xref: /freebsd/contrib/unbound/util/configparser.y (revision c07d6445eb89d9dd3950361b065b7bd110e3a043)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 static void validate_acl_action(const char* action);
56 
57 /* these need to be global, otherwise they cannot be used inside yacc */
58 extern struct config_parser_state* cfg_parser;
59 
60 #if 0
61 #define OUTYY(s)  printf s /* used ONLY when debugging */
62 #else
63 #define OUTYY(s)
64 #endif
65 
66 %}
67 %union {
68 	char*	str;
69 };
70 
71 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
72 %token <str> STRING_ARG
73 %token VAR_FORCE_TOPLEVEL
74 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
75 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
76 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
77 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
78 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
79 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
80 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
81 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
82 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
83 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
84 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
85 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
86 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
87 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
88 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
89 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
90 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
91 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
92 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
93 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
94 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
95 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
96 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
97 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
98 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
99 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
100 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
101 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
102 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
103 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
104 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
105 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
106 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
107 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
108 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
109 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
110 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
111 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
112 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
113 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
114 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
115 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
116 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
117 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
118 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
119 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
120 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
121 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
122 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
123 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
124 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
125 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
126 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
127 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
128 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
129 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
130 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
131 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
132 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
133 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
134 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
135 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
136 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
137 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
138 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
139 %token VAR_IP_DSCP
140 %token VAR_DISABLE_DNSSEC_LAME_CHECK
141 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
142 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
143 %token VAR_OUTBOUND_MSG_RETRY
144 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
145 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
146 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
147 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
148 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
149 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
150 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
151 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
152 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
153 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
154 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
155 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
156 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
157 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
158 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
159 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
160 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
161 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
162 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
163 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
164 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
165 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
166 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
167 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
168 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
169 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
170 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
171 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
172 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
173 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
174 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
175 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
176 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
177 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
178 %token VAR_CACHEDB_REDISEXPIRERECORDS
179 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
180 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
181 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
182 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
183 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
184 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
185 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
186 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
187 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
188 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
189 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
190 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
191 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
192 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
193 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
194 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
195 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
196 %token VAR_PROXY_PROTOCOL_PORT
197 
198 %%
199 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
200 toplevelvar: serverstart contents_server | stubstart contents_stub |
201 	forwardstart contents_forward | pythonstart contents_py |
202 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
203 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
204 	ipsetstart contents_ipset | authstart contents_auth |
205 	rpzstart contents_rpz | dynlibstart contents_dl |
206 	force_toplevel
207 	;
208 force_toplevel: VAR_FORCE_TOPLEVEL
209 	{
210 		OUTYY(("\nP(force-toplevel)\n"));
211 		cfg_parser->started_toplevel = 0;
212 	}
213 	;
214 /* server: declaration */
215 serverstart: VAR_SERVER
216 	{
217 		OUTYY(("\nP(server:)\n"));
218 		cfg_parser->started_toplevel = 1;
219 	}
220 	;
221 contents_server: contents_server content_server
222 	| ;
223 content_server: server_num_threads | server_verbosity | server_port |
224 	server_outgoing_range | server_do_ip4 |
225 	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
226 	server_do_udp | server_do_tcp |
227 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
228 	server_tcp_keepalive | server_tcp_keepalive_timeout |
229 	server_interface | server_chroot | server_username |
230 	server_directory | server_logfile | server_pidfile |
231 	server_msg_cache_size | server_msg_cache_slabs |
232 	server_num_queries_per_thread | server_rrset_cache_size |
233 	server_rrset_cache_slabs | server_outgoing_num_tcp |
234 	server_infra_host_ttl | server_infra_lame_ttl |
235 	server_infra_cache_slabs | server_infra_cache_numhosts |
236 	server_infra_cache_lame_size | server_target_fetch_policy |
237 	server_harden_short_bufsize | server_harden_large_queries |
238 	server_do_not_query_address | server_hide_identity |
239 	server_hide_version | server_identity | server_version |
240 	server_hide_http_user_agent | server_http_user_agent |
241 	server_harden_glue | server_module_conf | server_trust_anchor_file |
242 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
243 	server_val_clean_additional | server_val_permissive_mode |
244 	server_incoming_num_tcp | server_msg_buffer_size |
245 	server_key_cache_size | server_key_cache_slabs |
246 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
247 	server_use_syslog | server_outgoing_interface | server_root_hints |
248 	server_do_not_query_localhost | server_cache_max_ttl |
249 	server_harden_dnssec_stripped | server_access_control |
250 	server_local_zone | server_local_data | server_interface_automatic |
251 	server_statistics_interval | server_do_daemonize |
252 	server_use_caps_for_id | server_statistics_cumulative |
253 	server_outgoing_port_permit | server_outgoing_port_avoid |
254 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
255 	server_harden_referral_path | server_private_address |
256 	server_private_domain | server_extended_statistics |
257 	server_local_data_ptr | server_jostle_timeout |
258 	server_unwanted_reply_threshold | server_log_time_ascii |
259 	server_domain_insecure | server_val_sig_skew_min |
260 	server_val_sig_skew_max | server_val_max_restart |
261 	server_cache_min_ttl | server_val_log_level |
262 	server_auto_trust_anchor_file |	server_add_holddown |
263 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
264 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
265 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
266 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
267 	server_log_local_actions |
268 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
269 	server_https_port | server_http_endpoint | server_http_max_streams |
270 	server_http_query_buffer_size | server_http_response_buffer_size |
271 	server_http_nodelay | server_http_notls_downstream |
272 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
273 	server_so_reuseport | server_delay_close | server_udp_connect |
274 	server_unblock_lan_zones | server_insecure_lan_zones |
275 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
276 	server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
277 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
278 	server_ip_dscp | server_infra_keep_probing |
279 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
280 	server_ip_ratelimit_size | server_ratelimit_size |
281 	server_ratelimit_for_domain |
282 	server_ratelimit_below_domain | server_ratelimit_factor |
283 	server_ip_ratelimit_factor | server_ratelimit_backoff |
284 	server_ip_ratelimit_backoff | server_outbound_msg_retry |
285 	server_send_client_subnet | server_client_subnet_zone |
286 	server_client_subnet_always_forward | server_client_subnet_opcode |
287 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
288 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
289 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
290 	server_caps_whitelist | server_cache_max_negative_ttl |
291 	server_permit_small_holddown | server_qname_minimisation |
292 	server_ip_freebind | server_define_tag | server_local_zone_tag |
293 	server_disable_dnssec_lame_check | server_access_control_tag |
294 	server_local_zone_override | server_access_control_tag_action |
295 	server_access_control_tag_data | server_access_control_view |
296 	server_interface_action | server_interface_view | server_interface_tag |
297 	server_interface_tag_action | server_interface_tag_data |
298 	server_qname_minimisation_strict |
299 	server_pad_responses | server_pad_responses_block_size |
300 	server_pad_queries | server_pad_queries_block_size |
301 	server_serve_expired |
302 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
303 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
304 	server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
305 	server_log_identity | server_use_systemd |
306 	server_response_ip_tag | server_response_ip | server_response_ip_data |
307 	server_shm_enable | server_shm_key | server_fake_sha1 |
308 	server_hide_trustanchor | server_trust_anchor_signaling |
309 	server_root_key_sentinel |
310 	server_ipsecmod_enabled | server_ipsecmod_hook |
311 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
312 	server_ipsecmod_whitelist | server_ipsecmod_strict |
313 	server_udp_upstream_without_downstream | server_aggressive_nsec |
314 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
315 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
316 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
317 	server_unknown_server_time_limit | server_log_tag_queryreply |
318 	server_stream_wait_size | server_tls_ciphers |
319 	server_tls_ciphersuites | server_tls_session_ticket_keys |
320 	server_tls_use_sni | server_edns_client_string |
321 	server_edns_client_string_opcode | server_nsid |
322 	server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
323 	server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
324 	server_interface_automatic_ports | server_ede |
325 	server_proxy_protocol_port
326 	;
327 stubstart: VAR_STUB_ZONE
328 	{
329 		struct config_stub* s;
330 		OUTYY(("\nP(stub_zone:)\n"));
331 		cfg_parser->started_toplevel = 1;
332 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
333 		if(s) {
334 			s->next = cfg_parser->cfg->stubs;
335 			cfg_parser->cfg->stubs = s;
336 		} else {
337 			yyerror("out of memory");
338 		}
339 	}
340 	;
341 contents_stub: contents_stub content_stub
342 	| ;
343 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
344 	stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
345 	;
346 forwardstart: VAR_FORWARD_ZONE
347 	{
348 		struct config_stub* s;
349 		OUTYY(("\nP(forward_zone:)\n"));
350 		cfg_parser->started_toplevel = 1;
351 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
352 		if(s) {
353 			s->next = cfg_parser->cfg->forwards;
354 			cfg_parser->cfg->forwards = s;
355 		} else {
356 			yyerror("out of memory");
357 		}
358 	}
359 	;
360 contents_forward: contents_forward content_forward
361 	| ;
362 content_forward: forward_name | forward_host | forward_addr | forward_first |
363 	forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
364 	;
365 viewstart: VAR_VIEW
366 	{
367 		struct config_view* s;
368 		OUTYY(("\nP(view:)\n"));
369 		cfg_parser->started_toplevel = 1;
370 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
371 		if(s) {
372 			s->next = cfg_parser->cfg->views;
373 			if(s->next && !s->next->name)
374 				yyerror("view without name");
375 			cfg_parser->cfg->views = s;
376 		} else {
377 			yyerror("out of memory");
378 		}
379 	}
380 	;
381 contents_view: contents_view content_view
382 	| ;
383 content_view: view_name | view_local_zone | view_local_data | view_first |
384 		view_response_ip | view_response_ip_data | view_local_data_ptr
385 	;
386 authstart: VAR_AUTH_ZONE
387 	{
388 		struct config_auth* s;
389 		OUTYY(("\nP(auth_zone:)\n"));
390 		cfg_parser->started_toplevel = 1;
391 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
392 		if(s) {
393 			s->next = cfg_parser->cfg->auths;
394 			cfg_parser->cfg->auths = s;
395 			/* defaults for auth zone */
396 			s->for_downstream = 1;
397 			s->for_upstream = 1;
398 			s->fallback_enabled = 0;
399 			s->zonemd_check = 0;
400 			s->zonemd_reject_absence = 0;
401 			s->isrpz = 0;
402 		} else {
403 			yyerror("out of memory");
404 		}
405 	}
406 	;
407 contents_auth: contents_auth content_auth
408 	| ;
409 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
410 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
411 	auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
412 	;
413 
414 rpz_tag: VAR_TAGS STRING_ARG
415 	{
416 		uint8_t* bitlist;
417 		size_t len = 0;
418 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
419 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
420 			&len);
421 		free($2);
422 		if(!bitlist) {
423 			yyerror("could not parse tags, (define-tag them first)");
424 		}
425 		if(bitlist) {
426 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
427 			cfg_parser->cfg->auths->rpz_taglistlen = len;
428 
429 		}
430 	}
431 	;
432 
433 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
434 	{
435 		OUTYY(("P(rpz_action_override:%s)\n", $2));
436 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
437 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
438 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
439 			yyerror("rpz-action-override action: expected nxdomain, "
440 				"nodata, passthru, drop, cname or disabled");
441 			free($2);
442 			cfg_parser->cfg->auths->rpz_action_override = NULL;
443 		}
444 		else {
445 			cfg_parser->cfg->auths->rpz_action_override = $2;
446 		}
447 	}
448 	;
449 
450 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
451 	{
452 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
453 		free(cfg_parser->cfg->auths->rpz_cname);
454 		cfg_parser->cfg->auths->rpz_cname = $2;
455 	}
456 	;
457 
458 rpz_log: VAR_RPZ_LOG STRING_ARG
459 	{
460 		OUTYY(("P(rpz_log:%s)\n", $2));
461 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
462 			yyerror("expected yes or no.");
463 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
464 		free($2);
465 	}
466 	;
467 
468 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
469 	{
470 		OUTYY(("P(rpz_log_name:%s)\n", $2));
471 		free(cfg_parser->cfg->auths->rpz_log_name);
472 		cfg_parser->cfg->auths->rpz_log_name = $2;
473 	}
474 	;
475 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
476 	{
477 		OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
478 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
479 			yyerror("expected yes or no.");
480 		else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
481 		free($2);
482 	}
483 	;
484 
485 rpzstart: VAR_RPZ
486 	{
487 		struct config_auth* s;
488 		OUTYY(("\nP(rpz:)\n"));
489 		cfg_parser->started_toplevel = 1;
490 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
491 		if(s) {
492 			s->next = cfg_parser->cfg->auths;
493 			cfg_parser->cfg->auths = s;
494 			/* defaults for RPZ auth zone */
495 			s->for_downstream = 0;
496 			s->for_upstream = 0;
497 			s->fallback_enabled = 0;
498 			s->isrpz = 1;
499 		} else {
500 			yyerror("out of memory");
501 		}
502 	}
503 	;
504 contents_rpz: contents_rpz content_rpz
505 	| ;
506 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
507 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
508 	   rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
509 	;
510 server_num_threads: VAR_NUM_THREADS STRING_ARG
511 	{
512 		OUTYY(("P(server_num_threads:%s)\n", $2));
513 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
514 			yyerror("number expected");
515 		else cfg_parser->cfg->num_threads = atoi($2);
516 		free($2);
517 	}
518 	;
519 server_verbosity: VAR_VERBOSITY STRING_ARG
520 	{
521 		OUTYY(("P(server_verbosity:%s)\n", $2));
522 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
523 			yyerror("number expected");
524 		else cfg_parser->cfg->verbosity = atoi($2);
525 		free($2);
526 	}
527 	;
528 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
529 	{
530 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
531 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
532 			cfg_parser->cfg->stat_interval = 0;
533 		else if(atoi($2) == 0)
534 			yyerror("number expected");
535 		else cfg_parser->cfg->stat_interval = atoi($2);
536 		free($2);
537 	}
538 	;
539 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
540 	{
541 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
542 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
543 			yyerror("expected yes or no.");
544 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
545 		free($2);
546 	}
547 	;
548 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
549 	{
550 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
551 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
552 			yyerror("expected yes or no.");
553 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
554 		free($2);
555 	}
556 	;
557 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
558 	{
559 		OUTYY(("P(server_shm_enable:%s)\n", $2));
560 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
561 			yyerror("expected yes or no.");
562 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
563 		free($2);
564 	}
565 	;
566 server_shm_key: VAR_SHM_KEY STRING_ARG
567 	{
568 		OUTYY(("P(server_shm_key:%s)\n", $2));
569 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
570 			cfg_parser->cfg->shm_key = 0;
571 		else if(atoi($2) == 0)
572 			yyerror("number expected");
573 		else cfg_parser->cfg->shm_key = atoi($2);
574 		free($2);
575 	}
576 	;
577 server_port: VAR_PORT STRING_ARG
578 	{
579 		OUTYY(("P(server_port:%s)\n", $2));
580 		if(atoi($2) == 0)
581 			yyerror("port number expected");
582 		else cfg_parser->cfg->port = atoi($2);
583 		free($2);
584 	}
585 	;
586 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
587 	{
588 	#ifdef CLIENT_SUBNET
589 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
590 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
591 			fatal_exit("out of memory adding client-subnet");
592 	#else
593 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
594 		free($2);
595 	#endif
596 	}
597 	;
598 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
599 	{
600 	#ifdef CLIENT_SUBNET
601 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
602 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
603 			$2))
604 			fatal_exit("out of memory adding client-subnet-zone");
605 	#else
606 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
607 		free($2);
608 	#endif
609 	}
610 	;
611 server_client_subnet_always_forward:
612 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
613 	{
614 	#ifdef CLIENT_SUBNET
615 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
616 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
617 			yyerror("expected yes or no.");
618 		else
619 			cfg_parser->cfg->client_subnet_always_forward =
620 				(strcmp($2, "yes")==0);
621 	#else
622 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
623 	#endif
624 		free($2);
625 	}
626 	;
627 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
628 	{
629 	#ifdef CLIENT_SUBNET
630 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
631 		OUTYY(("P(Deprecated option, ignoring)\n"));
632 	#else
633 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
634 	#endif
635 		free($2);
636 	}
637 	;
638 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
639 	{
640 	#ifdef CLIENT_SUBNET
641 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
642 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
643 			yyerror("IPv4 subnet length expected");
644 		else if (atoi($2) > 32)
645 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
646 		else if (atoi($2) < 0)
647 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
648 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
649 	#else
650 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
651 	#endif
652 		free($2);
653 	}
654 	;
655 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
656 	{
657 	#ifdef CLIENT_SUBNET
658 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
659 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
660 			yyerror("Ipv6 subnet length expected");
661 		else if (atoi($2) > 128)
662 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
663 		else if (atoi($2) < 0)
664 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
665 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
666 	#else
667 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
668 	#endif
669 		free($2);
670 	}
671 	;
672 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
673 	{
674 	#ifdef CLIENT_SUBNET
675 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
676 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
677 			yyerror("IPv4 subnet length expected");
678 		else if (atoi($2) > 32)
679 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
680 		else if (atoi($2) < 0)
681 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
682 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
683 	#else
684 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
685 	#endif
686 		free($2);
687 	}
688 	;
689 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
690 	{
691 	#ifdef CLIENT_SUBNET
692 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
693 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
694 			yyerror("Ipv6 subnet length expected");
695 		else if (atoi($2) > 128)
696 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
697 		else if (atoi($2) < 0)
698 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
699 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
700 	#else
701 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
702 	#endif
703 		free($2);
704 	}
705 	;
706 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
707 	{
708 	#ifdef CLIENT_SUBNET
709 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
710 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
711 			yyerror("IPv4 ECS tree size expected");
712 		else if (atoi($2) < 0)
713 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
714 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
715 	#else
716 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
717 	#endif
718 		free($2);
719 	}
720 	;
721 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
722 	{
723 	#ifdef CLIENT_SUBNET
724 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
725 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
726 			yyerror("IPv6 ECS tree size expected");
727 		else if (atoi($2) < 0)
728 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
729 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
730 	#else
731 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
732 	#endif
733 		free($2);
734 	}
735 	;
736 server_interface: VAR_INTERFACE STRING_ARG
737 	{
738 		OUTYY(("P(server_interface:%s)\n", $2));
739 		if(cfg_parser->cfg->num_ifs == 0)
740 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
741 		else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
742 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
743 		if(!cfg_parser->cfg->ifs)
744 			yyerror("out of memory");
745 		else
746 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
747 	}
748 	;
749 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
750 	{
751 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
752 		if(cfg_parser->cfg->num_out_ifs == 0)
753 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
754 		else cfg_parser->cfg->out_ifs = realloc(
755 			cfg_parser->cfg->out_ifs,
756 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
757 		if(!cfg_parser->cfg->out_ifs)
758 			yyerror("out of memory");
759 		else
760 			cfg_parser->cfg->out_ifs[
761 				cfg_parser->cfg->num_out_ifs++] = $2;
762 	}
763 	;
764 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
765 	{
766 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
767 		if(atoi($2) == 0)
768 			yyerror("number expected");
769 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
770 		free($2);
771 	}
772 	;
773 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
774 	{
775 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
776 		if(!cfg_mark_ports($2, 1,
777 			cfg_parser->cfg->outgoing_avail_ports, 65536))
778 			yyerror("port number or range (\"low-high\") expected");
779 		free($2);
780 	}
781 	;
782 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
783 	{
784 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
785 		if(!cfg_mark_ports($2, 0,
786 			cfg_parser->cfg->outgoing_avail_ports, 65536))
787 			yyerror("port number or range (\"low-high\") expected");
788 		free($2);
789 	}
790 	;
791 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
792 	{
793 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
794 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
795 			yyerror("number expected");
796 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
797 		free($2);
798 	}
799 	;
800 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
801 	{
802 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
803 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
804 			yyerror("number expected");
805 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
806 		free($2);
807 	}
808 	;
809 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
810 	{
811 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
812 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
813 			yyerror("expected yes or no.");
814 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
815 		free($2);
816 	}
817 	;
818 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
819 	{
820 		OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
821 		free(cfg_parser->cfg->if_automatic_ports);
822 		cfg_parser->cfg->if_automatic_ports = $2;
823 	}
824 	;
825 server_do_ip4: VAR_DO_IP4 STRING_ARG
826 	{
827 		OUTYY(("P(server_do_ip4:%s)\n", $2));
828 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
829 			yyerror("expected yes or no.");
830 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
831 		free($2);
832 	}
833 	;
834 server_do_ip6: VAR_DO_IP6 STRING_ARG
835 	{
836 		OUTYY(("P(server_do_ip6:%s)\n", $2));
837 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
838 			yyerror("expected yes or no.");
839 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
840 		free($2);
841 	}
842 	;
843 server_do_udp: VAR_DO_UDP STRING_ARG
844 	{
845 		OUTYY(("P(server_do_udp:%s)\n", $2));
846 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
847 			yyerror("expected yes or no.");
848 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
849 		free($2);
850 	}
851 	;
852 server_do_tcp: VAR_DO_TCP STRING_ARG
853 	{
854 		OUTYY(("P(server_do_tcp:%s)\n", $2));
855 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
856 			yyerror("expected yes or no.");
857 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
858 		free($2);
859 	}
860 	;
861 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
862 	{
863 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
864 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
865 			yyerror("expected yes or no.");
866 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
867 		free($2);
868 	}
869 	;
870 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
871 	{
872 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
873 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
874 			yyerror("expected yes or no.");
875 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
876 		free($2);
877 	}
878 	;
879 server_tcp_mss: VAR_TCP_MSS STRING_ARG
880 	{
881 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
882 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
883 				yyerror("number expected");
884 		else cfg_parser->cfg->tcp_mss = atoi($2);
885 		free($2);
886 	}
887 	;
888 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
889 	{
890 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
891 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
892 			yyerror("number expected");
893 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
894 		free($2);
895 	}
896 	;
897 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
898 	{
899 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
900 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
901 			yyerror("number expected");
902 		else if (atoi($2) > 120000)
903 			cfg_parser->cfg->tcp_idle_timeout = 120000;
904 		else if (atoi($2) < 1)
905 			cfg_parser->cfg->tcp_idle_timeout = 1;
906 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
907 		free($2);
908 	}
909 	;
910 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
911 	{
912 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
913 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
914 			yyerror("number expected");
915 		else if (atoi($2) < 1)
916 			cfg_parser->cfg->max_reuse_tcp_queries = 0;
917 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
918 		free($2);
919 	}
920 	;
921 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
922 	{
923 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
924 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
925 			yyerror("number expected");
926 		else if (atoi($2) < 1)
927 			cfg_parser->cfg->tcp_reuse_timeout = 0;
928 		else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
929 		free($2);
930 	}
931 	;
932 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
933 	{
934 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
935 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
936 			yyerror("number expected");
937 		else if (atoi($2) < 1)
938 			cfg_parser->cfg->tcp_auth_query_timeout = 0;
939 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
940 		free($2);
941 	}
942 	;
943 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
944 	{
945 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
946 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
947 			yyerror("expected yes or no.");
948 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
949 		free($2);
950 	}
951 	;
952 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
953 	{
954 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
955 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
956 			yyerror("number expected");
957 		else if (atoi($2) > 6553500)
958 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
959 		else if (atoi($2) < 1)
960 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
961 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
962 		free($2);
963 	}
964 	;
965 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
966 	{
967 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
968 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
969 			yyerror("expected yes or no.");
970 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
971 		free($2);
972 	}
973 	;
974 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
975 	{
976 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
977 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
978 			yyerror("expected yes or no.");
979 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
980 		free($2);
981 	}
982 	;
983 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
984 	{
985 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
986 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
987 			yyerror("expected yes or no.");
988 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
989 		free($2);
990 	}
991 	;
992 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
993 	{
994 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
995 		free(cfg_parser->cfg->ssl_service_key);
996 		cfg_parser->cfg->ssl_service_key = $2;
997 	}
998 	;
999 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1000 	{
1001 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1002 		free(cfg_parser->cfg->ssl_service_pem);
1003 		cfg_parser->cfg->ssl_service_pem = $2;
1004 	}
1005 	;
1006 server_ssl_port: VAR_SSL_PORT STRING_ARG
1007 	{
1008 		OUTYY(("P(server_ssl_port:%s)\n", $2));
1009 		if(atoi($2) == 0)
1010 			yyerror("port number expected");
1011 		else cfg_parser->cfg->ssl_port = atoi($2);
1012 		free($2);
1013 	}
1014 	;
1015 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1016 	{
1017 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1018 		free(cfg_parser->cfg->tls_cert_bundle);
1019 		cfg_parser->cfg->tls_cert_bundle = $2;
1020 	}
1021 	;
1022 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1023 	{
1024 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1025 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1026 			yyerror("expected yes or no.");
1027 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1028 		free($2);
1029 	}
1030 	;
1031 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1032 	{
1033 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1034 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1035 			$2))
1036 			yyerror("out of memory");
1037 	}
1038 	;
1039 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1040 	{
1041 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1042 		free(cfg_parser->cfg->tls_ciphers);
1043 		cfg_parser->cfg->tls_ciphers = $2;
1044 	}
1045 	;
1046 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1047 	{
1048 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1049 		free(cfg_parser->cfg->tls_ciphersuites);
1050 		cfg_parser->cfg->tls_ciphersuites = $2;
1051 	}
1052 	;
1053 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1054 	{
1055 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1056 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1057 			$2))
1058 			yyerror("out of memory");
1059 	}
1060 	;
1061 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1062 	{
1063 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1064 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1065 			yyerror("expected yes or no.");
1066 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1067 		free($2);
1068 	}
1069 	;
1070 server_https_port: VAR_HTTPS_PORT STRING_ARG
1071 	{
1072 		OUTYY(("P(server_https_port:%s)\n", $2));
1073 		if(atoi($2) == 0)
1074 			yyerror("port number expected");
1075 		else cfg_parser->cfg->https_port = atoi($2);
1076 		free($2);
1077 	};
1078 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1079 	{
1080 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
1081 		free(cfg_parser->cfg->http_endpoint);
1082 		if($2 && $2[0] != '/') {
1083 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1084 			if(!cfg_parser->cfg->http_endpoint)
1085 				yyerror("out of memory");
1086 			cfg_parser->cfg->http_endpoint[0] = '/';
1087 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
1088 				strlen($2)+1);
1089 			free($2);
1090 		} else {
1091 			cfg_parser->cfg->http_endpoint = $2;
1092 		}
1093 	};
1094 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1095 	{
1096 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1097 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1098 			yyerror("number expected");
1099 		else cfg_parser->cfg->http_max_streams = atoi($2);
1100 		free($2);
1101 	};
1102 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1103 	{
1104 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1105 		if(!cfg_parse_memsize($2,
1106 			&cfg_parser->cfg->http_query_buffer_size))
1107 			yyerror("memory size expected");
1108 		free($2);
1109 	};
1110 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1111 	{
1112 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1113 		if(!cfg_parse_memsize($2,
1114 			&cfg_parser->cfg->http_response_buffer_size))
1115 			yyerror("memory size expected");
1116 		free($2);
1117 	};
1118 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1119 	{
1120 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1121 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1122 			yyerror("expected yes or no.");
1123 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1124 		free($2);
1125 	}
1126 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1127 	{
1128 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1129 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1130 			yyerror("expected yes or no.");
1131 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1132 		free($2);
1133 	};
1134 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1135 	{
1136 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1137 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1138 			yyerror("expected yes or no.");
1139 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1140 		free($2);
1141 	}
1142 	;
1143 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1144 	{
1145 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1146 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1147 			yyerror("expected yes or no.");
1148 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1149 		free($2);
1150 	}
1151 	;
1152 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1153 	{
1154 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1155 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1156 			yyerror("expected yes or no.");
1157 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1158 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1159 		if(strcmp($2, "yes") == 0)
1160 			yyerror("no syslog services are available. "
1161 				"(reconfigure and compile to add)");
1162 #endif
1163 		free($2);
1164 	}
1165 	;
1166 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1167 	{
1168 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1169 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1170 			yyerror("expected yes or no.");
1171 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1172 		free($2);
1173 	}
1174 	;
1175 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1176 	{
1177 		OUTYY(("P(server_log_queries:%s)\n", $2));
1178 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1179 			yyerror("expected yes or no.");
1180 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1181 		free($2);
1182 	}
1183 	;
1184 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1185 	{
1186 		OUTYY(("P(server_log_replies:%s)\n", $2));
1187 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1188 			yyerror("expected yes or no.");
1189 		else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1190 		free($2);
1191 	}
1192 	;
1193 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1194 	{
1195 		OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1196 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1197 			yyerror("expected yes or no.");
1198 		else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1199 		free($2);
1200 	}
1201 	;
1202 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1203 	{
1204 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1205 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1206 			yyerror("expected yes or no.");
1207 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1208 		free($2);
1209 	}
1210 	;
1211 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1212 	{
1213 		OUTYY(("P(server_log_local_actions:%s)\n", $2));
1214 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1215 			yyerror("expected yes or no.");
1216 		else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1217 		free($2);
1218 	}
1219 	;
1220 server_chroot: VAR_CHROOT STRING_ARG
1221 	{
1222 		OUTYY(("P(server_chroot:%s)\n", $2));
1223 		free(cfg_parser->cfg->chrootdir);
1224 		cfg_parser->cfg->chrootdir = $2;
1225 	}
1226 	;
1227 server_username: VAR_USERNAME STRING_ARG
1228 	{
1229 		OUTYY(("P(server_username:%s)\n", $2));
1230 		free(cfg_parser->cfg->username);
1231 		cfg_parser->cfg->username = $2;
1232 	}
1233 	;
1234 server_directory: VAR_DIRECTORY STRING_ARG
1235 	{
1236 		OUTYY(("P(server_directory:%s)\n", $2));
1237 		free(cfg_parser->cfg->directory);
1238 		cfg_parser->cfg->directory = $2;
1239 		/* change there right away for includes relative to this */
1240 		if($2[0]) {
1241 			char* d;
1242 #ifdef UB_ON_WINDOWS
1243 			w_config_adjust_directory(cfg_parser->cfg);
1244 #endif
1245 			d = cfg_parser->cfg->directory;
1246 			/* adjust directory if we have already chroot,
1247 			 * like, we reread after sighup */
1248 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1249 				strncmp(d, cfg_parser->chroot, strlen(
1250 				cfg_parser->chroot)) == 0)
1251 				d += strlen(cfg_parser->chroot);
1252 			if(d[0]) {
1253 				if(chdir(d))
1254 				log_err("cannot chdir to directory: %s (%s)",
1255 					d, strerror(errno));
1256 			}
1257 		}
1258 	}
1259 	;
1260 server_logfile: VAR_LOGFILE STRING_ARG
1261 	{
1262 		OUTYY(("P(server_logfile:%s)\n", $2));
1263 		free(cfg_parser->cfg->logfile);
1264 		cfg_parser->cfg->logfile = $2;
1265 		cfg_parser->cfg->use_syslog = 0;
1266 	}
1267 	;
1268 server_pidfile: VAR_PIDFILE STRING_ARG
1269 	{
1270 		OUTYY(("P(server_pidfile:%s)\n", $2));
1271 		free(cfg_parser->cfg->pidfile);
1272 		cfg_parser->cfg->pidfile = $2;
1273 	}
1274 	;
1275 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1276 	{
1277 		OUTYY(("P(server_root_hints:%s)\n", $2));
1278 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1279 			yyerror("out of memory");
1280 	}
1281 	;
1282 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1283 	{
1284 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1285 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1286 		free($2);
1287 	}
1288 	;
1289 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1290 	{
1291 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1292 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1293 		free($2);
1294 	}
1295 	;
1296 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1297 	{
1298 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1299 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1300 			auto_trust_anchor_file_list, $2))
1301 			yyerror("out of memory");
1302 	}
1303 	;
1304 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1305 	{
1306 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1307 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1308 			trust_anchor_file_list, $2))
1309 			yyerror("out of memory");
1310 	}
1311 	;
1312 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1313 	{
1314 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1315 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1316 			trusted_keys_file_list, $2))
1317 			yyerror("out of memory");
1318 	}
1319 	;
1320 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1321 	{
1322 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1323 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1324 			yyerror("out of memory");
1325 	}
1326 	;
1327 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1328 	{
1329 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1330 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1331 			yyerror("expected yes or no.");
1332 		else
1333 			cfg_parser->cfg->trust_anchor_signaling =
1334 				(strcmp($2, "yes")==0);
1335 		free($2);
1336 	}
1337 	;
1338 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1339 	{
1340 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1341 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1342 			yyerror("expected yes or no.");
1343 		else
1344 			cfg_parser->cfg->root_key_sentinel =
1345 				(strcmp($2, "yes")==0);
1346 		free($2);
1347 	}
1348 	;
1349 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1350 	{
1351 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1352 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1353 			yyerror("out of memory");
1354 	}
1355 	;
1356 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1357 	{
1358 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1359 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1360 			yyerror("expected yes or no.");
1361 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1362 		free($2);
1363 	}
1364 	;
1365 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1366 	{
1367 		OUTYY(("P(server_hide_version:%s)\n", $2));
1368 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1369 			yyerror("expected yes or no.");
1370 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1371 		free($2);
1372 	}
1373 	;
1374 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1375 	{
1376 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1377 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1378 			yyerror("expected yes or no.");
1379 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1380 		free($2);
1381 	}
1382 	;
1383 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1384 	{
1385 		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1386 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1387 			yyerror("expected yes or no.");
1388 		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1389 		free($2);
1390 	}
1391 	;
1392 server_identity: VAR_IDENTITY STRING_ARG
1393 	{
1394 		OUTYY(("P(server_identity:%s)\n", $2));
1395 		free(cfg_parser->cfg->identity);
1396 		cfg_parser->cfg->identity = $2;
1397 	}
1398 	;
1399 server_version: VAR_VERSION STRING_ARG
1400 	{
1401 		OUTYY(("P(server_version:%s)\n", $2));
1402 		free(cfg_parser->cfg->version);
1403 		cfg_parser->cfg->version = $2;
1404 	}
1405 	;
1406 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1407 	{
1408 		OUTYY(("P(server_http_user_agent:%s)\n", $2));
1409 		free(cfg_parser->cfg->http_user_agent);
1410 		cfg_parser->cfg->http_user_agent = $2;
1411 	}
1412 	;
1413 server_nsid: VAR_NSID STRING_ARG
1414 	{
1415 		OUTYY(("P(server_nsid:%s)\n", $2));
1416 		free(cfg_parser->cfg->nsid_cfg_str);
1417 		cfg_parser->cfg->nsid_cfg_str = $2;
1418 		free(cfg_parser->cfg->nsid);
1419 		cfg_parser->cfg->nsid = NULL;
1420 		cfg_parser->cfg->nsid_len = 0;
1421 		if (*$2 == 0)
1422 			; /* pass; empty string is not setting nsid */
1423 		else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1424 					$2, &cfg_parser->cfg->nsid_len)))
1425 			yyerror("the NSID must be either a hex string or an "
1426 			    "ascii character string prepended with ascii_.");
1427 	}
1428 	;
1429 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1430 	{
1431 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1432 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1433 			yyerror("buffer size expected");
1434 		free($2);
1435 	}
1436 	;
1437 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1438 	{
1439 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1440 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1441 			yyerror("buffer size expected");
1442 		free($2);
1443 	}
1444 	;
1445 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1446 	{
1447 		OUTYY(("P(server_so_reuseport:%s)\n", $2));
1448 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1449 			yyerror("expected yes or no.");
1450 		else cfg_parser->cfg->so_reuseport =
1451 			(strcmp($2, "yes")==0);
1452 		free($2);
1453 	}
1454 	;
1455 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1456 	{
1457 		OUTYY(("P(server_ip_transparent:%s)\n", $2));
1458 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1459 			yyerror("expected yes or no.");
1460 		else cfg_parser->cfg->ip_transparent =
1461 			(strcmp($2, "yes")==0);
1462 		free($2);
1463 	}
1464 	;
1465 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1466 	{
1467 		OUTYY(("P(server_ip_freebind:%s)\n", $2));
1468 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1469 			yyerror("expected yes or no.");
1470 		else cfg_parser->cfg->ip_freebind =
1471 			(strcmp($2, "yes")==0);
1472 		free($2);
1473 	}
1474 	;
1475 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1476 	{
1477 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1478 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1479 			yyerror("number expected");
1480 		else if (atoi($2) > 63)
1481 			yyerror("value too large (max 63)");
1482 		else if (atoi($2) < 0)
1483 			yyerror("value too small (min 0)");
1484 		else
1485 			cfg_parser->cfg->ip_dscp = atoi($2);
1486 		free($2);
1487 	}
1488 	;
1489 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1490 	{
1491 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1492 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1493 			yyerror("memory size expected");
1494 		free($2);
1495 	}
1496 	;
1497 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1498 	{
1499 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1500 		if(atoi($2) == 0)
1501 			yyerror("number expected");
1502 		else if (atoi($2) < 12)
1503 			yyerror("edns buffer size too small");
1504 		else if (atoi($2) > 65535)
1505 			cfg_parser->cfg->edns_buffer_size = 65535;
1506 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1507 		free($2);
1508 	}
1509 	;
1510 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1511 	{
1512 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1513 		if(atoi($2) == 0)
1514 			yyerror("number expected");
1515 		else if (atoi($2) < 4096)
1516 			yyerror("message buffer size too small (use 4096)");
1517 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1518 		free($2);
1519 	}
1520 	;
1521 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1522 	{
1523 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1524 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1525 			yyerror("memory size expected");
1526 		free($2);
1527 	}
1528 	;
1529 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1530 	{
1531 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1532 		if(atoi($2) == 0) {
1533 			yyerror("number expected");
1534 		} else {
1535 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1536 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1537 				yyerror("must be a power of 2");
1538 		}
1539 		free($2);
1540 	}
1541 	;
1542 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1543 	{
1544 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1545 		if(atoi($2) == 0)
1546 			yyerror("number expected");
1547 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1548 		free($2);
1549 	}
1550 	;
1551 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1552 	{
1553 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1554 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1555 			yyerror("number expected");
1556 		else cfg_parser->cfg->jostle_time = atoi($2);
1557 		free($2);
1558 	}
1559 	;
1560 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1561 	{
1562 		OUTYY(("P(server_delay_close:%s)\n", $2));
1563 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1564 			yyerror("number expected");
1565 		else cfg_parser->cfg->delay_close = atoi($2);
1566 		free($2);
1567 	}
1568 	;
1569 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1570 	{
1571 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1572 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1573 			yyerror("expected yes or no.");
1574 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1575 		free($2);
1576 	}
1577 	;
1578 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1579 	{
1580 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1581 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1582 			yyerror("expected yes or no.");
1583 		else cfg_parser->cfg->unblock_lan_zones =
1584 			(strcmp($2, "yes")==0);
1585 		free($2);
1586 	}
1587 	;
1588 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1589 	{
1590 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1591 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1592 			yyerror("expected yes or no.");
1593 		else cfg_parser->cfg->insecure_lan_zones =
1594 			(strcmp($2, "yes")==0);
1595 		free($2);
1596 	}
1597 	;
1598 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1599 	{
1600 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1601 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1602 			yyerror("memory size expected");
1603 		free($2);
1604 	}
1605 	;
1606 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1607 	{
1608 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1609 		if(atoi($2) == 0) {
1610 			yyerror("number expected");
1611 		} else {
1612 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1613 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1614 				yyerror("must be a power of 2");
1615 		}
1616 		free($2);
1617 	}
1618 	;
1619 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1620 	{
1621 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1622 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1623 			yyerror("number expected");
1624 		else cfg_parser->cfg->host_ttl = atoi($2);
1625 		free($2);
1626 	}
1627 	;
1628 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1629 	{
1630 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1631 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1632 			"removed, use infra-host-ttl)", $2);
1633 		free($2);
1634 	}
1635 	;
1636 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1637 	{
1638 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1639 		if(atoi($2) == 0)
1640 			yyerror("number expected");
1641 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1642 		free($2);
1643 	}
1644 	;
1645 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1646 	{
1647 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1648 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1649 			"(option removed, use infra-cache-numhosts)", $2);
1650 		free($2);
1651 	}
1652 	;
1653 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1654 	{
1655 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1656 		if(atoi($2) == 0) {
1657 			yyerror("number expected");
1658 		} else {
1659 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1660 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1661 				yyerror("must be a power of 2");
1662 		}
1663 		free($2);
1664 	}
1665 	;
1666 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1667 	{
1668 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1669 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1670 			yyerror("number expected");
1671 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1672 		free($2);
1673 	}
1674 	;
1675 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1676 	{
1677 		OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1678 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1679 			yyerror("number expected");
1680 		else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1681 		free($2);
1682 	}
1683 	;
1684 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1685 	{
1686 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1687 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1688 			yyerror("expected yes or no.");
1689 		else cfg_parser->cfg->infra_keep_probing =
1690 			(strcmp($2, "yes")==0);
1691 		free($2);
1692 	}
1693 	;
1694 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1695 	{
1696 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1697 		free(cfg_parser->cfg->target_fetch_policy);
1698 		cfg_parser->cfg->target_fetch_policy = $2;
1699 	}
1700 	;
1701 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1702 	{
1703 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1704 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1705 			yyerror("expected yes or no.");
1706 		else cfg_parser->cfg->harden_short_bufsize =
1707 			(strcmp($2, "yes")==0);
1708 		free($2);
1709 	}
1710 	;
1711 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1712 	{
1713 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1714 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1715 			yyerror("expected yes or no.");
1716 		else cfg_parser->cfg->harden_large_queries =
1717 			(strcmp($2, "yes")==0);
1718 		free($2);
1719 	}
1720 	;
1721 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1722 	{
1723 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1724 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1725 			yyerror("expected yes or no.");
1726 		else cfg_parser->cfg->harden_glue =
1727 			(strcmp($2, "yes")==0);
1728 		free($2);
1729 	}
1730 	;
1731 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1732 	{
1733 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1734 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1735 			yyerror("expected yes or no.");
1736 		else cfg_parser->cfg->harden_dnssec_stripped =
1737 			(strcmp($2, "yes")==0);
1738 		free($2);
1739 	}
1740 	;
1741 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1742 	{
1743 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1744 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1745 			yyerror("expected yes or no.");
1746 		else cfg_parser->cfg->harden_below_nxdomain =
1747 			(strcmp($2, "yes")==0);
1748 		free($2);
1749 	}
1750 	;
1751 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1752 	{
1753 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1754 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1755 			yyerror("expected yes or no.");
1756 		else cfg_parser->cfg->harden_referral_path =
1757 			(strcmp($2, "yes")==0);
1758 		free($2);
1759 	}
1760 	;
1761 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1762 	{
1763 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1764 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1765 			yyerror("expected yes or no.");
1766 		else cfg_parser->cfg->harden_algo_downgrade =
1767 			(strcmp($2, "yes")==0);
1768 		free($2);
1769 	}
1770 	;
1771 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1772 	{
1773 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1774 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1775 			yyerror("expected yes or no.");
1776 		else cfg_parser->cfg->use_caps_bits_for_id =
1777 			(strcmp($2, "yes")==0);
1778 		free($2);
1779 	}
1780 	;
1781 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1782 	{
1783 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1784 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1785 			yyerror("out of memory");
1786 	}
1787 	;
1788 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1789 	{
1790 		OUTYY(("P(server_private_address:%s)\n", $2));
1791 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1792 			yyerror("out of memory");
1793 	}
1794 	;
1795 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1796 	{
1797 		OUTYY(("P(server_private_domain:%s)\n", $2));
1798 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1799 			yyerror("out of memory");
1800 	}
1801 	;
1802 server_prefetch: VAR_PREFETCH STRING_ARG
1803 	{
1804 		OUTYY(("P(server_prefetch:%s)\n", $2));
1805 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1806 			yyerror("expected yes or no.");
1807 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1808 		free($2);
1809 	}
1810 	;
1811 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1812 	{
1813 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1814 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1815 			yyerror("expected yes or no.");
1816 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1817 		free($2);
1818 	}
1819 	;
1820 server_deny_any: VAR_DENY_ANY STRING_ARG
1821 	{
1822 		OUTYY(("P(server_deny_any:%s)\n", $2));
1823 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1824 			yyerror("expected yes or no.");
1825 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1826 		free($2);
1827 	}
1828 	;
1829 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1830 	{
1831 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1832 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1833 			yyerror("number expected");
1834 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1835 		free($2);
1836 	}
1837 	;
1838 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1839 	{
1840 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1841 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1842 			yyerror("out of memory");
1843 	}
1844 	;
1845 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1846 	{
1847 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1848 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1849 			yyerror("expected yes or no.");
1850 		else cfg_parser->cfg->donotquery_localhost =
1851 			(strcmp($2, "yes")==0);
1852 		free($2);
1853 	}
1854 	;
1855 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1856 	{
1857 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1858 		validate_acl_action($3);
1859 		if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1860 			fatal_exit("out of memory adding acl");
1861 	}
1862 	;
1863 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
1864 	{
1865 		OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
1866 		validate_acl_action($3);
1867 		if(!cfg_str2list_insert(
1868 			&cfg_parser->cfg->interface_actions, $2, $3))
1869 			fatal_exit("out of memory adding acl");
1870 	}
1871 	;
1872 server_module_conf: VAR_MODULE_CONF STRING_ARG
1873 	{
1874 		OUTYY(("P(server_module_conf:%s)\n", $2));
1875 		free(cfg_parser->cfg->module_conf);
1876 		cfg_parser->cfg->module_conf = $2;
1877 	}
1878 	;
1879 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1880 	{
1881 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1882 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1883 			cfg_parser->cfg->val_date_override = 0;
1884 		} else if(strlen($2) == 14) {
1885 			cfg_parser->cfg->val_date_override =
1886 				cfg_convert_timeval($2);
1887 			if(!cfg_parser->cfg->val_date_override)
1888 				yyerror("bad date/time specification");
1889 		} else {
1890 			if(atoi($2) == 0)
1891 				yyerror("number expected");
1892 			cfg_parser->cfg->val_date_override = atoi($2);
1893 		}
1894 		free($2);
1895 	}
1896 	;
1897 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1898 	{
1899 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1900 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1901 			cfg_parser->cfg->val_sig_skew_min = 0;
1902 		} else {
1903 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1904 			if(!cfg_parser->cfg->val_sig_skew_min)
1905 				yyerror("number expected");
1906 		}
1907 		free($2);
1908 	}
1909 	;
1910 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1911 	{
1912 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1913 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1914 			cfg_parser->cfg->val_sig_skew_max = 0;
1915 		} else {
1916 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1917 			if(!cfg_parser->cfg->val_sig_skew_max)
1918 				yyerror("number expected");
1919 		}
1920 		free($2);
1921 	}
1922 	;
1923 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1924 	{
1925 		OUTYY(("P(server_val_max_restart:%s)\n", $2));
1926 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1927 			cfg_parser->cfg->val_max_restart = 0;
1928 		} else {
1929 			cfg_parser->cfg->val_max_restart = atoi($2);
1930 			if(!cfg_parser->cfg->val_max_restart)
1931 				yyerror("number expected");
1932 		}
1933 		free($2);
1934 	}
1935 	;
1936 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1937 	{
1938 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1939 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1940 			yyerror("number expected");
1941 		else cfg_parser->cfg->max_ttl = atoi($2);
1942 		free($2);
1943 	}
1944 	;
1945 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1946 	{
1947 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1948 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1949 			yyerror("number expected");
1950 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1951 		free($2);
1952 	}
1953 	;
1954 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1955 	{
1956 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1957 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1958 			yyerror("number expected");
1959 		else cfg_parser->cfg->min_ttl = atoi($2);
1960 		free($2);
1961 	}
1962 	;
1963 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1964 	{
1965 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1966 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1967 			yyerror("number expected");
1968 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1969 		free($2);
1970 	}
1971 	;
1972 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1973 	{
1974 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1975 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1976 			yyerror("expected yes or no.");
1977 		else cfg_parser->cfg->val_clean_additional =
1978 			(strcmp($2, "yes")==0);
1979 		free($2);
1980 	}
1981 	;
1982 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1983 	{
1984 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1985 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1986 			yyerror("expected yes or no.");
1987 		else cfg_parser->cfg->val_permissive_mode =
1988 			(strcmp($2, "yes")==0);
1989 		free($2);
1990 	}
1991 	;
1992 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1993 	{
1994 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1995 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1996 			yyerror("expected yes or no.");
1997 		else
1998 			cfg_parser->cfg->aggressive_nsec =
1999 				(strcmp($2, "yes")==0);
2000 		free($2);
2001 	}
2002 	;
2003 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2004 	{
2005 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2006 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2007 			yyerror("expected yes or no.");
2008 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2009 		free($2);
2010 	}
2011 	;
2012 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2013 	{
2014 		OUTYY(("P(server_serve_expired:%s)\n", $2));
2015 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2016 			yyerror("expected yes or no.");
2017 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2018 		free($2);
2019 	}
2020 	;
2021 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2022 	{
2023 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2024 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2025 			yyerror("number expected");
2026 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2027 		free($2);
2028 	}
2029 	;
2030 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2031 	{
2032 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2033 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2034 			yyerror("expected yes or no.");
2035 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2036 		free($2);
2037 	}
2038 	;
2039 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2040 	{
2041 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2042 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2043 			yyerror("number expected");
2044 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2045 		free($2);
2046 	}
2047 	;
2048 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2049 	{
2050 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2051 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2052 			yyerror("number expected");
2053 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2054 		free($2);
2055 	}
2056 	;
2057 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2058 	{
2059 		OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2060 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2061 			yyerror("expected yes or no.");
2062 		else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2063 		free($2);
2064 	}
2065 	;
2066 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2067 	{
2068 		OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2069 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2070 			yyerror("expected yes or no.");
2071 		else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2072 		free($2);
2073 	}
2074 	;
2075 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2076 	{
2077 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
2078 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2079 			yyerror("expected yes or no.");
2080 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2081 		else fake_dsa = (strcmp($2, "yes")==0);
2082 		if(fake_dsa)
2083 			log_warn("test option fake_dsa is enabled");
2084 #endif
2085 		free($2);
2086 	}
2087 	;
2088 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2089 	{
2090 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
2091 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2092 			yyerror("expected yes or no.");
2093 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2094 		else fake_sha1 = (strcmp($2, "yes")==0);
2095 		if(fake_sha1)
2096 			log_warn("test option fake_sha1 is enabled");
2097 #endif
2098 		free($2);
2099 	}
2100 	;
2101 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2102 	{
2103 		OUTYY(("P(server_val_log_level:%s)\n", $2));
2104 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2105 			yyerror("number expected");
2106 		else cfg_parser->cfg->val_log_level = atoi($2);
2107 		free($2);
2108 	}
2109 	;
2110 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2111 	{
2112 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2113 		free(cfg_parser->cfg->val_nsec3_key_iterations);
2114 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
2115 	}
2116 	;
2117 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2118 	{
2119 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2120 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2121 			yyerror("expected yes or no.");
2122 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2123 		free($2);
2124 	}
2125 	;
2126 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2127 	{
2128 		OUTYY(("P(server_add_holddown:%s)\n", $2));
2129 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2130 			yyerror("number expected");
2131 		else cfg_parser->cfg->add_holddown = atoi($2);
2132 		free($2);
2133 	}
2134 	;
2135 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2136 	{
2137 		OUTYY(("P(server_del_holddown:%s)\n", $2));
2138 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2139 			yyerror("number expected");
2140 		else cfg_parser->cfg->del_holddown = atoi($2);
2141 		free($2);
2142 	}
2143 	;
2144 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2145 	{
2146 		OUTYY(("P(server_keep_missing:%s)\n", $2));
2147 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2148 			yyerror("number expected");
2149 		else cfg_parser->cfg->keep_missing = atoi($2);
2150 		free($2);
2151 	}
2152 	;
2153 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2154 	{
2155 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2156 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2157 			yyerror("expected yes or no.");
2158 		else cfg_parser->cfg->permit_small_holddown =
2159 			(strcmp($2, "yes")==0);
2160 		free($2);
2161 	}
2162 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2163 	{
2164 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
2165 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2166 			yyerror("memory size expected");
2167 		free($2);
2168 	}
2169 	;
2170 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2171 	{
2172 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2173 		if(atoi($2) == 0) {
2174 			yyerror("number expected");
2175 		} else {
2176 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2177 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2178 				yyerror("must be a power of 2");
2179 		}
2180 		free($2);
2181 	}
2182 	;
2183 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2184 	{
2185 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2186 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2187 			yyerror("memory size expected");
2188 		free($2);
2189 	}
2190 	;
2191 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2192 	{
2193 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2194 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2195 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2196 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2197 		   && strcmp($3, "typetransparent")!=0
2198 		   && strcmp($3, "always_transparent")!=0
2199 		   && strcmp($3, "always_refuse")!=0
2200 		   && strcmp($3, "always_nxdomain")!=0
2201 		   && strcmp($3, "always_nodata")!=0
2202 		   && strcmp($3, "always_deny")!=0
2203 		   && strcmp($3, "always_null")!=0
2204 		   && strcmp($3, "noview")!=0
2205 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2206 		   && strcmp($3, "inform_redirect") != 0
2207 		   && strcmp($3, "ipset") != 0) {
2208 			yyerror("local-zone type: expected static, deny, "
2209 				"refuse, redirect, transparent, "
2210 				"typetransparent, inform, inform_deny, "
2211 				"inform_redirect, always_transparent, "
2212 				"always_refuse, always_nxdomain, "
2213 				"always_nodata, always_deny, always_null, "
2214 				"noview, nodefault or ipset");
2215 			free($2);
2216 			free($3);
2217 		} else if(strcmp($3, "nodefault")==0) {
2218 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2219 				local_zones_nodefault, $2))
2220 				fatal_exit("out of memory adding local-zone");
2221 			free($3);
2222 #ifdef USE_IPSET
2223 		} else if(strcmp($3, "ipset")==0) {
2224 			size_t len = strlen($2);
2225 			/* Make sure to add the trailing dot.
2226 			 * These are str compared to domain names. */
2227 			if($2[len-1] != '.') {
2228 				if(!($2 = realloc($2, len+2))) {
2229 					fatal_exit("out of memory adding local-zone");
2230 				}
2231 				$2[len] = '.';
2232 				$2[len+1] = 0;
2233 			}
2234 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2235 				local_zones_ipset, $2))
2236 				fatal_exit("out of memory adding local-zone");
2237 			free($3);
2238 #endif
2239 		} else {
2240 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2241 				$2, $3))
2242 				fatal_exit("out of memory adding local-zone");
2243 		}
2244 	}
2245 	;
2246 server_local_data: VAR_LOCAL_DATA STRING_ARG
2247 	{
2248 		OUTYY(("P(server_local_data:%s)\n", $2));
2249 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2250 			fatal_exit("out of memory adding local-data");
2251 	}
2252 	;
2253 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2254 	{
2255 		char* ptr;
2256 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2257 		ptr = cfg_ptr_reverse($2);
2258 		free($2);
2259 		if(ptr) {
2260 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2261 				local_data, ptr))
2262 				fatal_exit("out of memory adding local-data");
2263 		} else {
2264 			yyerror("local-data-ptr could not be reversed");
2265 		}
2266 	}
2267 	;
2268 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2269 	{
2270 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2271 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2272 			yyerror("expected yes or no.");
2273 		else cfg_parser->cfg->minimal_responses =
2274 			(strcmp($2, "yes")==0);
2275 		free($2);
2276 	}
2277 	;
2278 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2279 	{
2280 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2281 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2282 			yyerror("expected yes or no.");
2283 		else cfg_parser->cfg->rrset_roundrobin =
2284 			(strcmp($2, "yes")==0);
2285 		free($2);
2286 	}
2287 	;
2288 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2289 	{
2290 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2291 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2292 		free($2);
2293 	}
2294 	;
2295 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2296 	{
2297 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2298 		cfg_parser->cfg->max_udp_size = atoi($2);
2299 		free($2);
2300 	}
2301 	;
2302 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2303 	{
2304 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2305 		free(cfg_parser->cfg->dns64_prefix);
2306 		cfg_parser->cfg->dns64_prefix = $2;
2307 	}
2308 	;
2309 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2310 	{
2311 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2312 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2313 			yyerror("expected yes or no.");
2314 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2315 		free($2);
2316 	}
2317 	;
2318 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2319 	{
2320 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2321 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2322 			$2))
2323 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2324 	}
2325 	;
2326 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2327 	{
2328 		char* p, *s = $2;
2329 		OUTYY(("P(server_define_tag:%s)\n", $2));
2330 		while((p=strsep(&s, " \t\n")) != NULL) {
2331 			if(*p) {
2332 				if(!config_add_tag(cfg_parser->cfg, p))
2333 					yyerror("could not define-tag, "
2334 						"out of memory");
2335 			}
2336 		}
2337 		free($2);
2338 	}
2339 	;
2340 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2341 	{
2342 		size_t len = 0;
2343 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2344 			&len);
2345 		free($3);
2346 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2347 		if(!bitlist) {
2348 			yyerror("could not parse tags, (define-tag them first)");
2349 			free($2);
2350 		}
2351 		if(bitlist) {
2352 			if(!cfg_strbytelist_insert(
2353 				&cfg_parser->cfg->local_zone_tags,
2354 				$2, bitlist, len)) {
2355 				yyerror("out of memory");
2356 				free($2);
2357 			}
2358 		}
2359 	}
2360 	;
2361 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2362 	{
2363 		size_t len = 0;
2364 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2365 			&len);
2366 		free($3);
2367 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2368 		if(!bitlist) {
2369 			yyerror("could not parse tags, (define-tag them first)");
2370 			free($2);
2371 		}
2372 		if(bitlist) {
2373 			if(!cfg_strbytelist_insert(
2374 				&cfg_parser->cfg->acl_tags,
2375 				$2, bitlist, len)) {
2376 				yyerror("out of memory");
2377 				free($2);
2378 			}
2379 		}
2380 	}
2381 	;
2382 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2383 	{
2384 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2385 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2386 			$2, $3, $4)) {
2387 			yyerror("out of memory");
2388 			free($2);
2389 			free($3);
2390 			free($4);
2391 		}
2392 	}
2393 	;
2394 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2395 	{
2396 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2397 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2398 			$2, $3, $4)) {
2399 			yyerror("out of memory");
2400 			free($2);
2401 			free($3);
2402 			free($4);
2403 		}
2404 	}
2405 	;
2406 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2407 	{
2408 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2409 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2410 			$2, $3, $4)) {
2411 			yyerror("out of memory");
2412 			free($2);
2413 			free($3);
2414 			free($4);
2415 		}
2416 	}
2417 	;
2418 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2419 	{
2420 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2421 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2422 			$2, $3)) {
2423 			yyerror("out of memory");
2424 		}
2425 	}
2426 	;
2427 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2428 	{
2429 		size_t len = 0;
2430 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2431 			&len);
2432 		free($3);
2433 		OUTYY(("P(server_interface_tag:%s)\n", $2));
2434 		if(!bitlist) {
2435 			yyerror("could not parse tags, (define-tag them first)");
2436 			free($2);
2437 		}
2438 		if(bitlist) {
2439 			if(!cfg_strbytelist_insert(
2440 				&cfg_parser->cfg->interface_tags,
2441 				$2, bitlist, len)) {
2442 				yyerror("out of memory");
2443 				free($2);
2444 			}
2445 		}
2446 	}
2447 	;
2448 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2449 	{
2450 		OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2451 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2452 			$2, $3, $4)) {
2453 			yyerror("out of memory");
2454 			free($2);
2455 			free($3);
2456 			free($4);
2457 		}
2458 	}
2459 	;
2460 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2461 	{
2462 		OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2463 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2464 			$2, $3, $4)) {
2465 			yyerror("out of memory");
2466 			free($2);
2467 			free($3);
2468 			free($4);
2469 		}
2470 	}
2471 	;
2472 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2473 	{
2474 		OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2475 		if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2476 			$2, $3)) {
2477 			yyerror("out of memory");
2478 		}
2479 	}
2480 	;
2481 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2482 	{
2483 		size_t len = 0;
2484 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2485 			&len);
2486 		free($3);
2487 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2488 		if(!bitlist) {
2489 			yyerror("could not parse tags, (define-tag them first)");
2490 			free($2);
2491 		}
2492 		if(bitlist) {
2493 			if(!cfg_strbytelist_insert(
2494 				&cfg_parser->cfg->respip_tags,
2495 				$2, bitlist, len)) {
2496 				yyerror("out of memory");
2497 				free($2);
2498 			}
2499 		}
2500 	}
2501 	;
2502 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2503 	{
2504 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2505 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2506 			yyerror("number expected");
2507 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2508 		free($2);
2509 	}
2510 	;
2511 server_ratelimit: VAR_RATELIMIT STRING_ARG
2512 	{
2513 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2514 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2515 			yyerror("number expected");
2516 		else cfg_parser->cfg->ratelimit = atoi($2);
2517 		free($2);
2518 	}
2519 	;
2520 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2521 	{
2522 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2523 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2524 			yyerror("memory size expected");
2525 		free($2);
2526 	}
2527 	;
2528 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2529 	{
2530 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2531 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2532 			yyerror("memory size expected");
2533 		free($2);
2534 	}
2535 	;
2536 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2537 	{
2538 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2539 		if(atoi($2) == 0) {
2540 			yyerror("number expected");
2541 		} else {
2542 			cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2543 			if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2544 				yyerror("must be a power of 2");
2545 		}
2546 		free($2);
2547 	}
2548 	;
2549 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2550 	{
2551 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2552 		if(atoi($2) == 0) {
2553 			yyerror("number expected");
2554 		} else {
2555 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2556 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2557 				yyerror("must be a power of 2");
2558 		}
2559 		free($2);
2560 	}
2561 	;
2562 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2563 	{
2564 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2565 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2566 			yyerror("number expected");
2567 			free($2);
2568 			free($3);
2569 		} else {
2570 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2571 				ratelimit_for_domain, $2, $3))
2572 				fatal_exit("out of memory adding "
2573 					"ratelimit-for-domain");
2574 		}
2575 	}
2576 	;
2577 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2578 	{
2579 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2580 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2581 			yyerror("number expected");
2582 			free($2);
2583 			free($3);
2584 		} else {
2585 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2586 				ratelimit_below_domain, $2, $3))
2587 				fatal_exit("out of memory adding "
2588 					"ratelimit-below-domain");
2589 		}
2590 	}
2591 	;
2592 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2593 	{
2594 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2595 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2596 			yyerror("number expected");
2597 		else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2598 		free($2);
2599 	}
2600 	;
2601 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2602 	{
2603 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2604 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2605 			yyerror("number expected");
2606 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2607 		free($2);
2608 	}
2609 	;
2610 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2611 	{
2612 		OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2613 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2614 			yyerror("expected yes or no.");
2615 		else cfg_parser->cfg->ip_ratelimit_backoff =
2616 			(strcmp($2, "yes")==0);
2617 		free($2);
2618 	}
2619 	;
2620 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2621 	{
2622 		OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2623 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2624 			yyerror("expected yes or no.");
2625 		else cfg_parser->cfg->ratelimit_backoff =
2626 			(strcmp($2, "yes")==0);
2627 		free($2);
2628 	}
2629 	;
2630 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2631 	{
2632 		OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2633 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2634 			yyerror("number expected");
2635 		else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2636 		free($2);
2637 	}
2638 	;
2639 server_low_rtt: VAR_LOW_RTT STRING_ARG
2640 	{
2641 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2642 		free($2);
2643 	}
2644 	;
2645 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2646 	{
2647 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2648 		if(atoi($2) <= 0)
2649 			yyerror("number expected");
2650 		else cfg_parser->cfg->fast_server_num = atoi($2);
2651 		free($2);
2652 	}
2653 	;
2654 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2655 	{
2656 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2657 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2658 			yyerror("number expected");
2659 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2660 		free($2);
2661 	}
2662 	;
2663 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2664 	{
2665 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2666 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2667 			yyerror("expected yes or no.");
2668 		else cfg_parser->cfg->qname_minimisation =
2669 			(strcmp($2, "yes")==0);
2670 		free($2);
2671 	}
2672 	;
2673 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2674 	{
2675 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2676 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2677 			yyerror("expected yes or no.");
2678 		else cfg_parser->cfg->qname_minimisation_strict =
2679 			(strcmp($2, "yes")==0);
2680 		free($2);
2681 	}
2682 	;
2683 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2684 	{
2685 		OUTYY(("P(server_pad_responses:%s)\n", $2));
2686 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2687 			yyerror("expected yes or no.");
2688 		else cfg_parser->cfg->pad_responses =
2689 			(strcmp($2, "yes")==0);
2690 		free($2);
2691 	}
2692 	;
2693 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2694 	{
2695 		OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2696 		if(atoi($2) == 0)
2697 			yyerror("number expected");
2698 		else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2699 		free($2);
2700 	}
2701 	;
2702 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2703 	{
2704 		OUTYY(("P(server_pad_queries:%s)\n", $2));
2705 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2706 			yyerror("expected yes or no.");
2707 		else cfg_parser->cfg->pad_queries =
2708 			(strcmp($2, "yes")==0);
2709 		free($2);
2710 	}
2711 	;
2712 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2713 	{
2714 		OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2715 		if(atoi($2) == 0)
2716 			yyerror("number expected");
2717 		else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2718 		free($2);
2719 	}
2720 	;
2721 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2722 	{
2723 	#ifdef USE_IPSECMOD
2724 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2725 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2726 			yyerror("expected yes or no.");
2727 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2728 	#else
2729 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2730 	#endif
2731 		free($2);
2732 	}
2733 	;
2734 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2735 	{
2736 	#ifdef USE_IPSECMOD
2737 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2738 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2739 			yyerror("expected yes or no.");
2740 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2741 	#else
2742 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2743 	#endif
2744 		free($2);
2745 	}
2746 	;
2747 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2748 	{
2749 	#ifdef USE_IPSECMOD
2750 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2751 		free(cfg_parser->cfg->ipsecmod_hook);
2752 		cfg_parser->cfg->ipsecmod_hook = $2;
2753 	#else
2754 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2755 		free($2);
2756 	#endif
2757 	}
2758 	;
2759 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2760 	{
2761 	#ifdef USE_IPSECMOD
2762 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2763 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2764 			yyerror("number expected");
2765 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2766 		free($2);
2767 	#else
2768 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2769 		free($2);
2770 	#endif
2771 	}
2772 	;
2773 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2774 	{
2775 	#ifdef USE_IPSECMOD
2776 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2777 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2778 			yyerror("out of memory");
2779 	#else
2780 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2781 		free($2);
2782 	#endif
2783 	}
2784 	;
2785 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2786 	{
2787 	#ifdef USE_IPSECMOD
2788 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2789 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2790 			yyerror("expected yes or no.");
2791 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2792 		free($2);
2793 	#else
2794 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2795 		free($2);
2796 	#endif
2797 	}
2798 	;
2799 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2800 	{
2801 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2802 		if(!cfg_str2list_insert(
2803 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2804 			fatal_exit("out of memory adding "
2805 				"edns-client-string");
2806 	}
2807 	;
2808 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2809 	{
2810 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2811 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2812 			yyerror("option code expected");
2813 		else if(atoi($2) > 65535 || atoi($2) < 0)
2814 			yyerror("option code must be in interval [0, 65535]");
2815 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2816 		free($2);
2817 	}
2818 	;
2819 server_ede: VAR_EDE STRING_ARG
2820 	{
2821 		OUTYY(("P(server_ede:%s)\n", $2));
2822 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2823 			yyerror("expected yes or no.");
2824 		else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2825 		free($2);
2826 	}
2827 	;
2828 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
2829 	{
2830 		OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
2831 		if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
2832 			yyerror("out of memory");
2833 	}
2834 	;
2835 stub_name: VAR_NAME STRING_ARG
2836 	{
2837 		OUTYY(("P(name:%s)\n", $2));
2838 		if(cfg_parser->cfg->stubs->name)
2839 			yyerror("stub name override, there must be one name "
2840 				"for one stub-zone");
2841 		free(cfg_parser->cfg->stubs->name);
2842 		cfg_parser->cfg->stubs->name = $2;
2843 	}
2844 	;
2845 stub_host: VAR_STUB_HOST STRING_ARG
2846 	{
2847 		OUTYY(("P(stub-host:%s)\n", $2));
2848 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2849 			yyerror("out of memory");
2850 	}
2851 	;
2852 stub_addr: VAR_STUB_ADDR STRING_ARG
2853 	{
2854 		OUTYY(("P(stub-addr:%s)\n", $2));
2855 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2856 			yyerror("out of memory");
2857 	}
2858 	;
2859 stub_first: VAR_STUB_FIRST STRING_ARG
2860 	{
2861 		OUTYY(("P(stub-first:%s)\n", $2));
2862 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2863 			yyerror("expected yes or no.");
2864 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2865 		free($2);
2866 	}
2867 	;
2868 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2869 	{
2870 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2871 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2872 			yyerror("expected yes or no.");
2873 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2874 		free($2);
2875 	}
2876 	;
2877 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2878 	{
2879 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2880 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2881 			yyerror("expected yes or no.");
2882 		else cfg_parser->cfg->stubs->ssl_upstream =
2883 			(strcmp($2, "yes")==0);
2884 		free($2);
2885 	}
2886 	;
2887 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2888         {
2889                 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2890                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2891                         yyerror("expected yes or no.");
2892                 else cfg_parser->cfg->stubs->tcp_upstream =
2893                         (strcmp($2, "yes")==0);
2894                 free($2);
2895         }
2896         ;
2897 stub_prime: VAR_STUB_PRIME STRING_ARG
2898 	{
2899 		OUTYY(("P(stub-prime:%s)\n", $2));
2900 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2901 			yyerror("expected yes or no.");
2902 		else cfg_parser->cfg->stubs->isprime =
2903 			(strcmp($2, "yes")==0);
2904 		free($2);
2905 	}
2906 	;
2907 forward_name: VAR_NAME STRING_ARG
2908 	{
2909 		OUTYY(("P(name:%s)\n", $2));
2910 		if(cfg_parser->cfg->forwards->name)
2911 			yyerror("forward name override, there must be one "
2912 				"name for one forward-zone");
2913 		free(cfg_parser->cfg->forwards->name);
2914 		cfg_parser->cfg->forwards->name = $2;
2915 	}
2916 	;
2917 forward_host: VAR_FORWARD_HOST STRING_ARG
2918 	{
2919 		OUTYY(("P(forward-host:%s)\n", $2));
2920 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2921 			yyerror("out of memory");
2922 	}
2923 	;
2924 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2925 	{
2926 		OUTYY(("P(forward-addr:%s)\n", $2));
2927 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2928 			yyerror("out of memory");
2929 	}
2930 	;
2931 forward_first: VAR_FORWARD_FIRST STRING_ARG
2932 	{
2933 		OUTYY(("P(forward-first:%s)\n", $2));
2934 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2935 			yyerror("expected yes or no.");
2936 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2937 		free($2);
2938 	}
2939 	;
2940 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2941 	{
2942 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2943 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2944 			yyerror("expected yes or no.");
2945 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2946 		free($2);
2947 	}
2948 	;
2949 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2950 	{
2951 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2952 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2953 			yyerror("expected yes or no.");
2954 		else cfg_parser->cfg->forwards->ssl_upstream =
2955 			(strcmp($2, "yes")==0);
2956 		free($2);
2957 	}
2958 	;
2959 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
2960         {
2961                 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
2962                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2963                         yyerror("expected yes or no.");
2964                 else cfg_parser->cfg->forwards->tcp_upstream =
2965                         (strcmp($2, "yes")==0);
2966                 free($2);
2967         }
2968         ;
2969 auth_name: VAR_NAME STRING_ARG
2970 	{
2971 		OUTYY(("P(name:%s)\n", $2));
2972 		if(cfg_parser->cfg->auths->name)
2973 			yyerror("auth name override, there must be one name "
2974 				"for one auth-zone");
2975 		free(cfg_parser->cfg->auths->name);
2976 		cfg_parser->cfg->auths->name = $2;
2977 	}
2978 	;
2979 auth_zonefile: VAR_ZONEFILE STRING_ARG
2980 	{
2981 		OUTYY(("P(zonefile:%s)\n", $2));
2982 		free(cfg_parser->cfg->auths->zonefile);
2983 		cfg_parser->cfg->auths->zonefile = $2;
2984 	}
2985 	;
2986 auth_master: VAR_MASTER STRING_ARG
2987 	{
2988 		OUTYY(("P(master:%s)\n", $2));
2989 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2990 			yyerror("out of memory");
2991 	}
2992 	;
2993 auth_url: VAR_URL STRING_ARG
2994 	{
2995 		OUTYY(("P(url:%s)\n", $2));
2996 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2997 			yyerror("out of memory");
2998 	}
2999 	;
3000 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3001 	{
3002 		OUTYY(("P(allow-notify:%s)\n", $2));
3003 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3004 			$2))
3005 			yyerror("out of memory");
3006 	}
3007 	;
3008 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3009 	{
3010 		OUTYY(("P(zonemd-check:%s)\n", $2));
3011 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3012 			yyerror("expected yes or no.");
3013 		else cfg_parser->cfg->auths->zonemd_check =
3014 			(strcmp($2, "yes")==0);
3015 		free($2);
3016 	}
3017 	;
3018 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3019 	{
3020 		OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3021 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3022 			yyerror("expected yes or no.");
3023 		else cfg_parser->cfg->auths->zonemd_reject_absence =
3024 			(strcmp($2, "yes")==0);
3025 		free($2);
3026 	}
3027 	;
3028 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3029 	{
3030 		OUTYY(("P(for-downstream:%s)\n", $2));
3031 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3032 			yyerror("expected yes or no.");
3033 		else cfg_parser->cfg->auths->for_downstream =
3034 			(strcmp($2, "yes")==0);
3035 		free($2);
3036 	}
3037 	;
3038 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3039 	{
3040 		OUTYY(("P(for-upstream:%s)\n", $2));
3041 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3042 			yyerror("expected yes or no.");
3043 		else cfg_parser->cfg->auths->for_upstream =
3044 			(strcmp($2, "yes")==0);
3045 		free($2);
3046 	}
3047 	;
3048 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3049 	{
3050 		OUTYY(("P(fallback-enabled:%s)\n", $2));
3051 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3052 			yyerror("expected yes or no.");
3053 		else cfg_parser->cfg->auths->fallback_enabled =
3054 			(strcmp($2, "yes")==0);
3055 		free($2);
3056 	}
3057 	;
3058 view_name: VAR_NAME STRING_ARG
3059 	{
3060 		OUTYY(("P(name:%s)\n", $2));
3061 		if(cfg_parser->cfg->views->name)
3062 			yyerror("view name override, there must be one "
3063 				"name for one view");
3064 		free(cfg_parser->cfg->views->name);
3065 		cfg_parser->cfg->views->name = $2;
3066 	}
3067 	;
3068 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3069 	{
3070 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3071 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3072 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3073 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3074 		   && strcmp($3, "typetransparent")!=0
3075 		   && strcmp($3, "always_transparent")!=0
3076 		   && strcmp($3, "always_refuse")!=0
3077 		   && strcmp($3, "always_nxdomain")!=0
3078 		   && strcmp($3, "always_nodata")!=0
3079 		   && strcmp($3, "always_deny")!=0
3080 		   && strcmp($3, "always_null")!=0
3081 		   && strcmp($3, "noview")!=0
3082 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3083 		   && strcmp($3, "inform_redirect") != 0
3084 		   && strcmp($3, "ipset") != 0) {
3085 			yyerror("local-zone type: expected static, deny, "
3086 				"refuse, redirect, transparent, "
3087 				"typetransparent, inform, inform_deny, "
3088 				"inform_redirect, always_transparent, "
3089 				"always_refuse, always_nxdomain, "
3090 				"always_nodata, always_deny, always_null, "
3091 				"noview, nodefault or ipset");
3092 			free($2);
3093 			free($3);
3094 		} else if(strcmp($3, "nodefault")==0) {
3095 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3096 				local_zones_nodefault, $2))
3097 				fatal_exit("out of memory adding local-zone");
3098 			free($3);
3099 #ifdef USE_IPSET
3100 		} else if(strcmp($3, "ipset")==0) {
3101 			size_t len = strlen($2);
3102 			/* Make sure to add the trailing dot.
3103 			 * These are str compared to domain names. */
3104 			if($2[len-1] != '.') {
3105 				if(!($2 = realloc($2, len+2))) {
3106 					fatal_exit("out of memory adding local-zone");
3107 				}
3108 				$2[len] = '.';
3109 				$2[len+1] = 0;
3110 			}
3111 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3112 				local_zones_ipset, $2))
3113 				fatal_exit("out of memory adding local-zone");
3114 			free($3);
3115 #endif
3116 		} else {
3117 			if(!cfg_str2list_insert(
3118 				&cfg_parser->cfg->views->local_zones,
3119 				$2, $3))
3120 				fatal_exit("out of memory adding local-zone");
3121 		}
3122 	}
3123 	;
3124 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3125 	{
3126 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3127 		validate_respip_action($3);
3128 		if(!cfg_str2list_insert(
3129 			&cfg_parser->cfg->views->respip_actions, $2, $3))
3130 			fatal_exit("out of memory adding per-view "
3131 				"response-ip action");
3132 	}
3133 	;
3134 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3135 	{
3136 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
3137 		if(!cfg_str2list_insert(
3138 			&cfg_parser->cfg->views->respip_data, $2, $3))
3139 			fatal_exit("out of memory adding response-ip-data");
3140 	}
3141 	;
3142 view_local_data: VAR_LOCAL_DATA STRING_ARG
3143 	{
3144 		OUTYY(("P(view_local_data:%s)\n", $2));
3145 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3146 			fatal_exit("out of memory adding local-data");
3147 		}
3148 	}
3149 	;
3150 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3151 	{
3152 		char* ptr;
3153 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3154 		ptr = cfg_ptr_reverse($2);
3155 		free($2);
3156 		if(ptr) {
3157 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3158 				local_data, ptr))
3159 				fatal_exit("out of memory adding local-data");
3160 		} else {
3161 			yyerror("local-data-ptr could not be reversed");
3162 		}
3163 	}
3164 	;
3165 view_first: VAR_VIEW_FIRST STRING_ARG
3166 	{
3167 		OUTYY(("P(view-first:%s)\n", $2));
3168 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3169 			yyerror("expected yes or no.");
3170 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3171 		free($2);
3172 	}
3173 	;
3174 rcstart: VAR_REMOTE_CONTROL
3175 	{
3176 		OUTYY(("\nP(remote-control:)\n"));
3177 		cfg_parser->started_toplevel = 1;
3178 	}
3179 	;
3180 contents_rc: contents_rc content_rc
3181 	| ;
3182 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3183 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3184 	rc_control_cert_file | rc_control_use_cert
3185 	;
3186 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3187 	{
3188 		OUTYY(("P(control_enable:%s)\n", $2));
3189 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3190 			yyerror("expected yes or no.");
3191 		else cfg_parser->cfg->remote_control_enable =
3192 			(strcmp($2, "yes")==0);
3193 		free($2);
3194 	}
3195 	;
3196 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3197 	{
3198 		OUTYY(("P(control_port:%s)\n", $2));
3199 		if(atoi($2) == 0)
3200 			yyerror("control port number expected");
3201 		else cfg_parser->cfg->control_port = atoi($2);
3202 		free($2);
3203 	}
3204 	;
3205 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3206 	{
3207 		OUTYY(("P(control_interface:%s)\n", $2));
3208 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3209 			yyerror("out of memory");
3210 	}
3211 	;
3212 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3213 	{
3214 		OUTYY(("P(control_use_cert:%s)\n", $2));
3215 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3216 		free($2);
3217 	}
3218 	;
3219 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3220 	{
3221 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
3222 		free(cfg_parser->cfg->server_key_file);
3223 		cfg_parser->cfg->server_key_file = $2;
3224 	}
3225 	;
3226 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3227 	{
3228 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3229 		free(cfg_parser->cfg->server_cert_file);
3230 		cfg_parser->cfg->server_cert_file = $2;
3231 	}
3232 	;
3233 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3234 	{
3235 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
3236 		free(cfg_parser->cfg->control_key_file);
3237 		cfg_parser->cfg->control_key_file = $2;
3238 	}
3239 	;
3240 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3241 	{
3242 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3243 		free(cfg_parser->cfg->control_cert_file);
3244 		cfg_parser->cfg->control_cert_file = $2;
3245 	}
3246 	;
3247 dtstart: VAR_DNSTAP
3248 	{
3249 		OUTYY(("\nP(dnstap:)\n"));
3250 		cfg_parser->started_toplevel = 1;
3251 	}
3252 	;
3253 contents_dt: contents_dt content_dt
3254 	| ;
3255 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3256 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3257 	dt_dnstap_tls_cert_bundle |
3258 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3259 	dt_dnstap_send_identity | dt_dnstap_send_version |
3260 	dt_dnstap_identity | dt_dnstap_version |
3261 	dt_dnstap_log_resolver_query_messages |
3262 	dt_dnstap_log_resolver_response_messages |
3263 	dt_dnstap_log_client_query_messages |
3264 	dt_dnstap_log_client_response_messages |
3265 	dt_dnstap_log_forwarder_query_messages |
3266 	dt_dnstap_log_forwarder_response_messages
3267 	;
3268 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3269 	{
3270 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3271 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3272 			yyerror("expected yes or no.");
3273 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3274 		free($2);
3275 	}
3276 	;
3277 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3278 	{
3279 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3280 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3281 			yyerror("expected yes or no.");
3282 		else cfg_parser->cfg->dnstap_bidirectional =
3283 			(strcmp($2, "yes")==0);
3284 		free($2);
3285 	}
3286 	;
3287 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3288 	{
3289 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3290 		free(cfg_parser->cfg->dnstap_socket_path);
3291 		cfg_parser->cfg->dnstap_socket_path = $2;
3292 	}
3293 	;
3294 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3295 	{
3296 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3297 		free(cfg_parser->cfg->dnstap_ip);
3298 		cfg_parser->cfg->dnstap_ip = $2;
3299 	}
3300 	;
3301 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3302 	{
3303 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3304 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3305 			yyerror("expected yes or no.");
3306 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3307 		free($2);
3308 	}
3309 	;
3310 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3311 	{
3312 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3313 		free(cfg_parser->cfg->dnstap_tls_server_name);
3314 		cfg_parser->cfg->dnstap_tls_server_name = $2;
3315 	}
3316 	;
3317 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3318 	{
3319 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3320 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3321 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3322 	}
3323 	;
3324 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3325 	{
3326 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3327 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
3328 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3329 	}
3330 	;
3331 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3332 	{
3333 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3334 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3335 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3336 	}
3337 	;
3338 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3339 	{
3340 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3341 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3342 			yyerror("expected yes or no.");
3343 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3344 		free($2);
3345 	}
3346 	;
3347 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3348 	{
3349 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3350 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3351 			yyerror("expected yes or no.");
3352 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3353 		free($2);
3354 	}
3355 	;
3356 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3357 	{
3358 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3359 		free(cfg_parser->cfg->dnstap_identity);
3360 		cfg_parser->cfg->dnstap_identity = $2;
3361 	}
3362 	;
3363 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3364 	{
3365 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3366 		free(cfg_parser->cfg->dnstap_version);
3367 		cfg_parser->cfg->dnstap_version = $2;
3368 	}
3369 	;
3370 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3371 	{
3372 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3373 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3374 			yyerror("expected yes or no.");
3375 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3376 			(strcmp($2, "yes")==0);
3377 		free($2);
3378 	}
3379 	;
3380 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3381 	{
3382 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3383 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3384 			yyerror("expected yes or no.");
3385 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3386 			(strcmp($2, "yes")==0);
3387 		free($2);
3388 	}
3389 	;
3390 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3391 	{
3392 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3393 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3394 			yyerror("expected yes or no.");
3395 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3396 			(strcmp($2, "yes")==0);
3397 		free($2);
3398 	}
3399 	;
3400 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3401 	{
3402 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3403 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3404 			yyerror("expected yes or no.");
3405 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3406 			(strcmp($2, "yes")==0);
3407 		free($2);
3408 	}
3409 	;
3410 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3411 	{
3412 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3413 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3414 			yyerror("expected yes or no.");
3415 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3416 			(strcmp($2, "yes")==0);
3417 		free($2);
3418 	}
3419 	;
3420 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3421 	{
3422 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3423 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3424 			yyerror("expected yes or no.");
3425 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3426 			(strcmp($2, "yes")==0);
3427 		free($2);
3428 	}
3429 	;
3430 pythonstart: VAR_PYTHON
3431 	{
3432 		OUTYY(("\nP(python:)\n"));
3433 		cfg_parser->started_toplevel = 1;
3434 	}
3435 	;
3436 contents_py: contents_py content_py
3437 	| ;
3438 content_py: py_script
3439 	;
3440 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3441 	{
3442 		OUTYY(("P(python-script:%s)\n", $2));
3443 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3444 			yyerror("out of memory");
3445 	}
3446 dynlibstart: VAR_DYNLIB
3447 	{
3448 		OUTYY(("\nP(dynlib:)\n"));
3449 		cfg_parser->started_toplevel = 1;
3450 	}
3451 	;
3452 contents_dl: contents_dl content_dl
3453 	| ;
3454 content_dl: dl_file
3455 	;
3456 dl_file: VAR_DYNLIB_FILE STRING_ARG
3457 	{
3458 		OUTYY(("P(dynlib-file:%s)\n", $2));
3459 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3460 			yyerror("out of memory");
3461 	}
3462 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3463 	{
3464 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3465 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3466 			yyerror("expected yes or no.");
3467 		else cfg_parser->cfg->disable_dnssec_lame_check =
3468 			(strcmp($2, "yes")==0);
3469 		free($2);
3470 	}
3471 	;
3472 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3473 	{
3474 		OUTYY(("P(server_log_identity:%s)\n", $2));
3475 		free(cfg_parser->cfg->log_identity);
3476 		cfg_parser->cfg->log_identity = $2;
3477 	}
3478 	;
3479 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3480 	{
3481 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3482 		validate_respip_action($3);
3483 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3484 			$2, $3))
3485 			fatal_exit("out of memory adding response-ip");
3486 	}
3487 	;
3488 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3489 	{
3490 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3491 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3492 			$2, $3))
3493 			fatal_exit("out of memory adding response-ip-data");
3494 	}
3495 	;
3496 dnscstart: VAR_DNSCRYPT
3497 	{
3498 		OUTYY(("\nP(dnscrypt:)\n"));
3499 		cfg_parser->started_toplevel = 1;
3500 	}
3501 	;
3502 contents_dnsc: contents_dnsc content_dnsc
3503 	| ;
3504 content_dnsc:
3505 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3506 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3507 	dnsc_dnscrypt_provider_cert_rotated |
3508 	dnsc_dnscrypt_shared_secret_cache_size |
3509 	dnsc_dnscrypt_shared_secret_cache_slabs |
3510 	dnsc_dnscrypt_nonce_cache_size |
3511 	dnsc_dnscrypt_nonce_cache_slabs
3512 	;
3513 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3514 	{
3515 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3516 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3517 			yyerror("expected yes or no.");
3518 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3519 		free($2);
3520 	}
3521 	;
3522 
3523 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3524 	{
3525 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3526 		if(atoi($2) == 0)
3527 			yyerror("port number expected");
3528 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3529 		free($2);
3530 	}
3531 	;
3532 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3533 	{
3534 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3535 		free(cfg_parser->cfg->dnscrypt_provider);
3536 		cfg_parser->cfg->dnscrypt_provider = $2;
3537 	}
3538 	;
3539 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3540 	{
3541 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3542 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3543 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3544 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3545 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3546 	}
3547 	;
3548 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3549 	{
3550 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3551 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3552 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3553 	}
3554 	;
3555 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3556 	{
3557 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3558 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3559 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3560 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3561 			fatal_exit("out of memory adding dnscrypt-secret-key");
3562 	}
3563 	;
3564 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3565   {
3566 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3567 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3568 		yyerror("memory size expected");
3569 	free($2);
3570   }
3571   ;
3572 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3573   {
3574 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3575 	if(atoi($2) == 0) {
3576 		yyerror("number expected");
3577 	} else {
3578 		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3579 		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3580 			yyerror("must be a power of 2");
3581 	}
3582 	free($2);
3583   }
3584   ;
3585 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3586   {
3587 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3588 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3589 		yyerror("memory size expected");
3590 	free($2);
3591   }
3592   ;
3593 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3594   {
3595 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3596 	if(atoi($2) == 0) {
3597 		yyerror("number expected");
3598 	} else {
3599 		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3600 		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3601 			yyerror("must be a power of 2");
3602 	}
3603 	free($2);
3604   }
3605   ;
3606 cachedbstart: VAR_CACHEDB
3607 	{
3608 		OUTYY(("\nP(cachedb:)\n"));
3609 		cfg_parser->started_toplevel = 1;
3610 	}
3611 	;
3612 contents_cachedb: contents_cachedb content_cachedb
3613 	| ;
3614 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3615 	redis_server_host | redis_server_port | redis_timeout |
3616 	redis_expire_records
3617 	;
3618 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3619 	{
3620 	#ifdef USE_CACHEDB
3621 		OUTYY(("P(backend:%s)\n", $2));
3622 		free(cfg_parser->cfg->cachedb_backend);
3623 		cfg_parser->cfg->cachedb_backend = $2;
3624 	#else
3625 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3626 		free($2);
3627 	#endif
3628 	}
3629 	;
3630 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3631 	{
3632 	#ifdef USE_CACHEDB
3633 		OUTYY(("P(secret-seed:%s)\n", $2));
3634 		free(cfg_parser->cfg->cachedb_secret);
3635 		cfg_parser->cfg->cachedb_secret = $2;
3636 	#else
3637 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3638 		free($2);
3639 	#endif
3640 	}
3641 	;
3642 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3643 	{
3644 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3645 		OUTYY(("P(redis_server_host:%s)\n", $2));
3646 		free(cfg_parser->cfg->redis_server_host);
3647 		cfg_parser->cfg->redis_server_host = $2;
3648 	#else
3649 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3650 		free($2);
3651 	#endif
3652 	}
3653 	;
3654 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3655 	{
3656 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3657 		int port;
3658 		OUTYY(("P(redis_server_port:%s)\n", $2));
3659 		port = atoi($2);
3660 		if(port == 0 || port < 0 || port > 65535)
3661 			yyerror("valid redis server port number expected");
3662 		else cfg_parser->cfg->redis_server_port = port;
3663 	#else
3664 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3665 	#endif
3666 		free($2);
3667 	}
3668 	;
3669 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3670 	{
3671 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3672 		OUTYY(("P(redis_timeout:%s)\n", $2));
3673 		if(atoi($2) == 0)
3674 			yyerror("redis timeout value expected");
3675 		else cfg_parser->cfg->redis_timeout = atoi($2);
3676 	#else
3677 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3678 	#endif
3679 		free($2);
3680 	}
3681 	;
3682 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3683 	{
3684 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3685 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3686 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3687 			yyerror("expected yes or no.");
3688 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3689 	#else
3690 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3691 	#endif
3692 		free($2);
3693 	}
3694 	;
3695 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3696 	{
3697 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3698 		if (atoi($3) < 0)
3699 			yyerror("positive number expected");
3700 		else {
3701 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3702 				fatal_exit("out of memory adding tcp connection limit");
3703 		}
3704 	}
3705 	;
3706 	ipsetstart: VAR_IPSET
3707 		{
3708 			OUTYY(("\nP(ipset:)\n"));
3709 			cfg_parser->started_toplevel = 1;
3710 		}
3711 		;
3712 	contents_ipset: contents_ipset content_ipset
3713 		| ;
3714 	content_ipset: ipset_name_v4 | ipset_name_v6
3715 		;
3716 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3717 		{
3718 		#ifdef USE_IPSET
3719 			OUTYY(("P(name-v4:%s)\n", $2));
3720 			if(cfg_parser->cfg->ipset_name_v4)
3721 				yyerror("ipset name v4 override, there must be one "
3722 					"name for ip v4");
3723 			free(cfg_parser->cfg->ipset_name_v4);
3724 			cfg_parser->cfg->ipset_name_v4 = $2;
3725 		#else
3726 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3727 			free($2);
3728 		#endif
3729 		}
3730 	;
3731 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3732 	{
3733 		#ifdef USE_IPSET
3734 			OUTYY(("P(name-v6:%s)\n", $2));
3735 			if(cfg_parser->cfg->ipset_name_v6)
3736 				yyerror("ipset name v6 override, there must be one "
3737 					"name for ip v6");
3738 			free(cfg_parser->cfg->ipset_name_v6);
3739 			cfg_parser->cfg->ipset_name_v6 = $2;
3740 		#else
3741 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3742 			free($2);
3743 		#endif
3744 		}
3745 	;
3746 %%
3747 
3748 /* parse helper routines could be here */
3749 static void
3750 validate_respip_action(const char* action)
3751 {
3752 	if(strcmp(action, "deny")!=0 &&
3753 		strcmp(action, "redirect")!=0 &&
3754 		strcmp(action, "inform")!=0 &&
3755 		strcmp(action, "inform_deny")!=0 &&
3756 		strcmp(action, "always_transparent")!=0 &&
3757 		strcmp(action, "always_refuse")!=0 &&
3758 		strcmp(action, "always_nxdomain")!=0)
3759 	{
3760 		yyerror("response-ip action: expected deny, redirect, "
3761 			"inform, inform_deny, always_transparent, "
3762 			"always_refuse or always_nxdomain");
3763 	}
3764 }
3765 
3766 static void
3767 validate_acl_action(const char* action)
3768 {
3769 	if(strcmp(action, "deny")!=0 &&
3770 		strcmp(action, "refuse")!=0 &&
3771 		strcmp(action, "deny_non_local")!=0 &&
3772 		strcmp(action, "refuse_non_local")!=0 &&
3773 		strcmp(action, "allow_setrd")!=0 &&
3774 		strcmp(action, "allow")!=0 &&
3775 		strcmp(action, "allow_snoop")!=0)
3776 	{
3777 		yyerror("expected deny, refuse, deny_non_local, "
3778 			"refuse_non_local, allow, allow_setrd or "
3779 			"allow_snoop as access control action");
3780 	}
3781 }
3782