfg->ip_dscp = atoi($2);
1445 		free($2);
1446 	}
1447 	;
1448 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1449 	{
1450 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1451 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1452 			yyerror("memory size expected");
1453 		free($2);
1454 	}
1455 	;
1456 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1457 	{
1458 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1459 		if(atoi($2) == 0)
1460 			yyerror("number expected");
1461 		else if (atoi($2) < 12)
1462 			yyerror("edns buffer size too small");
1463 		else if (atoi($2) > 65535)
1464 			cfg_parser->cfg->edns_buffer_size = 65535;
1465 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1466 		free($2);
1467 	}
1468 	;
1469 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1470 	{
1471 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1472 		if(atoi($2) == 0)
1473 			yyerror("number expected");
1474 		else if (atoi($2) < 4096)
1475 			yyerror("message buffer size too small (use 4096)");
1476 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1477 		free($2);
1478 	}
1479 	;
1480 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1481 	{
1482 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1483 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1484 			yyerror("memory size expected");
1485 		free($2);
1486 	}
1487 	;
1488 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1489 	{
1490 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1491 		if(atoi($2) == 0)
1492 			yyerror("number expected");
1493 		else {
1494 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1495 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1496 				yyerror("must be a power of 2");
1497 		}
1498 		free($2);
1499 	}
1500 	;
1501 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1502 	{
1503 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1504 		if(atoi($2) == 0)
1505 			yyerror("number expected");
1506 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1507 		free($2);
1508 	}
1509 	;
1510 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1511 	{
1512 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1513 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1514 			yyerror("number expected");
1515 		else cfg_parser->cfg->jostle_time = atoi($2);
1516 		free($2);
1517 	}
1518 	;
1519 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1520 	{
1521 		OUTYY(("P(server_delay_close:%s)\n", $2));
1522 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1523 			yyerror("number expected");
1524 		else cfg_parser->cfg->delay_close = atoi($2);
1525 		free($2);
1526 	}
1527 	;
1528 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1529 	{
1530 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1531 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1532 			yyerror("expected yes or no.");
1533 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1534 		free($2);
1535 	}
1536 	;
1537 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1538 	{
1539 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1540 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1541 			yyerror("expected yes or no.");
1542 		else cfg_parser->cfg->unblock_lan_zones =
1543 			(strcmp($2, "yes")==0);
1544 		free($2);
1545 	}
1546 	;
1547 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1548 	{
1549 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1550 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1551 			yyerror("expected yes or no.");
1552 		else cfg_parser->cfg->insecure_lan_zones =
1553 			(strcmp($2, "yes")==0);
1554 		free($2);
1555 	}
1556 	;
1557 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1558 	{
1559 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1560 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1561 			yyerror("memory size expected");
1562 		free($2);
1563 	}
1564 	;
1565 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1566 	{
1567 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1568 		if(atoi($2) == 0)
1569 			yyerror("number expected");
1570 		else {
1571 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1572 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1573 				yyerror("must be a power of 2");
1574 		}
1575 		free($2);
1576 	}
1577 	;
1578 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1579 	{
1580 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1581 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1582 			yyerror("number expected");
1583 		else cfg_parser->cfg->host_ttl = atoi($2);
1584 		free($2);
1585 	}
1586 	;
1587 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1588 	{
1589 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1590 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1591 			"removed, use infra-host-ttl)", $2);
1592 		free($2);
1593 	}
1594 	;
1595 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1596 	{
1597 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1598 		if(atoi($2) == 0)
1599 			yyerror("number expected");
1600 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1601 		free($2);
1602 	}
1603 	;
1604 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1605 	{
1606 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1607 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1608 			"(option removed, use infra-cache-numhosts)", $2);
1609 		free($2);
1610 	}
1611 	;
1612 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1613 	{
1614 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1615 		if(atoi($2) == 0)
1616 			yyerror("number expected");
1617 		else {
1618 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1619 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1620 				yyerror("must be a power of 2");
1621 		}
1622 		free($2);
1623 	}
1624 	;
1625 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1626 	{
1627 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1628 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1629 			yyerror("number expected");
1630 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1631 		free($2);
1632 	}
1633 	;
1634 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1635 	{
1636 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1637 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1638 			yyerror("expected yes or no.");
1639 		else cfg_parser->cfg->infra_keep_probing =
1640 			(strcmp($2, "yes")==0);
1641 		free($2);
1642 	}
1643 	;
1644 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1645 	{
1646 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1647 		free(cfg_parser->cfg->target_fetch_policy);
1648 		cfg_parser->cfg->target_fetch_policy = $2;
1649 	}
1650 	;
1651 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1652 	{
1653 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1654 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1655 			yyerror("expected yes or no.");
1656 		else cfg_parser->cfg->harden_short_bufsize =
1657 			(strcmp($2, "yes")==0);
1658 		free($2);
1659 	}
1660 	;
1661 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1662 	{
1663 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1664 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1665 			yyerror("expected yes or no.");
1666 		else cfg_parser->cfg->harden_large_queries =
1667 			(strcmp($2, "yes")==0);
1668 		free($2);
1669 	}
1670 	;
1671 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1672 	{
1673 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1674 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1675 			yyerror("expected yes or no.");
1676 		else cfg_parser->cfg->harden_glue =
1677 			(strcmp($2, "yes")==0);
1678 		free($2);
1679 	}
1680 	;
1681 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1682 	{
1683 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1684 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1685 			yyerror("expected yes or no.");
1686 		else cfg_parser->cfg->harden_dnssec_stripped =
1687 			(strcmp($2, "yes")==0);
1688 		free($2);
1689 	}
1690 	;
1691 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1692 	{
1693 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1694 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1695 			yyerror("expected yes or no.");
1696 		else cfg_parser->cfg->harden_below_nxdomain =
1697 			(strcmp($2, "yes")==0);
1698 		free($2);
1699 	}
1700 	;
1701 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1702 	{
1703 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1704 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1705 			yyerror("expected yes or no.");
1706 		else cfg_parser->cfg->harden_referral_path =
1707 			(strcmp($2, "yes")==0);
1708 		free($2);
1709 	}
1710 	;
1711 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1712 	{
1713 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1714 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1715 			yyerror("expected yes or no.");
1716 		else cfg_parser->cfg->harden_algo_downgrade =
1717 			(strcmp($2, "yes")==0);
1718 		free($2);
1719 	}
1720 	;
1721 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1722 	{
1723 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1724 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1725 			yyerror("expected yes or no.");
1726 		else cfg_parser->cfg->use_caps_bits_for_id =
1727 			(strcmp($2, "yes")==0);
1728 		free($2);
1729 	}
1730 	;
1731 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1732 	{
1733 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1734 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1735 			yyerror("out of memory");
1736 	}
1737 	;
1738 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1739 	{
1740 		OUTYY(("P(server_private_address:%s)\n", $2));
1741 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1742 			yyerror("out of memory");
1743 	}
1744 	;
1745 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1746 	{
1747 		OUTYY(("P(server_private_domain:%s)\n", $2));
1748 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1749 			yyerror("out of memory");
1750 	}
1751 	;
1752 server_prefetch: VAR_PREFETCH STRING_ARG
1753 	{
1754 		OUTYY(("P(server_prefetch:%s)\n", $2));
1755 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1756 			yyerror("expected yes or no.");
1757 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1758 		free($2);
1759 	}
1760 	;
1761 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1762 	{
1763 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1764 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1765 			yyerror("expected yes or no.");
1766 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1767 		free($2);
1768 	}
1769 	;
1770 server_deny_any: VAR_DENY_ANY STRING_ARG
1771 	{
1772 		OUTYY(("P(server_deny_any:%s)\n", $2));
1773 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1774 			yyerror("expected yes or no.");
1775 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1776 		free($2);
1777 	}
1778 	;
1779 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1780 	{
1781 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1782 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1783 			yyerror("number expected");
1784 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1785 		free($2);
1786 	}
1787 	;
1788 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1789 	{
1790 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1791 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1792 			yyerror("out of memory");
1793 	}
1794 	;
1795 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1796 	{
1797 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1798 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1799 			yyerror("expected yes or no.");
1800 		else cfg_parser->cfg->donotquery_localhost =
1801 			(strcmp($2, "yes")==0);
1802 		free($2);
1803 	}
1804 	;
1805 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1806 	{
1807 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1808 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1809 			strcmp($3, "deny_non_local")!=0 &&
1810 			strcmp($3, "refuse_non_local")!=0 &&
1811 			strcmp($3, "allow_setrd")!=0 &&
1812 			strcmp($3, "allow")!=0 &&
1813 			strcmp($3, "allow_snoop")!=0) {
1814 			yyerror("expected deny, refuse, deny_non_local, "
1815 				"refuse_non_local, allow, allow_setrd or "
1816 				"allow_snoop in access control action");
1817 			free($2);
1818 			free($3);
1819 		} else {
1820 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1821 				fatal_exit("out of memory adding acl");
1822 		}
1823 	}
1824 	;
1825 server_module_conf: VAR_MODULE_CONF STRING_ARG
1826 	{
1827 		OUTYY(("P(server_module_conf:%s)\n", $2));
1828 		free(cfg_parser->cfg->module_conf);
1829 		cfg_parser->cfg->module_conf = $2;
1830 	}
1831 	;
1832 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1833 	{
1834 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1835 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1836 			cfg_parser->cfg->val_date_override = 0;
1837 		} else if(strlen($2) == 14) {
1838 			cfg_parser->cfg->val_date_override =
1839 				cfg_convert_timeval($2);
1840 			if(!cfg_parser->cfg->val_date_override)
1841 				yyerror("bad date/time specification");
1842 		} else {
1843 			if(atoi($2) == 0)
1844 				yyerror("number expected");
1845 			cfg_parser->cfg->val_date_override = atoi($2);
1846 		}
1847 		free($2);
1848 	}
1849 	;
1850 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1851 	{
1852 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1853 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1854 			cfg_parser->cfg->val_sig_skew_min = 0;
1855 		} else {
1856 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1857 			if(!cfg_parser->cfg->val_sig_skew_min)
1858 				yyerror("number expected");
1859 		}
1860 		free($2);
1861 	}
1862 	;
1863 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1864 	{
1865 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1866 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1867 			cfg_parser->cfg->val_sig_skew_max = 0;
1868 		} else {
1869 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1870 			if(!cfg_parser->cfg->val_sig_skew_max)
1871 				yyerror("number expected");
1872 		}
1873 		free($2);
1874 	}
1875 	;
1876 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1877 	{
1878 		OUTYY(("P(server_val_max_restart:%s)\n", $2));
1879 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1880 			cfg_parser->cfg->val_max_restart = 0;
1881 		} else {
1882 			cfg_parser->cfg->val_max_restart = atoi($2);
1883 			if(!cfg_parser->cfg->val_max_restart)
1884 				yyerror("number expected");
1885 		}
1886 		free($2);
1887 	}
1888 	;
1889 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1890 	{
1891 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1892 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1893 			yyerror("number expected");
1894 		else cfg_parser->cfg->max_ttl = atoi($2);
1895 		free($2);
1896 	}
1897 	;
1898 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1899 	{
1900 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1901 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1902 			yyerror("number expected");
1903 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1904 		free($2);
1905 	}
1906 	;
1907 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1908 	{
1909 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1910 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1911 			yyerror("number expected");
1912 		else cfg_parser->cfg->min_ttl = atoi($2);
1913 		free($2);
1914 	}
1915 	;
1916 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1917 	{
1918 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1919 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1920 			yyerror("number expected");
1921 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1922 		free($2);
1923 	}
1924 	;
1925 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1926 	{
1927 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1928 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1929 			yyerror("expected yes or no.");
1930 		else cfg_parser->cfg->val_clean_additional =
1931 			(strcmp($2, "yes")==0);
1932 		free($2);
1933 	}
1934 	;
1935 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1936 	{
1937 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1938 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1939 			yyerror("expected yes or no.");
1940 		else cfg_parser->cfg->val_permissive_mode =
1941 			(strcmp($2, "yes")==0);
1942 		free($2);
1943 	}
1944 	;
1945 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1946 	{
1947 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1948 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1949 			yyerror("expected yes or no.");
1950 		else
1951 			cfg_parser->cfg->aggressive_nsec =
1952 				(strcmp($2, "yes")==0);
1953 		free($2);
1954 	}
1955 	;
1956 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1957 	{
1958 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1959 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1960 			yyerror("expected yes or no.");
1961 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1962 		free($2);
1963 	}
1964 	;
1965 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1966 	{
1967 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1968 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1969 			yyerror("expected yes or no.");
1970 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1971 		free($2);
1972 	}
1973 	;
1974 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1975 	{
1976 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1977 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1978 			yyerror("number expected");
1979 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1980 		free($2);
1981 	}
1982 	;
1983 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1984 	{
1985 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1986 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1987 			yyerror("expected yes or no.");
1988 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1989 		free($2);
1990 	}
1991 	;
1992 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
1993 	{
1994 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
1995 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1996 			yyerror("number expected");
1997 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
1998 		free($2);
1999 	}
2000 	;
2001 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2002 	{
2003 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2004 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2005 			yyerror("number expected");
2006 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2007 		free($2);
2008 	}
2009 	;
2010 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2011 	{
2012 		OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2013 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2014 			yyerror("expected yes or no.");
2015 		else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2016 		free($2);
2017 	}
2018 	;
2019 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2020 	{
2021 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
2022 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2023 			yyerror("expected yes or no.");
2024 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2025 		else fake_dsa = (strcmp($2, "yes")==0);
2026 		if(fake_dsa)
2027 			log_warn("test option fake_dsa is enabled");
2028 #endif
2029 		free($2);
2030 	}
2031 	;
2032 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2033 	{
2034 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
2035 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2036 			yyerror("expected yes or no.");
2037 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2038 		else fake_sha1 = (strcmp($2, "yes")==0);
2039 		if(fake_sha1)
2040 			log_warn("test option fake_sha1 is enabled");
2041 #endif
2042 		free($2);
2043 	}
2044 	;
2045 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2046 	{
2047 		OUTYY(("P(server_val_log_level:%s)\n", $2));
2048 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2049 			yyerror("number expected");
2050 		else cfg_parser->cfg->val_log_level = atoi($2);
2051 		free($2);
2052 	}
2053 	;
2054 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2055 	{
2056 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2057 		free(cfg_parser->cfg->val_nsec3_key_iterations);
2058 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
2059 	}
2060 	;
2061 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2062 	{
2063 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2064 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2065 			yyerror("expected yes or no.");
2066 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2067 		free($2);
2068 	}
2069 	;
2070 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2071 	{
2072 		OUTYY(("P(server_add_holddown:%s)\n", $2));
2073 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2074 			yyerror("number expected");
2075 		else cfg_parser->cfg->add_holddown = atoi($2);
2076 		free($2);
2077 	}
2078 	;
2079 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2080 	{
2081 		OUTYY(("P(server_del_holddown:%s)\n", $2));
2082 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2083 			yyerror("number expected");
2084 		else cfg_parser->cfg->del_holddown = atoi($2);
2085 		free($2);
2086 	}
2087 	;
2088 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2089 	{
2090 		OUTYY(("P(server_keep_missing:%s)\n", $2));
2091 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2092 			yyerror("number expected");
2093 		else cfg_parser->cfg->keep_missing = atoi($2);
2094 		free($2);
2095 	}
2096 	;
2097 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2098 	{
2099 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2100 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2101 			yyerror("expected yes or no.");
2102 		else cfg_parser->cfg->permit_small_holddown =
2103 			(strcmp($2, "yes")==0);
2104 		free($2);
2105 	}
2106 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2107 	{
2108 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
2109 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2110 			yyerror("memory size expected");
2111 		free($2);
2112 	}
2113 	;
2114 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2115 	{
2116 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2117 		if(atoi($2) == 0)
2118 			yyerror("number expected");
2119 		else {
2120 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2121 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2122 				yyerror("must be a power of 2");
2123 		}
2124 		free($2);
2125 	}
2126 	;
2127 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2128 	{
2129 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2130 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2131 			yyerror("memory size expected");
2132 		free($2);
2133 	}
2134 	;
2135 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2136 	{
2137 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2138 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2139 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2140 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2141 		   && strcmp($3, "typetransparent")!=0
2142 		   && strcmp($3, "always_transparent")!=0
2143 		   && strcmp($3, "always_refuse")!=0
2144 		   && strcmp($3, "always_nxdomain")!=0
2145 		   && strcmp($3, "always_nodata")!=0
2146 		   && strcmp($3, "always_deny")!=0
2147 		   && strcmp($3, "always_null")!=0
2148 		   && strcmp($3, "noview")!=0
2149 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2150 		   && strcmp($3, "inform_redirect") != 0
2151 			 && strcmp($3, "ipset") != 0) {
2152 			yyerror("local-zone type: expected static, deny, "
2153 				"refuse, redirect, transparent, "
2154 				"typetransparent, inform, inform_deny, "
2155 				"inform_redirect, always_transparent, "
2156 				"always_refuse, always_nxdomain, "
2157 				"always_nodata, always_deny, always_null, "
2158 				"noview, nodefault or ipset");
2159 			free($2);
2160 			free($3);
2161 		} else if(strcmp($3, "nodefault")==0) {
2162 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2163 				local_zones_nodefault, $2))
2164 				fatal_exit("out of memory adding local-zone");
2165 			free($3);
2166 #ifdef USE_IPSET
2167 		} else if(strcmp($3, "ipset")==0) {
2168 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2169 				local_zones_ipset, $2))
2170 				fatal_exit("out of memory adding local-zone");
2171 			free($3);
2172 #endif
2173 		} else {
2174 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2175 				$2, $3))
2176 				fatal_exit("out of memory adding local-zone");
2177 		}
2178 	}
2179 	;
2180 server_local_data: VAR_LOCAL_DATA STRING_ARG
2181 	{
2182 		OUTYY(("P(server_local_data:%s)\n", $2));
2183 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2184 			fatal_exit("out of memory adding local-data");
2185 	}
2186 	;
2187 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2188 	{
2189 		char* ptr;
2190 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2191 		ptr = cfg_ptr_reverse($2);
2192 		free($2);
2193 		if(ptr) {
2194 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2195 				local_data, ptr))
2196 				fatal_exit("out of memory adding local-data");
2197 		} else {
2198 			yyerror("local-data-ptr could not be reversed");
2199 		}
2200 	}
2201 	;
2202 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2203 	{
2204 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2205 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2206 			yyerror("expected yes or no.");
2207 		else cfg_parser->cfg->minimal_responses =
2208 			(strcmp($2, "yes")==0);
2209 		free($2);
2210 	}
2211 	;
2212 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2213 	{
2214 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2215 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2216 			yyerror("expected yes or no.");
2217 		else cfg_parser->cfg->rrset_roundrobin =
2218 			(strcmp($2, "yes")==0);
2219 		free($2);
2220 	}
2221 	;
2222 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2223 	{
2224 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2225 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2226 		free($2);
2227 	}
2228 	;
2229 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2230 	{
2231 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2232 		cfg_parser->cfg->max_udp_size = atoi($2);
2233 		free($2);
2234 	}
2235 	;
2236 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2237 	{
2238 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2239 		free(cfg_parser->cfg->dns64_prefix);
2240 		cfg_parser->cfg->dns64_prefix = $2;
2241 	}
2242 	;
2243 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2244 	{
2245 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2246 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2247 			yyerror("expected yes or no.");
2248 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2249 		free($2);
2250 	}
2251 	;
2252 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2253 	{
2254 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2255 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2256 			$2))
2257 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2258 	}
2259 	;
2260 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2261 	{
2262 		char* p, *s = $2;
2263 		OUTYY(("P(server_define_tag:%s)\n", $2));
2264 		while((p=strsep(&s, " \t\n")) != NULL) {
2265 			if(*p) {
2266 				if(!config_add_tag(cfg_parser->cfg, p))
2267 					yyerror("could not define-tag, "
2268 						"out of memory");
2269 			}
2270 		}
2271 		free($2);
2272 	}
2273 	;
2274 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2275 	{
2276 		size_t len = 0;
2277 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2278 			&len);
2279 		free($3);
2280 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2281 		if(!bitlist) {
2282 			yyerror("could not parse tags, (define-tag them first)");
2283 			free($2);
2284 		}
2285 		if(bitlist) {
2286 			if(!cfg_strbytelist_insert(
2287 				&cfg_parser->cfg->local_zone_tags,
2288 				$2, bitlist, len)) {
2289 				yyerror("out of memory");
2290 				free($2);
2291 			}
2292 		}
2293 	}
2294 	;
2295 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2296 	{
2297 		size_t len = 0;
2298 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2299 			&len);
2300 		free($3);
2301 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2302 		if(!bitlist) {
2303 			yyerror("could not parse tags, (define-tag them first)");
2304 			free($2);
2305 		}
2306 		if(bitlist) {
2307 			if(!cfg_strbytelist_insert(
2308 				&cfg_parser->cfg->acl_tags,
2309 				$2, bitlist, len)) {
2310 				yyerror("out of memory");
2311 				free($2);
2312 			}
2313 		}
2314 	}
2315 	;
2316 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2317 	{
2318 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2319 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2320 			$2, $3, $4)) {
2321 			yyerror("out of memory");
2322 			free($2);
2323 			free($3);
2324 			free($4);
2325 		}
2326 	}
2327 	;
2328 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2329 	{
2330 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2331 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2332 			$2, $3, $4)) {
2333 			yyerror("out of memory");
2334 			free($2);
2335 			free($3);
2336 			free($4);
2337 		}
2338 	}
2339 	;
2340 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2341 	{
2342 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2343 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2344 			$2, $3, $4)) {
2345 			yyerror("out of memory");
2346 			free($2);
2347 			free($3);
2348 			free($4);
2349 		}
2350 	}
2351 	;
2352 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2353 	{
2354 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2355 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2356 			$2, $3)) {
2357 			yyerror("out of memory");
2358 		}
2359 	}
2360 	;
2361 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2362 	{
2363 		size_t len = 0;
2364 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2365 			&len);
2366 		free($3);
2367 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2368 		if(!bitlist) {
2369 			yyerror("could not parse tags, (define-tag them first)");
2370 			free($2);
2371 		}
2372 		if(bitlist) {
2373 			if(!cfg_strbytelist_insert(
2374 				&cfg_parser->cfg->respip_tags,
2375 				$2, bitlist, len)) {
2376 				yyerror("out of memory");
2377 				free($2);
2378 			}
2379 		}
2380 	}
2381 	;
2382 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2383 	{
2384 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2385 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2386 			yyerror("number expected");
2387 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2388 		free($2);
2389 	}
2390 	;
2391 
2392 server_ratelimit: VAR_RATELIMIT STRING_ARG
2393 	{
2394 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2395 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2396 			yyerror("number expected");
2397 		else cfg_parser->cfg->ratelimit = atoi($2);
2398 		free($2);
2399 	}
2400 	;
2401 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2402   {
2403   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2404   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2405   		yyerror("memory size expected");
2406   	free($2);
2407   }
2408   ;
2409 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2410 	{
2411 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2412 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2413 			yyerror("memory size expected");
2414 		free($2);
2415 	}
2416 	;
2417 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2418   {
2419   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2420   	if(atoi($2) == 0)
2421   		yyerror("number expected");
2422   	else {
2423   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2424   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2425   			yyerror("must be a power of 2");
2426   	}
2427   	free($2);
2428   }
2429   ;
2430 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2431 	{
2432 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2433 		if(atoi($2) == 0)
2434 			yyerror("number expected");
2435 		else {
2436 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2437 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2438 				yyerror("must be a power of 2");
2439 		}
2440 		free($2);
2441 	}
2442 	;
2443 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2444 	{
2445 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2446 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2447 			yyerror("number expected");
2448 			free($2);
2449 			free($3);
2450 		} else {
2451 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2452 				ratelimit_for_domain, $2, $3))
2453 				fatal_exit("out of memory adding "
2454 					"ratelimit-for-domain");
2455 		}
2456 	}
2457 	;
2458 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2459 	{
2460 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2461 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2462 			yyerror("number expected");
2463 			free($2);
2464 			free($3);
2465 		} else {
2466 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2467 				ratelimit_below_domain, $2, $3))
2468 				fatal_exit("out of memory adding "
2469 					"ratelimit-below-domain");
2470 		}
2471 	}
2472 	;
2473 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2474   {
2475   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2476   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
2477   		yyerror("number expected");
2478   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2479   	free($2);
2480 	}
2481 	;
2482 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2483 	{
2484 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2485 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2486 			yyerror("number expected");
2487 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2488 		free($2);
2489 	}
2490 	;
2491 server_low_rtt: VAR_LOW_RTT STRING_ARG
2492 	{
2493 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2494 		free($2);
2495 	}
2496 	;
2497 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2498 	{
2499 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2500 		if(atoi($2) <= 0)
2501 			yyerror("number expected");
2502 		else cfg_parser->cfg->fast_server_num = atoi($2);
2503 		free($2);
2504 	}
2505 	;
2506 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2507 	{
2508 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2509 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2510 			yyerror("number expected");
2511 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2512 		free($2);
2513 	}
2514 	;
2515 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2516 	{
2517 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2518 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2519 			yyerror("expected yes or no.");
2520 		else cfg_parser->cfg->qname_minimisation =
2521 			(strcmp($2, "yes")==0);
2522 		free($2);
2523 	}
2524 	;
2525 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2526 	{
2527 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2528 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2529 			yyerror("expected yes or no.");
2530 		else cfg_parser->cfg->qname_minimisation_strict =
2531 			(strcmp($2, "yes")==0);
2532 		free($2);
2533 	}
2534 	;
2535 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2536 	{
2537 		OUTYY(("P(server_pad_responses:%s)\n", $2));
2538 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2539 			yyerror("expected yes or no.");
2540 		else cfg_parser->cfg->pad_responses =
2541 			(strcmp($2, "yes")==0);
2542 		free($2);
2543 	}
2544 	;
2545 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2546 	{
2547 		OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2548 		if(atoi($2) == 0)
2549 			yyerror("number expected");
2550 		else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2551 		free($2);
2552 	}
2553 	;
2554 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2555 	{
2556 		OUTYY(("P(server_pad_queries:%s)\n", $2));
2557 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2558 			yyerror("expected yes or no.");
2559 		else cfg_parser->cfg->pad_queries =
2560 			(strcmp($2, "yes")==0);
2561 		free($2);
2562 	}
2563 	;
2564 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2565 	{
2566 		OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2567 		if(atoi($2) == 0)
2568 			yyerror("number expected");
2569 		else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2570 		free($2);
2571 	}
2572 	;
2573 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2574 	{
2575 	#ifdef USE_IPSECMOD
2576 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2577 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2578 			yyerror("expected yes or no.");
2579 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2580 	#else
2581 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2582 	#endif
2583 		free($2);
2584 	}
2585 	;
2586 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2587 	{
2588 	#ifdef USE_IPSECMOD
2589 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2590 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2591 			yyerror("expected yes or no.");
2592 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2593 	#else
2594 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2595 	#endif
2596 		free($2);
2597 	}
2598 	;
2599 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2600 	{
2601 	#ifdef USE_IPSECMOD
2602 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2603 		free(cfg_parser->cfg->ipsecmod_hook);
2604 		cfg_parser->cfg->ipsecmod_hook = $2;
2605 	#else
2606 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2607 		free($2);
2608 	#endif
2609 	}
2610 	;
2611 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2612 	{
2613 	#ifdef USE_IPSECMOD
2614 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2615 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2616 			yyerror("number expected");
2617 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2618 		free($2);
2619 	#else
2620 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2621 		free($2);
2622 	#endif
2623 	}
2624 	;
2625 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2626 	{
2627 	#ifdef USE_IPSECMOD
2628 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2629 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2630 			yyerror("out of memory");
2631 	#else
2632 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2633 		free($2);
2634 	#endif
2635 	}
2636 	;
2637 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2638 	{
2639 	#ifdef USE_IPSECMOD
2640 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2641 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2642 			yyerror("expected yes or no.");
2643 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2644 		free($2);
2645 	#else
2646 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2647 		free($2);
2648 	#endif
2649 	}
2650 	;
2651 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2652 	{
2653 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2654 		if(!cfg_str2list_insert(
2655 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2656 			fatal_exit("out of memory adding "
2657 				"edns-client-string");
2658 	}
2659 	;
2660 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2661 	{
2662 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2663 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2664 			yyerror("option code expected");
2665 		else if(atoi($2) > 65535 || atoi($2) < 0)
2666 			yyerror("option code must be in interval [0, 65535]");
2667 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2668 		free($2);
2669 
2670 	}
2671 	;
2672 stub_name: VAR_NAME STRING_ARG
2673 	{
2674 		OUTYY(("P(name:%s)\n", $2));
2675 		if(cfg_parser->cfg->stubs->name)
2676 			yyerror("stub name override, there must be one name "
2677 				"for one stub-zone");
2678 		free(cfg_parser->cfg->stubs->name);
2679 		cfg_parser->cfg->stubs->name = $2;
2680 	}
2681 	;
2682 stub_host: VAR_STUB_HOST STRING_ARG
2683 	{
2684 		OUTYY(("P(stub-host:%s)\n", $2));
2685 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2686 			yyerror("out of memory");
2687 	}
2688 	;
2689 stub_addr: VAR_STUB_ADDR STRING_ARG
2690 	{
2691 		OUTYY(("P(stub-addr:%s)\n", $2));
2692 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2693 			yyerror("out of memory");
2694 	}
2695 	;
2696 stub_first: VAR_STUB_FIRST STRING_ARG
2697 	{
2698 		OUTYY(("P(stub-first:%s)\n", $2));
2699 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2700 			yyerror("expected yes or no.");
2701 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2702 		free($2);
2703 	}
2704 	;
2705 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2706 	{
2707 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2708 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2709 			yyerror("expected yes or no.");
2710 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2711 		free($2);
2712 	}
2713 	;
2714 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2715 	{
2716 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2717 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2718 			yyerror("expected yes or no.");
2719 		else cfg_parser->cfg->stubs->ssl_upstream =
2720 			(strcmp($2, "yes")==0);
2721 		free($2);
2722 	}
2723 	;
2724 stub_prime: VAR_STUB_PRIME STRING_ARG
2725 	{
2726 		OUTYY(("P(stub-prime:%s)\n", $2));
2727 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2728 			yyerror("expected yes or no.");
2729 		else cfg_parser->cfg->stubs->isprime =
2730 			(strcmp($2, "yes")==0);
2731 		free($2);
2732 	}
2733 	;
2734 forward_name: VAR_NAME STRING_ARG
2735 	{
2736 		OUTYY(("P(name:%s)\n", $2));
2737 		if(cfg_parser->cfg->forwards->name)
2738 			yyerror("forward name override, there must be one "
2739 				"name for one forward-zone");
2740 		free(cfg_parser->cfg->forwards->name);
2741 		cfg_parser->cfg->forwards->name = $2;
2742 	}
2743 	;
2744 forward_host: VAR_FORWARD_HOST STRING_ARG
2745 	{
2746 		OUTYY(("P(forward-host:%s)\n", $2));
2747 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2748 			yyerror("out of memory");
2749 	}
2750 	;
2751 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2752 	{
2753 		OUTYY(("P(forward-addr:%s)\n", $2));
2754 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2755 			yyerror("out of memory");
2756 	}
2757 	;
2758 forward_first: VAR_FORWARD_FIRST STRING_ARG
2759 	{
2760 		OUTYY(("P(forward-first:%s)\n", $2));
2761 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2762 			yyerror("expected yes or no.");
2763 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2764 		free($2);
2765 	}
2766 	;
2767 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2768 	{
2769 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2770 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2771 			yyerror("expected yes or no.");
2772 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2773 		free($2);
2774 	}
2775 	;
2776 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2777 	{
2778 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2779 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2780 			yyerror("expected yes or no.");
2781 		else cfg_parser->cfg->forwards->ssl_upstream =
2782 			(strcmp($2, "yes")==0);
2783 		free($2);
2784 	}
2785 	;
2786 auth_name: VAR_NAME STRING_ARG
2787 	{
2788 		OUTYY(("P(name:%s)\n", $2));
2789 		if(cfg_parser->cfg->auths->name)
2790 			yyerror("auth name override, there must be one name "
2791 				"for one auth-zone");
2792 		free(cfg_parser->cfg->auths->name);
2793 		cfg_parser->cfg->auths->name = $2;
2794 	}
2795 	;
2796 auth_zonefile: VAR_ZONEFILE STRING_ARG
2797 	{
2798 		OUTYY(("P(zonefile:%s)\n", $2));
2799 		free(cfg_parser->cfg->auths->zonefile);
2800 		cfg_parser->cfg->auths->zonefile = $2;
2801 	}
2802 	;
2803 auth_master: VAR_MASTER STRING_ARG
2804 	{
2805 		OUTYY(("P(master:%s)\n", $2));
2806 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2807 			yyerror("out of memory");
2808 	}
2809 	;
2810 auth_url: VAR_URL STRING_ARG
2811 	{
2812 		OUTYY(("P(url:%s)\n", $2));
2813 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2814 			yyerror("out of memory");
2815 	}
2816 	;
2817 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2818 	{
2819 		OUTYY(("P(allow-notify:%s)\n", $2));
2820 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2821 			$2))
2822 			yyerror("out of memory");
2823 	}
2824 	;
2825 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
2826 	{
2827 		OUTYY(("P(zonemd-check:%s)\n", $2));
2828 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2829 			yyerror("expected yes or no.");
2830 		else cfg_parser->cfg->auths->zonemd_check =
2831 			(strcmp($2, "yes")==0);
2832 		free($2);
2833 	}
2834 	;
2835 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
2836 	{
2837 		OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
2838 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2839 			yyerror("expected yes or no.");
2840 		else cfg_parser->cfg->auths->zonemd_reject_absence =
2841 			(strcmp($2, "yes")==0);
2842 		free($2);
2843 	}
2844 	;
2845 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2846 	{
2847 		OUTYY(("P(for-downstream:%s)\n", $2));
2848 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2849 			yyerror("expected yes or no.");
2850 		else cfg_parser->cfg->auths->for_downstream =
2851 			(strcmp($2, "yes")==0);
2852 		free($2);
2853 	}
2854 	;
2855 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2856 	{
2857 		OUTYY(("P(for-upstream:%s)\n", $2));
2858 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2859 			yyerror("expected yes or no.");
2860 		else cfg_parser->cfg->auths->for_upstream =
2861 			(strcmp($2, "yes")==0);
2862 		free($2);
2863 	}
2864 	;
2865 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2866 	{
2867 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2868 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2869 			yyerror("expected yes or no.");
2870 		else cfg_parser->cfg->auths->fallback_enabled =
2871 			(strcmp($2, "yes")==0);
2872 		free($2);
2873 	}
2874 	;
2875 view_name: VAR_NAME STRING_ARG
2876 	{
2877 		OUTYY(("P(name:%s)\n", $2));
2878 		if(cfg_parser->cfg->views->name)
2879 			yyerror("view name override, there must be one "
2880 				"name for one view");
2881 		free(cfg_parser->cfg->views->name);
2882 		cfg_parser->cfg->views->name = $2;
2883 	}
2884 	;
2885 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2886 	{
2887 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2888 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2889 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2890 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2891 		   && strcmp($3, "typetransparent")!=0
2892 		   && strcmp($3, "always_transparent")!=0
2893 		   && strcmp($3, "always_refuse")!=0
2894 		   && strcmp($3, "always_nxdomain")!=0
2895 		   && strcmp($3, "always_nodata")!=0
2896 		   && strcmp($3, "always_deny")!=0
2897 		   && strcmp($3, "always_null")!=0
2898 		   && strcmp($3, "noview")!=0
2899 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2900 		   && strcmp($3, "inform_redirect") != 0
2901 		   && strcmp($3, "ipset") != 0) {
2902 			yyerror("local-zone type: expected static, deny, "
2903 				"refuse, redirect, transparent, "
2904 				"typetransparent, inform, inform_deny, "
2905 				"inform_redirect, always_transparent, "
2906 				"always_refuse, always_nxdomain, "
2907 				"always_nodata, always_deny, always_null, "
2908 				"noview, nodefault or ipset");
2909 			free($2);
2910 			free($3);
2911 		} else if(strcmp($3, "nodefault")==0) {
2912 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2913 				local_zones_nodefault, $2))
2914 				fatal_exit("out of memory adding local-zone");
2915 			free($3);
2916 #ifdef USE_IPSET
2917 		} else if(strcmp($3, "ipset")==0) {
2918 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2919 				local_zones_ipset, $2))
2920 				fatal_exit("out of memory adding local-zone");
2921 			free($3);
2922 #endif
2923 		} else {
2924 			if(!cfg_str2list_insert(
2925 				&cfg_parser->cfg->views->local_zones,
2926 				$2, $3))
2927 				fatal_exit("out of memory adding local-zone");
2928 		}
2929 	}
2930 	;
2931 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2932 	{
2933 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2934 		validate_respip_action($3);
2935 		if(!cfg_str2list_insert(
2936 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2937 			fatal_exit("out of memory adding per-view "
2938 				"response-ip action");
2939 	}
2940 	;
2941 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2942 	{
2943 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2944 		if(!cfg_str2list_insert(
2945 			&cfg_parser->cfg->views->respip_data, $2, $3))
2946 			fatal_exit("out of memory adding response-ip-data");
2947 	}
2948 	;
2949 view_local_data: VAR_LOCAL_DATA STRING_ARG
2950 	{
2951 		OUTYY(("P(view_local_data:%s)\n", $2));
2952 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2953 			fatal_exit("out of memory adding local-data");
2954 		}
2955 	}
2956 	;
2957 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2958 	{
2959 		char* ptr;
2960 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2961 		ptr = cfg_ptr_reverse($2);
2962 		free($2);
2963 		if(ptr) {
2964 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2965 				local_data, ptr))
2966 				fatal_exit("out of memory adding local-data");
2967 		} else {
2968 			yyerror("local-data-ptr could not be reversed");
2969 		}
2970 	}
2971 	;
2972 view_first: VAR_VIEW_FIRST STRING_ARG
2973 	{
2974 		OUTYY(("P(view-first:%s)\n", $2));
2975 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2976 			yyerror("expected yes or no.");
2977 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2978 		free($2);
2979 	}
2980 	;
2981 rcstart: VAR_REMOTE_CONTROL
2982 	{
2983 		OUTYY(("\nP(remote-control:)\n"));
2984 	}
2985 	;
2986 contents_rc: contents_rc content_rc
2987 	| ;
2988 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2989 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2990 	rc_control_cert_file | rc_control_use_cert
2991 	;
2992 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2993 	{
2994 		OUTYY(("P(control_enable:%s)\n", $2));
2995 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2996 			yyerror("expected yes or no.");
2997 		else cfg_parser->cfg->remote_control_enable =
2998 			(strcmp($2, "yes")==0);
2999 		free($2);
3000 	}
3001 	;
3002 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3003 	{
3004 		OUTYY(("P(control_port:%s)\n", $2));
3005 		if(atoi($2) == 0)
3006 			yyerror("control port number expected");
3007 		else cfg_parser->cfg->control_port = atoi($2);
3008 		free($2);
3009 	}
3010 	;
3011 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3012 	{
3013 		OUTYY(("P(control_interface:%s)\n", $2));
3014 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3015 			yyerror("out of memory");
3016 	}
3017 	;
3018 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3019 	{
3020 		OUTYY(("P(control_use_cert:%s)\n", $2));
3021 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3022 		free($2);
3023 	}
3024 	;
3025 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3026 	{
3027 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
3028 		free(cfg_parser->cfg->server_key_file);
3029 		cfg_parser->cfg->server_key_file = $2;
3030 	}
3031 	;
3032 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3033 	{
3034 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3035 		free(cfg_parser->cfg->server_cert_file);
3036 		cfg_parser->cfg->server_cert_file = $2;
3037 	}
3038 	;
3039 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3040 	{
3041 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
3042 		free(cfg_parser->cfg->control_key_file);
3043 		cfg_parser->cfg->control_key_file = $2;
3044 	}
3045 	;
3046 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3047 	{
3048 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3049 		free(cfg_parser->cfg->control_cert_file);
3050 		cfg_parser->cfg->control_cert_file = $2;
3051 	}
3052 	;
3053 dtstart: VAR_DNSTAP
3054 	{
3055 		OUTYY(("\nP(dnstap:)\n"));
3056 	}
3057 	;
3058 contents_dt: contents_dt content_dt
3059 	| ;
3060 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3061 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3062 	dt_dnstap_tls_cert_bundle |
3063 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3064 	dt_dnstap_send_identity | dt_dnstap_send_version |
3065 	dt_dnstap_identity | dt_dnstap_version |
3066 	dt_dnstap_log_resolver_query_messages |
3067 	dt_dnstap_log_resolver_response_messages |
3068 	dt_dnstap_log_client_query_messages |
3069 	dt_dnstap_log_client_response_messages |
3070 	dt_dnstap_log_forwarder_query_messages |
3071 	dt_dnstap_log_forwarder_response_messages
3072 	;
3073 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3074 	{
3075 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3076 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3077 			yyerror("expected yes or no.");
3078 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3079 		free($2);
3080 	}
3081 	;
3082 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3083 	{
3084 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3085 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3086 			yyerror("expected yes or no.");
3087 		else cfg_parser->cfg->dnstap_bidirectional =
3088 			(strcmp($2, "yes")==0);
3089 		free($2);
3090 	}
3091 	;
3092 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3093 	{
3094 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3095 		free(cfg_parser->cfg->dnstap_socket_path);
3096 		cfg_parser->cfg->dnstap_socket_path = $2;
3097 	}
3098 	;
3099 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3100 	{
3101 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3102 		free(cfg_parser->cfg->dnstap_ip);
3103 		cfg_parser->cfg->dnstap_ip = $2;
3104 	}
3105 	;
3106 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3107 	{
3108 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3109 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3110 			yyerror("expected yes or no.");
3111 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3112 		free($2);
3113 	}
3114 	;
3115 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3116 	{
3117 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3118 		free(cfg_parser->cfg->dnstap_tls_server_name);
3119 		cfg_parser->cfg->dnstap_tls_server_name = $2;
3120 	}
3121 	;
3122 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3123 	{
3124 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3125 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3126 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3127 	}
3128 	;
3129 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3130 	{
3131 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3132 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
3133 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3134 	}
3135 	;
3136 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3137 	{
3138 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3139 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3140 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3141 	}
3142 	;
3143 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3144 	{
3145 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3146 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3147 			yyerror("expected yes or no.");
3148 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3149 		free($2);
3150 	}
3151 	;
3152 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3153 	{
3154 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3155 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3156 			yyerror("expected yes or no.");
3157 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3158 		free($2);
3159 	}
3160 	;
3161 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3162 	{
3163 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3164 		free(cfg_parser->cfg->dnstap_identity);
3165 		cfg_parser->cfg->dnstap_identity = $2;
3166 	}
3167 	;
3168 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3169 	{
3170 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3171 		free(cfg_parser->cfg->dnstap_version);
3172 		cfg_parser->cfg->dnstap_version = $2;
3173 	}
3174 	;
3175 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3176 	{
3177 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3178 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3179 			yyerror("expected yes or no.");
3180 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3181 			(strcmp($2, "yes")==0);
3182 		free($2);
3183 	}
3184 	;
3185 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3186 	{
3187 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3188 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3189 			yyerror("expected yes or no.");
3190 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3191 			(strcmp($2, "yes")==0);
3192 		free($2);
3193 	}
3194 	;
3195 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3196 	{
3197 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3198 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3199 			yyerror("expected yes or no.");
3200 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3201 			(strcmp($2, "yes")==0);
3202 		free($2);
3203 	}
3204 	;
3205 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3206 	{
3207 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3208 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3209 			yyerror("expected yes or no.");
3210 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3211 			(strcmp($2, "yes")==0);
3212 		free($2);
3213 	}
3214 	;
3215 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3216 	{
3217 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3218 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3219 			yyerror("expected yes or no.");
3220 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3221 			(strcmp($2, "yes")==0);
3222 		free($2);
3223 	}
3224 	;
3225 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3226 	{
3227 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3228 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3229 			yyerror("expected yes or no.");
3230 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3231 			(strcmp($2, "yes")==0);
3232 		free($2);
3233 	}
3234 	;
3235 pythonstart: VAR_PYTHON
3236 	{
3237 		OUTYY(("\nP(python:)\n"));
3238 	}
3239 	;
3240 contents_py: contents_py content_py
3241 	| ;
3242 content_py: py_script
3243 	;
3244 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3245 	{
3246 		OUTYY(("P(python-script:%s)\n", $2));
3247 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3248 			yyerror("out of memory");
3249 	}
3250 dynlibstart: VAR_DYNLIB
3251 	{
3252 		OUTYY(("\nP(dynlib:)\n"));
3253 	}
3254 	;
3255 contents_dl: contents_dl content_dl
3256 	| ;
3257 content_dl: dl_file
3258 	;
3259 dl_file: VAR_DYNLIB_FILE STRING_ARG
3260 	{
3261 		OUTYY(("P(dynlib-file:%s)\n", $2));
3262 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3263 			yyerror("out of memory");
3264 	}
3265 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3266 	{
3267 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3268 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3269 			yyerror("expected yes or no.");
3270 		else cfg_parser->cfg->disable_dnssec_lame_check =
3271 			(strcmp($2, "yes")==0);
3272 		free($2);
3273 	}
3274 	;
3275 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3276 	{
3277 		OUTYY(("P(server_log_identity:%s)\n", $2));
3278 		free(cfg_parser->cfg->log_identity);
3279 		cfg_parser->cfg->log_identity = $2;
3280 	}
3281 	;
3282 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3283 	{
3284 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3285 		validate_respip_action($3);
3286 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3287 			$2, $3))
3288 			fatal_exit("out of memory adding response-ip");
3289 	}
3290 	;
3291 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3292 	{
3293 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3294 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3295 			$2, $3))
3296 			fatal_exit("out of memory adding response-ip-data");
3297 	}
3298 	;
3299 dnscstart: VAR_DNSCRYPT
3300 	{
3301 		OUTYY(("\nP(dnscrypt:)\n"));
3302 	}
3303 	;
3304 contents_dnsc: contents_dnsc content_dnsc
3305 	| ;
3306 content_dnsc:
3307 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3308 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3309 	dnsc_dnscrypt_provider_cert_rotated |
3310 	dnsc_dnscrypt_shared_secret_cache_size |
3311 	dnsc_dnscrypt_shared_secret_cache_slabs |
3312 	dnsc_dnscrypt_nonce_cache_size |
3313 	dnsc_dnscrypt_nonce_cache_slabs
3314 	;
3315 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3316 	{
3317 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3318 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3319 			yyerror("expected yes or no.");
3320 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3321 		free($2);
3322 	}
3323 	;
3324 
3325 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3326 	{
3327 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3328 		if(atoi($2) == 0)
3329 			yyerror("port number expected");
3330 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3331 		free($2);
3332 	}
3333 	;
3334 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3335 	{
3336 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3337 		free(cfg_parser->cfg->dnscrypt_provider);
3338 		cfg_parser->cfg->dnscrypt_provider = $2;
3339 	}
3340 	;
3341 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3342 	{
3343 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3344 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3345 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3346 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3347 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3348 	}
3349 	;
3350 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3351 	{
3352 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3353 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3354 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3355 	}
3356 	;
3357 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3358 	{
3359 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3360 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3361 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3362 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3363 			fatal_exit("out of memory adding dnscrypt-secret-key");
3364 	}
3365 	;
3366 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3367   {
3368   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3369   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3370   		yyerror("memory size expected");
3371   	free($2);
3372   }
3373   ;
3374 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3375   {
3376   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3377   	if(atoi($2) == 0)
3378   		yyerror("number expected");
3379   	else {
3380   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3381   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3382   			yyerror("must be a power of 2");
3383   	}
3384   	free($2);
3385   }
3386   ;
3387 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3388   {
3389   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3390   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3391   		yyerror("memory size expected");
3392   	free($2);
3393   }
3394   ;
3395 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3396   {
3397   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3398   	if(atoi($2) == 0)
3399   		yyerror("number expected");
3400   	else {
3401   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3402   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3403   			yyerror("must be a power of 2");
3404   	}
3405   	free($2);
3406   }
3407   ;
3408 cachedbstart: VAR_CACHEDB
3409 	{
3410 		OUTYY(("\nP(cachedb:)\n"));
3411 	}
3412 	;
3413 contents_cachedb: contents_cachedb content_cachedb
3414 	| ;
3415 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3416 	redis_server_host | redis_server_port | redis_timeout |
3417 	redis_expire_records
3418 	;
3419 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3420 	{
3421 	#ifdef USE_CACHEDB
3422 		OUTYY(("P(backend:%s)\n", $2));
3423 		free(cfg_parser->cfg->cachedb_backend);
3424 		cfg_parser->cfg->cachedb_backend = $2;
3425 	#else
3426 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3427 		free($2);
3428 	#endif
3429 	}
3430 	;
3431 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3432 	{
3433 	#ifdef USE_CACHEDB
3434 		OUTYY(("P(secret-seed:%s)\n", $2));
3435 		free(cfg_parser->cfg->cachedb_secret);
3436 		cfg_parser->cfg->cachedb_secret = $2;
3437 	#else
3438 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3439 		free($2);
3440 	#endif
3441 	}
3442 	;
3443 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3444 	{
3445 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3446 		OUTYY(("P(redis_server_host:%s)\n", $2));
3447 		free(cfg_parser->cfg->redis_server_host);
3448 		cfg_parser->cfg->redis_server_host = $2;
3449 	#else
3450 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3451 		free($2);
3452 	#endif
3453 	}
3454 	;
3455 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3456 	{
3457 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3458 		int port;
3459 		OUTYY(("P(redis_server_port:%s)\n", $2));
3460 		port = atoi($2);
3461 		if(port == 0 || port < 0 || port > 65535)
3462 			yyerror("valid redis server port number expected");
3463 		else cfg_parser->cfg->redis_server_port = port;
3464 	#else
3465 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3466 	#endif
3467 		free($2);
3468 	}
3469 	;
3470 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3471 	{
3472 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3473 		OUTYY(("P(redis_timeout:%s)\n", $2));
3474 		if(atoi($2) == 0)
3475 			yyerror("redis timeout value expected");
3476 		else cfg_parser->cfg->redis_timeout = atoi($2);
3477 	#else
3478 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3479 	#endif
3480 		free($2);
3481 	}
3482 	;
3483 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3484 	{
3485 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3486 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3487 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3488 			yyerror("expected yes or no.");
3489 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3490 	#else
3491 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3492 	#endif
3493 		free($2);
3494 	}
3495 	;
3496 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3497 	{
3498 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3499 		if (atoi($3) < 0)
3500 			yyerror("positive number expected");
3501 		else {
3502 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3503 				fatal_exit("out of memory adding tcp connection limit");
3504 		}
3505 	}
3506 	;
3507 	ipsetstart: VAR_IPSET
3508 		{
3509 			OUTYY(("\nP(ipset:)\n"));
3510 		}
3511 		;
3512 	contents_ipset: contents_ipset content_ipset
3513 		| ;
3514 	content_ipset: ipset_name_v4 | ipset_name_v6
3515 		;
3516 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3517 		{
3518 		#ifdef USE_IPSET
3519 			OUTYY(("P(name-v4:%s)\n", $2));
3520 			if(cfg_parser->cfg->ipset_name_v4)
3521 				yyerror("ipset name v4 override, there must be one "
3522 					"name for ip v4");
3523 			free(cfg_parser->cfg->ipset_name_v4);
3524 			cfg_parser->cfg->ipset_name_v4 = $2;
3525 		#else
3526 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3527 			free($2);
3528 		#endif
3529 		}
3530 	;
3531 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3532 	{
3533 		#ifdef USE_IPSET
3534 			OUTYY(("P(name-v6:%s)\n", $2));
3535 			if(cfg_parser->cfg->ipset_name_v6)
3536 				yyerror("ipset name v6 override, there must be one "
3537 					"name for ip v6");
3538 			free(cfg_parser->cfg->ipset_name_v6);
3539 			cfg_parser->cfg->ipset_name_v6 = $2;
3540 		#else
3541 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3542 			free($2);
3543 		#endif
3544 		}
3545 	;
3546 %%
3547 
3548 /* parse helper routines could be here */
3549 static void
3550 validate_respip_action(const char* action)
3551 {
3552 	if(strcmp(action, "deny")!=0 &&
3553 		strcmp(action, "redirect")!=0 &&
3554 		strcmp(action, "inform")!=0 &&
3555 		strcmp(action, "inform_deny")!=0 &&
3556 		strcmp(action, "always_transparent")!=0 &&
3557 		strcmp(action, "always_refuse")!=0 &&
3558 		strcmp(action, "always_nxdomain")!=0)
3559 	{
3560 		yyerror("response-ip action: expected deny, redirect, "
3561 			"inform, inform_deny, always_transparent, "
3562 			"always_refuse or always_nxdomain");
3563 	}
3564 }
3565 
3566 
3567