xref: /freebsd/contrib/unbound/util/configparser.y (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_FORCE_TOPLEVEL
73 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
74 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
75 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
76 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
77 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
78 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
79 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
80 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
81 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
82 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
83 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
84 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
85 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
86 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
87 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
88 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
89 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
90 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
91 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
92 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
93 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
94 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
95 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
96 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
97 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
98 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
99 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
100 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
101 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
102 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
103 %token VAR_CONTROL_USE_CERT
104 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
105 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
106 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
107 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
108 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
109 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
110 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
111 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
112 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
113 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
114 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
115 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
116 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
117 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
118 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
119 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
120 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
121 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
122 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
123 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
124 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
125 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
126 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
127 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
128 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
129 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
130 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
131 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
132 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
133 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
134 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
135 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
136 %token VAR_IP_DSCP
137 %token VAR_DISABLE_DNSSEC_LAME_CHECK
138 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
139 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
140 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
141 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
142 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
143 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
144 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
145 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
146 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
147 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
148 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
149 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
150 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
151 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
152 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
153 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
154 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA
155 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
156 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
157 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
158 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
159 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
160 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
161 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
162 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
163 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
164 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
165 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
166 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
167 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
168 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
169 %token VAR_CACHEDB_REDISEXPIRERECORDS
170 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
171 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
172 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
173 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
174 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
175 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
176 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
177 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
178 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
179 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
180 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
181 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
182 %token VAR_EDNS_CLIENT_STRING_OPCODE
183 
184 %%
185 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
186 toplevelvar: serverstart contents_server | stubstart contents_stub |
187 	forwardstart contents_forward | pythonstart contents_py |
188 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
189 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
190 	ipsetstart contents_ipset | authstart contents_auth |
191 	rpzstart contents_rpz | dynlibstart contents_dl |
192 	force_toplevel
193 	;
194 force_toplevel: VAR_FORCE_TOPLEVEL
195 	{
196 		OUTYY(("\nP(force-toplevel)\n"));
197 	}
198 	;
199 /* server: declaration */
200 serverstart: VAR_SERVER
201 	{
202 		OUTYY(("\nP(server:)\n"));
203 	}
204 	;
205 contents_server: contents_server content_server
206 	| ;
207 content_server: server_num_threads | server_verbosity | server_port |
208 	server_outgoing_range | server_do_ip4 |
209 	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
210 	server_do_udp | server_do_tcp |
211 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
212 	server_tcp_keepalive | server_tcp_keepalive_timeout |
213 	server_interface | server_chroot | server_username |
214 	server_directory | server_logfile | server_pidfile |
215 	server_msg_cache_size | server_msg_cache_slabs |
216 	server_num_queries_per_thread | server_rrset_cache_size |
217 	server_rrset_cache_slabs | server_outgoing_num_tcp |
218 	server_infra_host_ttl | server_infra_lame_ttl |
219 	server_infra_cache_slabs | server_infra_cache_numhosts |
220 	server_infra_cache_lame_size | server_target_fetch_policy |
221 	server_harden_short_bufsize | server_harden_large_queries |
222 	server_do_not_query_address | server_hide_identity |
223 	server_hide_version | server_identity | server_version |
224 	server_harden_glue | server_module_conf | server_trust_anchor_file |
225 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
226 	server_val_clean_additional | server_val_permissive_mode |
227 	server_incoming_num_tcp | server_msg_buffer_size |
228 	server_key_cache_size | server_key_cache_slabs |
229 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
230 	server_use_syslog | server_outgoing_interface | server_root_hints |
231 	server_do_not_query_localhost | server_cache_max_ttl |
232 	server_harden_dnssec_stripped | server_access_control |
233 	server_local_zone | server_local_data | server_interface_automatic |
234 	server_statistics_interval | server_do_daemonize |
235 	server_use_caps_for_id | server_statistics_cumulative |
236 	server_outgoing_port_permit | server_outgoing_port_avoid |
237 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
238 	server_harden_referral_path | server_private_address |
239 	server_private_domain | server_extended_statistics |
240 	server_local_data_ptr | server_jostle_timeout |
241 	server_unwanted_reply_threshold | server_log_time_ascii |
242 	server_domain_insecure | server_val_sig_skew_min |
243 	server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
244 	server_auto_trust_anchor_file | server_add_holddown |
245 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
246 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
247 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
248 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
249 	server_log_local_actions |
250 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
251 	server_https_port | server_http_endpoint | server_http_max_streams |
252 	server_http_query_buffer_size | server_http_response_buffer_size |
253 	server_http_nodelay | server_http_notls_downstream |
254 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
255 	server_so_reuseport | server_delay_close | server_udp_connect |
256 	server_unblock_lan_zones | server_insecure_lan_zones |
257 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
258 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
259 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
260 	server_ip_dscp | server_infra_keep_probing |
261 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
262 	server_ip_ratelimit_size | server_ratelimit_size |
263 	server_ratelimit_for_domain |
264 	server_ratelimit_below_domain | server_ratelimit_factor |
265 	server_ip_ratelimit_factor | server_send_client_subnet |
266 	server_client_subnet_zone | server_client_subnet_always_forward |
267 	server_client_subnet_opcode |
268 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
269 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
270 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
271 	server_caps_whitelist | server_cache_max_negative_ttl |
272 	server_permit_small_holddown | server_qname_minimisation |
273 	server_ip_freebind | server_define_tag | server_local_zone_tag |
274 	server_disable_dnssec_lame_check | server_access_control_tag |
275 	server_local_zone_override | server_access_control_tag_action |
276 	server_access_control_tag_data | server_access_control_view |
277 	server_qname_minimisation_strict | server_serve_expired |
278 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
279 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
280 	server_fake_dsa | server_log_identity | server_use_systemd |
281 	server_response_ip_tag | server_response_ip | server_response_ip_data |
282 	server_shm_enable | server_shm_key | server_fake_sha1 |
283 	server_hide_trustanchor | server_trust_anchor_signaling |
284 	server_root_key_sentinel |
285 	server_ipsecmod_enabled | server_ipsecmod_hook |
286 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
287 	server_ipsecmod_whitelist | server_ipsecmod_strict |
288 	server_udp_upstream_without_downstream | server_aggressive_nsec |
289 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
290 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
291 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
292 	server_unknown_server_time_limit | server_log_tag_queryreply |
293 	server_stream_wait_size | server_tls_ciphers |
294 	server_tls_ciphersuites | server_tls_session_ticket_keys |
295 	server_tls_use_sni | server_edns_client_string |
296 	server_edns_client_string_opcode
297 	;
298 stubstart: VAR_STUB_ZONE
299 	{
300 		struct config_stub* s;
301 		OUTYY(("\nP(stub_zone:)\n"));
302 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
303 		if(s) {
304 			s->next = cfg_parser->cfg->stubs;
305 			cfg_parser->cfg->stubs = s;
306 		} else
307 			yyerror("out of memory");
308 	}
309 	;
310 contents_stub: contents_stub content_stub
311 	| ;
312 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
313 	stub_no_cache | stub_ssl_upstream
314 	;
315 forwardstart: VAR_FORWARD_ZONE
316 	{
317 		struct config_stub* s;
318 		OUTYY(("\nP(forward_zone:)\n"));
319 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
320 		if(s) {
321 			s->next = cfg_parser->cfg->forwards;
322 			cfg_parser->cfg->forwards = s;
323 		} else
324 			yyerror("out of memory");
325 	}
326 	;
327 contents_forward: contents_forward content_forward
328 	| ;
329 content_forward: forward_name | forward_host | forward_addr | forward_first |
330 	forward_no_cache | forward_ssl_upstream
331 	;
332 viewstart: VAR_VIEW
333 	{
334 		struct config_view* s;
335 		OUTYY(("\nP(view:)\n"));
336 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
337 		if(s) {
338 			s->next = cfg_parser->cfg->views;
339 			if(s->next && !s->next->name)
340 				yyerror("view without name");
341 			cfg_parser->cfg->views = s;
342 		} else
343 			yyerror("out of memory");
344 	}
345 	;
346 contents_view: contents_view content_view
347 	| ;
348 content_view: view_name | view_local_zone | view_local_data | view_first |
349 		view_response_ip | view_response_ip_data | view_local_data_ptr
350 	;
351 authstart: VAR_AUTH_ZONE
352 	{
353 		struct config_auth* s;
354 		OUTYY(("\nP(auth_zone:)\n"));
355 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
356 		if(s) {
357 			s->next = cfg_parser->cfg->auths;
358 			cfg_parser->cfg->auths = s;
359 			/* defaults for auth zone */
360 			s->for_downstream = 1;
361 			s->for_upstream = 1;
362 			s->fallback_enabled = 0;
363 			s->isrpz = 0;
364 		} else
365 			yyerror("out of memory");
366 	}
367 	;
368 contents_auth: contents_auth content_auth
369 	| ;
370 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
371 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
372 	auth_allow_notify
373 	;
374 
375 rpz_tag: VAR_TAGS STRING_ARG
376 	{
377 		uint8_t* bitlist;
378 		size_t len = 0;
379 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
380 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
381 			&len);
382 		free($2);
383 		if(!bitlist) {
384 			yyerror("could not parse tags, (define-tag them first)");
385 		}
386 		if(bitlist) {
387 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
388 			cfg_parser->cfg->auths->rpz_taglistlen = len;
389 
390 		}
391 	}
392 	;
393 
394 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
395 	{
396 		OUTYY(("P(rpz_action_override:%s)\n", $2));
397 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
398 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
399 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
400 			yyerror("rpz-action-override action: expected nxdomain, "
401 				"nodata, passthru, drop, cname or disabled");
402 			free($2);
403 			cfg_parser->cfg->auths->rpz_action_override = NULL;
404 		}
405 		else {
406 			cfg_parser->cfg->auths->rpz_action_override = $2;
407 		}
408 	}
409 	;
410 
411 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
412 	{
413 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
414 		free(cfg_parser->cfg->auths->rpz_cname);
415 		cfg_parser->cfg->auths->rpz_cname = $2;
416 	}
417 	;
418 
419 rpz_log: VAR_RPZ_LOG STRING_ARG
420 	{
421 		OUTYY(("P(rpz_log:%s)\n", $2));
422 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
423 			yyerror("expected yes or no.");
424 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
425 		free($2);
426 	}
427 	;
428 
429 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
430 	{
431 		OUTYY(("P(rpz_log_name:%s)\n", $2));
432 		free(cfg_parser->cfg->auths->rpz_log_name);
433 		cfg_parser->cfg->auths->rpz_log_name = $2;
434 	}
435 	;
436 
437 rpzstart: VAR_RPZ
438 	{
439 		struct config_auth* s;
440 		OUTYY(("\nP(rpz:)\n"));
441 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
442 		if(s) {
443 			s->next = cfg_parser->cfg->auths;
444 			cfg_parser->cfg->auths = s;
445 			/* defaults for RPZ auth zone */
446 			s->for_downstream = 0;
447 			s->for_upstream = 0;
448 			s->fallback_enabled = 0;
449 			s->isrpz = 1;
450 		} else
451 			yyerror("out of memory");
452 	}
453 	;
454 contents_rpz: contents_rpz content_rpz
455 	| ;
456 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
457 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
458 	   rpz_log | rpz_log_name
459 	;
460 server_num_threads: VAR_NUM_THREADS STRING_ARG
461 	{
462 		OUTYY(("P(server_num_threads:%s)\n", $2));
463 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
464 			yyerror("number expected");
465 		else cfg_parser->cfg->num_threads = atoi($2);
466 		free($2);
467 	}
468 	;
469 server_verbosity: VAR_VERBOSITY STRING_ARG
470 	{
471 		OUTYY(("P(server_verbosity:%s)\n", $2));
472 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
473 			yyerror("number expected");
474 		else cfg_parser->cfg->verbosity = atoi($2);
475 		free($2);
476 	}
477 	;
478 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
479 	{
480 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
481 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
482 			cfg_parser->cfg->stat_interval = 0;
483 		else if(atoi($2) == 0)
484 			yyerror("number expected");
485 		else cfg_parser->cfg->stat_interval = atoi($2);
486 		free($2);
487 	}
488 	;
489 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
490 	{
491 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
492 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
493 			yyerror("expected yes or no.");
494 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
495 		free($2);
496 	}
497 	;
498 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
499 	{
500 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
501 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
502 			yyerror("expected yes or no.");
503 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
504 		free($2);
505 	}
506 	;
507 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
508 	{
509 		OUTYY(("P(server_shm_enable:%s)\n", $2));
510 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
511 			yyerror("expected yes or no.");
512 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
513 		free($2);
514 	}
515 	;
516 server_shm_key: VAR_SHM_KEY STRING_ARG
517 	{
518 		OUTYY(("P(server_shm_key:%s)\n", $2));
519 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
520 			cfg_parser->cfg->shm_key = 0;
521 		else if(atoi($2) == 0)
522 			yyerror("number expected");
523 		else cfg_parser->cfg->shm_key = atoi($2);
524 		free($2);
525 	}
526 	;
527 server_port: VAR_PORT STRING_ARG
528 	{
529 		OUTYY(("P(server_port:%s)\n", $2));
530 		if(atoi($2) == 0)
531 			yyerror("port number expected");
532 		else cfg_parser->cfg->port = atoi($2);
533 		free($2);
534 	}
535 	;
536 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
537 	{
538 	#ifdef CLIENT_SUBNET
539 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
540 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
541 			fatal_exit("out of memory adding client-subnet");
542 	#else
543 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
544 		free($2);
545 	#endif
546 	}
547 	;
548 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
549 	{
550 	#ifdef CLIENT_SUBNET
551 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
552 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
553 			$2))
554 			fatal_exit("out of memory adding client-subnet-zone");
555 	#else
556 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
557 		free($2);
558 	#endif
559 	}
560 	;
561 server_client_subnet_always_forward:
562 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
563 	{
564 	#ifdef CLIENT_SUBNET
565 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
566 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
567 			yyerror("expected yes or no.");
568 		else
569 			cfg_parser->cfg->client_subnet_always_forward =
570 				(strcmp($2, "yes")==0);
571 	#else
572 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
573 	#endif
574 		free($2);
575 	}
576 	;
577 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
578 	{
579 	#ifdef CLIENT_SUBNET
580 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
581 		OUTYY(("P(Deprecated option, ignoring)\n"));
582 	#else
583 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
584 	#endif
585 		free($2);
586 	}
587 	;
588 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
589 	{
590 	#ifdef CLIENT_SUBNET
591 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
592 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
593 			yyerror("IPv4 subnet length expected");
594 		else if (atoi($2) > 32)
595 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
596 		else if (atoi($2) < 0)
597 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
598 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
599 	#else
600 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
601 	#endif
602 		free($2);
603 	}
604 	;
605 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
606 	{
607 	#ifdef CLIENT_SUBNET
608 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
609 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
610 			yyerror("Ipv6 subnet length expected");
611 		else if (atoi($2) > 128)
612 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
613 		else if (atoi($2) < 0)
614 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
615 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
616 	#else
617 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
618 	#endif
619 		free($2);
620 	}
621 	;
622 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
623 	{
624 	#ifdef CLIENT_SUBNET
625 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
626 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
627 			yyerror("IPv4 subnet length expected");
628 		else if (atoi($2) > 32)
629 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
630 		else if (atoi($2) < 0)
631 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
632 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
633 	#else
634 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
635 	#endif
636 		free($2);
637 	}
638 	;
639 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
640 	{
641 	#ifdef CLIENT_SUBNET
642 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
643 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
644 			yyerror("Ipv6 subnet length expected");
645 		else if (atoi($2) > 128)
646 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
647 		else if (atoi($2) < 0)
648 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
649 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
650 	#else
651 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
652 	#endif
653 		free($2);
654 	}
655 	;
656 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
657 	{
658 	#ifdef CLIENT_SUBNET
659 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
660 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
661 			yyerror("IPv4 ECS tree size expected");
662 		else if (atoi($2) < 0)
663 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
664 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
665 	#else
666 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
667 	#endif
668 		free($2);
669 	}
670 	;
671 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
672 	{
673 	#ifdef CLIENT_SUBNET
674 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
675 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
676 			yyerror("IPv6 ECS tree size expected");
677 		else if (atoi($2) < 0)
678 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
679 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
680 	#else
681 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
682 	#endif
683 		free($2);
684 	}
685 	;
686 server_interface: VAR_INTERFACE STRING_ARG
687 	{
688 		OUTYY(("P(server_interface:%s)\n", $2));
689 		if(cfg_parser->cfg->num_ifs == 0)
690 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
691 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
692 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
693 		if(!cfg_parser->cfg->ifs)
694 			yyerror("out of memory");
695 		else
696 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
697 	}
698 	;
699 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
700 	{
701 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
702 		if(cfg_parser->cfg->num_out_ifs == 0)
703 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
704 		else 	cfg_parser->cfg->out_ifs = realloc(
705 			cfg_parser->cfg->out_ifs,
706 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
707 		if(!cfg_parser->cfg->out_ifs)
708 			yyerror("out of memory");
709 		else
710 			cfg_parser->cfg->out_ifs[
711 				cfg_parser->cfg->num_out_ifs++] = $2;
712 	}
713 	;
714 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
715 	{
716 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
717 		if(atoi($2) == 0)
718 			yyerror("number expected");
719 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
720 		free($2);
721 	}
722 	;
723 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
724 	{
725 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
726 		if(!cfg_mark_ports($2, 1,
727 			cfg_parser->cfg->outgoing_avail_ports, 65536))
728 			yyerror("port number or range (\"low-high\") expected");
729 		free($2);
730 	}
731 	;
732 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
733 	{
734 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
735 		if(!cfg_mark_ports($2, 0,
736 			cfg_parser->cfg->outgoing_avail_ports, 65536))
737 			yyerror("port number or range (\"low-high\") expected");
738 		free($2);
739 	}
740 	;
741 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
742 	{
743 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
744 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
745 			yyerror("number expected");
746 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
747 		free($2);
748 	}
749 	;
750 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
751 	{
752 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
753 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
754 			yyerror("number expected");
755 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
756 		free($2);
757 	}
758 	;
759 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
760 	{
761 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
762 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
763 			yyerror("expected yes or no.");
764 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
765 		free($2);
766 	}
767 	;
768 server_do_ip4: VAR_DO_IP4 STRING_ARG
769 	{
770 		OUTYY(("P(server_do_ip4:%s)\n", $2));
771 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
772 			yyerror("expected yes or no.");
773 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
774 		free($2);
775 	}
776 	;
777 server_do_ip6: VAR_DO_IP6 STRING_ARG
778 	{
779 		OUTYY(("P(server_do_ip6:%s)\n", $2));
780 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
781 			yyerror("expected yes or no.");
782 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
783 		free($2);
784 	}
785 	;
786 server_do_udp: VAR_DO_UDP STRING_ARG
787 	{
788 		OUTYY(("P(server_do_udp:%s)\n", $2));
789 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
790 			yyerror("expected yes or no.");
791 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
792 		free($2);
793 	}
794 	;
795 server_do_tcp: VAR_DO_TCP STRING_ARG
796 	{
797 		OUTYY(("P(server_do_tcp:%s)\n", $2));
798 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
799 			yyerror("expected yes or no.");
800 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
801 		free($2);
802 	}
803 	;
804 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
805 	{
806 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
807 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
808 			yyerror("expected yes or no.");
809 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
810 		free($2);
811 	}
812 	;
813 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
814 	{
815 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
816 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
817 			yyerror("expected yes or no.");
818 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
819 		free($2);
820 	}
821 	;
822 server_tcp_mss: VAR_TCP_MSS STRING_ARG
823 	{
824 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
825                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
826                         yyerror("number expected");
827                 else cfg_parser->cfg->tcp_mss = atoi($2);
828                 free($2);
829 	}
830 	;
831 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
832 	{
833 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
834 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
835 			yyerror("number expected");
836 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
837 		free($2);
838 	}
839 	;
840 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
841 	{
842 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
843 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
844 			yyerror("number expected");
845 		else if (atoi($2) > 120000)
846 			cfg_parser->cfg->tcp_idle_timeout = 120000;
847 		else if (atoi($2) < 1)
848 			cfg_parser->cfg->tcp_idle_timeout = 1;
849 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
850 		free($2);
851 	}
852 	;
853 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
854 	{
855 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
856 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
857 			yyerror("expected yes or no.");
858 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
859 		free($2);
860 	}
861 	;
862 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
863 	{
864 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
865 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
866 			yyerror("number expected");
867 		else if (atoi($2) > 6553500)
868 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
869 		else if (atoi($2) < 1)
870 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
871 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
872 		free($2);
873 	}
874 	;
875 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
876 	{
877 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
878 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
879 			yyerror("expected yes or no.");
880 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
881 		free($2);
882 	}
883 	;
884 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
885 	{
886 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
887 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
888 			yyerror("expected yes or no.");
889 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
890 		free($2);
891 	}
892 	;
893 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
894 	{
895 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
896 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
897 			yyerror("expected yes or no.");
898 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
899 		free($2);
900 	}
901 	;
902 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
903 	{
904 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
905 		free(cfg_parser->cfg->ssl_service_key);
906 		cfg_parser->cfg->ssl_service_key = $2;
907 	}
908 	;
909 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
910 	{
911 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
912 		free(cfg_parser->cfg->ssl_service_pem);
913 		cfg_parser->cfg->ssl_service_pem = $2;
914 	}
915 	;
916 server_ssl_port: VAR_SSL_PORT STRING_ARG
917 	{
918 		OUTYY(("P(server_ssl_port:%s)\n", $2));
919 		if(atoi($2) == 0)
920 			yyerror("port number expected");
921 		else cfg_parser->cfg->ssl_port = atoi($2);
922 		free($2);
923 	}
924 	;
925 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
926 	{
927 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
928 		free(cfg_parser->cfg->tls_cert_bundle);
929 		cfg_parser->cfg->tls_cert_bundle = $2;
930 	}
931 	;
932 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
933 	{
934 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
935 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
936 			yyerror("expected yes or no.");
937 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
938 		free($2);
939 	}
940 	;
941 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
942 	{
943 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
944 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
945 			$2))
946 			yyerror("out of memory");
947 	}
948 	;
949 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
950 	{
951 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
952 		free(cfg_parser->cfg->tls_ciphers);
953 		cfg_parser->cfg->tls_ciphers = $2;
954 	}
955 	;
956 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
957 	{
958 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
959 		free(cfg_parser->cfg->tls_ciphersuites);
960 		cfg_parser->cfg->tls_ciphersuites = $2;
961 	}
962 	;
963 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
964 	{
965 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
966 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
967 			$2))
968 			yyerror("out of memory");
969 	}
970 	;
971 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
972 	{
973 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
974 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
975 			yyerror("expected yes or no.");
976 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
977 		free($2);
978 	}
979 	;
980 server_https_port: VAR_HTTPS_PORT STRING_ARG
981 	{
982 		OUTYY(("P(server_https_port:%s)\n", $2));
983 		if(atoi($2) == 0)
984 			yyerror("port number expected");
985 		else cfg_parser->cfg->https_port = atoi($2);
986 		free($2);
987 	};
988 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
989 	{
990 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
991 		free(cfg_parser->cfg->http_endpoint);
992 		if($2 && $2[0] != '/') {
993 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
994 			if(!cfg_parser->cfg->http_endpoint)
995 				yyerror("out of memory");
996 			cfg_parser->cfg->http_endpoint[0] = '/';
997 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
998 				strlen($2)+1);
999 			free($2);
1000 		} else {
1001 			cfg_parser->cfg->http_endpoint = $2;
1002 		}
1003 	};
1004 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1005 	{
1006 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1007 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1008 			yyerror("number expected");
1009 		else cfg_parser->cfg->http_max_streams = atoi($2);
1010 		free($2);
1011 	};
1012 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1013 	{
1014 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1015 		if(!cfg_parse_memsize($2,
1016 			&cfg_parser->cfg->http_query_buffer_size))
1017 			yyerror("memory size expected");
1018 		free($2);
1019 	};
1020 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1021 	{
1022 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1023 		if(!cfg_parse_memsize($2,
1024 			&cfg_parser->cfg->http_response_buffer_size))
1025 			yyerror("memory size expected");
1026 		free($2);
1027 	};
1028 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1029 	{
1030 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1031 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1032 			yyerror("expected yes or no.");
1033 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1034 		free($2);
1035 	}
1036 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1037 	{
1038 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1039 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1040 			yyerror("expected yes or no.");
1041 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1042 		free($2);
1043 	};
1044 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1045 	{
1046 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1047 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1048 			yyerror("expected yes or no.");
1049 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1050 		free($2);
1051 	}
1052 	;
1053 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1054 	{
1055 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1056 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1057 			yyerror("expected yes or no.");
1058 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1059 		free($2);
1060 	}
1061 	;
1062 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1063 	{
1064 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1065 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1066 			yyerror("expected yes or no.");
1067 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1068 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1069 		if(strcmp($2, "yes") == 0)
1070 			yyerror("no syslog services are available. "
1071 				"(reconfigure and compile to add)");
1072 #endif
1073 		free($2);
1074 	}
1075 	;
1076 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1077 	{
1078 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1079 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1080 			yyerror("expected yes or no.");
1081 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1082 		free($2);
1083 	}
1084 	;
1085 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1086 	{
1087 		OUTYY(("P(server_log_queries:%s)\n", $2));
1088 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1089 			yyerror("expected yes or no.");
1090 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1091 		free($2);
1092 	}
1093 	;
1094 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1095   {
1096   	OUTYY(("P(server_log_replies:%s)\n", $2));
1097   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1098   		yyerror("expected yes or no.");
1099   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1100   	free($2);
1101   }
1102   ;
1103 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1104   {
1105   	OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1106   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1107   		yyerror("expected yes or no.");
1108   	else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1109   	free($2);
1110   }
1111   ;
1112 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1113 	{
1114 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1115 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1116 			yyerror("expected yes or no.");
1117 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1118 		free($2);
1119 	}
1120 	;
1121 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1122   {
1123   	OUTYY(("P(server_log_local_actions:%s)\n", $2));
1124   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1125   		yyerror("expected yes or no.");
1126   	else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1127   	free($2);
1128   }
1129   ;
1130 server_chroot: VAR_CHROOT STRING_ARG
1131 	{
1132 		OUTYY(("P(server_chroot:%s)\n", $2));
1133 		free(cfg_parser->cfg->chrootdir);
1134 		cfg_parser->cfg->chrootdir = $2;
1135 	}
1136 	;
1137 server_username: VAR_USERNAME STRING_ARG
1138 	{
1139 		OUTYY(("P(server_username:%s)\n", $2));
1140 		free(cfg_parser->cfg->username);
1141 		cfg_parser->cfg->username = $2;
1142 	}
1143 	;
1144 server_directory: VAR_DIRECTORY STRING_ARG
1145 	{
1146 		OUTYY(("P(server_directory:%s)\n", $2));
1147 		free(cfg_parser->cfg->directory);
1148 		cfg_parser->cfg->directory = $2;
1149 		/* change there right away for includes relative to this */
1150 		if($2[0]) {
1151 			char* d;
1152 #ifdef UB_ON_WINDOWS
1153 			w_config_adjust_directory(cfg_parser->cfg);
1154 #endif
1155 			d = cfg_parser->cfg->directory;
1156 			/* adjust directory if we have already chroot,
1157 			 * like, we reread after sighup */
1158 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1159 				strncmp(d, cfg_parser->chroot, strlen(
1160 				cfg_parser->chroot)) == 0)
1161 				d += strlen(cfg_parser->chroot);
1162 			if(d[0]) {
1163 			    if(chdir(d))
1164 				log_err("cannot chdir to directory: %s (%s)",
1165 					d, strerror(errno));
1166 			}
1167 		}
1168 	}
1169 	;
1170 server_logfile: VAR_LOGFILE STRING_ARG
1171 	{
1172 		OUTYY(("P(server_logfile:%s)\n", $2));
1173 		free(cfg_parser->cfg->logfile);
1174 		cfg_parser->cfg->logfile = $2;
1175 		cfg_parser->cfg->use_syslog = 0;
1176 	}
1177 	;
1178 server_pidfile: VAR_PIDFILE STRING_ARG
1179 	{
1180 		OUTYY(("P(server_pidfile:%s)\n", $2));
1181 		free(cfg_parser->cfg->pidfile);
1182 		cfg_parser->cfg->pidfile = $2;
1183 	}
1184 	;
1185 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1186 	{
1187 		OUTYY(("P(server_root_hints:%s)\n", $2));
1188 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1189 			yyerror("out of memory");
1190 	}
1191 	;
1192 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1193 	{
1194 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1195 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1196 		free($2);
1197 	}
1198 	;
1199 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1200 	{
1201 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1202 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1203 		free($2);
1204 	}
1205 	;
1206 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1207 	{
1208 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1209 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1210 			auto_trust_anchor_file_list, $2))
1211 			yyerror("out of memory");
1212 	}
1213 	;
1214 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1215 	{
1216 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1217 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1218 			trust_anchor_file_list, $2))
1219 			yyerror("out of memory");
1220 	}
1221 	;
1222 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1223 	{
1224 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1225 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1226 			trusted_keys_file_list, $2))
1227 			yyerror("out of memory");
1228 	}
1229 	;
1230 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1231 	{
1232 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1233 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1234 			yyerror("out of memory");
1235 	}
1236 	;
1237 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1238 	{
1239 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1240 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1241 			yyerror("expected yes or no.");
1242 		else
1243 			cfg_parser->cfg->trust_anchor_signaling =
1244 				(strcmp($2, "yes")==0);
1245 		free($2);
1246 	}
1247 	;
1248 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1249 	{
1250 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1251 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1252 			yyerror("expected yes or no.");
1253 		else
1254 			cfg_parser->cfg->root_key_sentinel =
1255 				(strcmp($2, "yes")==0);
1256 		free($2);
1257 	}
1258 	;
1259 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1260 	{
1261 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1262 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1263 			yyerror("out of memory");
1264 	}
1265 	;
1266 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1267 	{
1268 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1269 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1270 			yyerror("expected yes or no.");
1271 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1272 		free($2);
1273 	}
1274 	;
1275 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1276 	{
1277 		OUTYY(("P(server_hide_version:%s)\n", $2));
1278 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1279 			yyerror("expected yes or no.");
1280 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1281 		free($2);
1282 	}
1283 	;
1284 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1285 	{
1286 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1287 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1288 			yyerror("expected yes or no.");
1289 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1290 		free($2);
1291 	}
1292 	;
1293 server_identity: VAR_IDENTITY STRING_ARG
1294 	{
1295 		OUTYY(("P(server_identity:%s)\n", $2));
1296 		free(cfg_parser->cfg->identity);
1297 		cfg_parser->cfg->identity = $2;
1298 	}
1299 	;
1300 server_version: VAR_VERSION STRING_ARG
1301 	{
1302 		OUTYY(("P(server_version:%s)\n", $2));
1303 		free(cfg_parser->cfg->version);
1304 		cfg_parser->cfg->version = $2;
1305 	}
1306 	;
1307 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1308 	{
1309 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1310 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1311 			yyerror("buffer size expected");
1312 		free($2);
1313 	}
1314 	;
1315 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1316 	{
1317 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1318 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1319 			yyerror("buffer size expected");
1320 		free($2);
1321 	}
1322 	;
1323 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1324     {
1325         OUTYY(("P(server_so_reuseport:%s)\n", $2));
1326         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1327             yyerror("expected yes or no.");
1328         else cfg_parser->cfg->so_reuseport =
1329             (strcmp($2, "yes")==0);
1330         free($2);
1331     }
1332     ;
1333 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1334     {
1335         OUTYY(("P(server_ip_transparent:%s)\n", $2));
1336         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1337             yyerror("expected yes or no.");
1338         else cfg_parser->cfg->ip_transparent =
1339             (strcmp($2, "yes")==0);
1340         free($2);
1341     }
1342     ;
1343 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1344     {
1345         OUTYY(("P(server_ip_freebind:%s)\n", $2));
1346         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1347             yyerror("expected yes or no.");
1348         else cfg_parser->cfg->ip_freebind =
1349             (strcmp($2, "yes")==0);
1350         free($2);
1351     }
1352     ;
1353 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1354 	{
1355 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1356 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1357 			yyerror("number expected");
1358 		else if (atoi($2) > 63)
1359 			yyerror("value too large (max 63)");
1360 		else if (atoi($2) < 0)
1361 			yyerror("value too small (min 0)");
1362 		else
1363 			cfg_parser->cfg->ip_dscp = atoi($2);
1364 		free($2);
1365 	}
1366 	;
1367 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1368 	{
1369 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1370 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1371 			yyerror("memory size expected");
1372 		free($2);
1373 	}
1374 	;
1375 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1376 	{
1377 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1378 		if(atoi($2) == 0)
1379 			yyerror("number expected");
1380 		else if (atoi($2) < 12)
1381 			yyerror("edns buffer size too small");
1382 		else if (atoi($2) > 65535)
1383 			cfg_parser->cfg->edns_buffer_size = 65535;
1384 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1385 		free($2);
1386 	}
1387 	;
1388 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1389 	{
1390 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1391 		if(atoi($2) == 0)
1392 			yyerror("number expected");
1393 		else if (atoi($2) < 4096)
1394 			yyerror("message buffer size too small (use 4096)");
1395 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1396 		free($2);
1397 	}
1398 	;
1399 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1400 	{
1401 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1402 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1403 			yyerror("memory size expected");
1404 		free($2);
1405 	}
1406 	;
1407 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1408 	{
1409 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1410 		if(atoi($2) == 0)
1411 			yyerror("number expected");
1412 		else {
1413 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1414 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1415 				yyerror("must be a power of 2");
1416 		}
1417 		free($2);
1418 	}
1419 	;
1420 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1421 	{
1422 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1423 		if(atoi($2) == 0)
1424 			yyerror("number expected");
1425 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1426 		free($2);
1427 	}
1428 	;
1429 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1430 	{
1431 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1432 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1433 			yyerror("number expected");
1434 		else cfg_parser->cfg->jostle_time = atoi($2);
1435 		free($2);
1436 	}
1437 	;
1438 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1439 	{
1440 		OUTYY(("P(server_delay_close:%s)\n", $2));
1441 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1442 			yyerror("number expected");
1443 		else cfg_parser->cfg->delay_close = atoi($2);
1444 		free($2);
1445 	}
1446 	;
1447 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1448 	{
1449 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1450 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1451 			yyerror("expected yes or no.");
1452 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1453 		free($2);
1454 	}
1455 	;
1456 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1457 	{
1458 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1459 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1460 			yyerror("expected yes or no.");
1461 		else cfg_parser->cfg->unblock_lan_zones =
1462 			(strcmp($2, "yes")==0);
1463 		free($2);
1464 	}
1465 	;
1466 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1467 	{
1468 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1469 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1470 			yyerror("expected yes or no.");
1471 		else cfg_parser->cfg->insecure_lan_zones =
1472 			(strcmp($2, "yes")==0);
1473 		free($2);
1474 	}
1475 	;
1476 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1477 	{
1478 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1479 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1480 			yyerror("memory size expected");
1481 		free($2);
1482 	}
1483 	;
1484 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1485 	{
1486 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1487 		if(atoi($2) == 0)
1488 			yyerror("number expected");
1489 		else {
1490 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1491 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1492 				yyerror("must be a power of 2");
1493 		}
1494 		free($2);
1495 	}
1496 	;
1497 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1498 	{
1499 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1500 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1501 			yyerror("number expected");
1502 		else cfg_parser->cfg->host_ttl = atoi($2);
1503 		free($2);
1504 	}
1505 	;
1506 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1507 	{
1508 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1509 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1510 			"removed, use infra-host-ttl)", $2);
1511 		free($2);
1512 	}
1513 	;
1514 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1515 	{
1516 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1517 		if(atoi($2) == 0)
1518 			yyerror("number expected");
1519 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1520 		free($2);
1521 	}
1522 	;
1523 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1524 	{
1525 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1526 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1527 			"(option removed, use infra-cache-numhosts)", $2);
1528 		free($2);
1529 	}
1530 	;
1531 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1532 	{
1533 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1534 		if(atoi($2) == 0)
1535 			yyerror("number expected");
1536 		else {
1537 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1538 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1539 				yyerror("must be a power of 2");
1540 		}
1541 		free($2);
1542 	}
1543 	;
1544 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1545 	{
1546 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1547 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1548 			yyerror("number expected");
1549 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1550 		free($2);
1551 	}
1552 	;
1553 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1554 	{
1555 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1556 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1557 			yyerror("expected yes or no.");
1558 		else cfg_parser->cfg->infra_keep_probing =
1559 			(strcmp($2, "yes")==0);
1560 		free($2);
1561 	}
1562 	;
1563 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1564 	{
1565 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1566 		free(cfg_parser->cfg->target_fetch_policy);
1567 		cfg_parser->cfg->target_fetch_policy = $2;
1568 	}
1569 	;
1570 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1571 	{
1572 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1573 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1574 			yyerror("expected yes or no.");
1575 		else cfg_parser->cfg->harden_short_bufsize =
1576 			(strcmp($2, "yes")==0);
1577 		free($2);
1578 	}
1579 	;
1580 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1581 	{
1582 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1583 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1584 			yyerror("expected yes or no.");
1585 		else cfg_parser->cfg->harden_large_queries =
1586 			(strcmp($2, "yes")==0);
1587 		free($2);
1588 	}
1589 	;
1590 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1591 	{
1592 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1593 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1594 			yyerror("expected yes or no.");
1595 		else cfg_parser->cfg->harden_glue =
1596 			(strcmp($2, "yes")==0);
1597 		free($2);
1598 	}
1599 	;
1600 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1601 	{
1602 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1603 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1604 			yyerror("expected yes or no.");
1605 		else cfg_parser->cfg->harden_dnssec_stripped =
1606 			(strcmp($2, "yes")==0);
1607 		free($2);
1608 	}
1609 	;
1610 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1611 	{
1612 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1613 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1614 			yyerror("expected yes or no.");
1615 		else cfg_parser->cfg->harden_below_nxdomain =
1616 			(strcmp($2, "yes")==0);
1617 		free($2);
1618 	}
1619 	;
1620 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1621 	{
1622 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1623 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1624 			yyerror("expected yes or no.");
1625 		else cfg_parser->cfg->harden_referral_path =
1626 			(strcmp($2, "yes")==0);
1627 		free($2);
1628 	}
1629 	;
1630 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1631 	{
1632 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1633 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1634 			yyerror("expected yes or no.");
1635 		else cfg_parser->cfg->harden_algo_downgrade =
1636 			(strcmp($2, "yes")==0);
1637 		free($2);
1638 	}
1639 	;
1640 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1641 	{
1642 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1643 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1644 			yyerror("expected yes or no.");
1645 		else cfg_parser->cfg->use_caps_bits_for_id =
1646 			(strcmp($2, "yes")==0);
1647 		free($2);
1648 	}
1649 	;
1650 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1651 	{
1652 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1653 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1654 			yyerror("out of memory");
1655 	}
1656 	;
1657 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1658 	{
1659 		OUTYY(("P(server_private_address:%s)\n", $2));
1660 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1661 			yyerror("out of memory");
1662 	}
1663 	;
1664 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1665 	{
1666 		OUTYY(("P(server_private_domain:%s)\n", $2));
1667 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1668 			yyerror("out of memory");
1669 	}
1670 	;
1671 server_prefetch: VAR_PREFETCH STRING_ARG
1672 	{
1673 		OUTYY(("P(server_prefetch:%s)\n", $2));
1674 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1675 			yyerror("expected yes or no.");
1676 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1677 		free($2);
1678 	}
1679 	;
1680 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1681 	{
1682 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1683 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1684 			yyerror("expected yes or no.");
1685 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1686 		free($2);
1687 	}
1688 	;
1689 server_deny_any: VAR_DENY_ANY STRING_ARG
1690 	{
1691 		OUTYY(("P(server_deny_any:%s)\n", $2));
1692 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1693 			yyerror("expected yes or no.");
1694 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1695 		free($2);
1696 	}
1697 	;
1698 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1699 	{
1700 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1701 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1702 			yyerror("number expected");
1703 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1704 		free($2);
1705 	}
1706 	;
1707 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1708 	{
1709 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1710 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1711 			yyerror("out of memory");
1712 	}
1713 	;
1714 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1715 	{
1716 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1717 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1718 			yyerror("expected yes or no.");
1719 		else cfg_parser->cfg->donotquery_localhost =
1720 			(strcmp($2, "yes")==0);
1721 		free($2);
1722 	}
1723 	;
1724 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1725 	{
1726 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1727 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1728 			strcmp($3, "deny_non_local")!=0 &&
1729 			strcmp($3, "refuse_non_local")!=0 &&
1730 			strcmp($3, "allow_setrd")!=0 &&
1731 			strcmp($3, "allow")!=0 &&
1732 			strcmp($3, "allow_snoop")!=0) {
1733 			yyerror("expected deny, refuse, deny_non_local, "
1734 				"refuse_non_local, allow, allow_setrd or "
1735 				"allow_snoop in access control action");
1736 			free($2);
1737 			free($3);
1738 		} else {
1739 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1740 				fatal_exit("out of memory adding acl");
1741 		}
1742 	}
1743 	;
1744 server_module_conf: VAR_MODULE_CONF STRING_ARG
1745 	{
1746 		OUTYY(("P(server_module_conf:%s)\n", $2));
1747 		free(cfg_parser->cfg->module_conf);
1748 		cfg_parser->cfg->module_conf = $2;
1749 	}
1750 	;
1751 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1752 	{
1753 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1754 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1755 			cfg_parser->cfg->val_date_override = 0;
1756 		} else if(strlen($2) == 14) {
1757 			cfg_parser->cfg->val_date_override =
1758 				cfg_convert_timeval($2);
1759 			if(!cfg_parser->cfg->val_date_override)
1760 				yyerror("bad date/time specification");
1761 		} else {
1762 			if(atoi($2) == 0)
1763 				yyerror("number expected");
1764 			cfg_parser->cfg->val_date_override = atoi($2);
1765 		}
1766 		free($2);
1767 	}
1768 	;
1769 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1770 	{
1771 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1772 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1773 			cfg_parser->cfg->val_sig_skew_min = 0;
1774 		} else {
1775 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1776 			if(!cfg_parser->cfg->val_sig_skew_min)
1777 				yyerror("number expected");
1778 		}
1779 		free($2);
1780 	}
1781 	;
1782 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1783 	{
1784 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1785 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1786 			cfg_parser->cfg->val_sig_skew_max = 0;
1787 		} else {
1788 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1789 			if(!cfg_parser->cfg->val_sig_skew_max)
1790 				yyerror("number expected");
1791 		}
1792 		free($2);
1793 	}
1794 	;
1795 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1796 	{
1797 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1798 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1799 			yyerror("number expected");
1800 		else cfg_parser->cfg->max_ttl = atoi($2);
1801 		free($2);
1802 	}
1803 	;
1804 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1805 	{
1806 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1807 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1808 			yyerror("number expected");
1809 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1810 		free($2);
1811 	}
1812 	;
1813 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1814 	{
1815 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1816 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1817 			yyerror("number expected");
1818 		else cfg_parser->cfg->min_ttl = atoi($2);
1819 		free($2);
1820 	}
1821 	;
1822 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1823 	{
1824 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1825 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1826 			yyerror("number expected");
1827 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1828 		free($2);
1829 	}
1830 	;
1831 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1832 	{
1833 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1834 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1835 			yyerror("expected yes or no.");
1836 		else cfg_parser->cfg->val_clean_additional =
1837 			(strcmp($2, "yes")==0);
1838 		free($2);
1839 	}
1840 	;
1841 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1842 	{
1843 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1844 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1845 			yyerror("expected yes or no.");
1846 		else cfg_parser->cfg->val_permissive_mode =
1847 			(strcmp($2, "yes")==0);
1848 		free($2);
1849 	}
1850 	;
1851 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1852 	{
1853 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1854 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1855 			yyerror("expected yes or no.");
1856 		else
1857 			cfg_parser->cfg->aggressive_nsec =
1858 				(strcmp($2, "yes")==0);
1859 		free($2);
1860 	}
1861 	;
1862 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1863 	{
1864 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1865 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1866 			yyerror("expected yes or no.");
1867 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1868 		free($2);
1869 	}
1870 	;
1871 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1872 	{
1873 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1874 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1875 			yyerror("expected yes or no.");
1876 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1877 		free($2);
1878 	}
1879 	;
1880 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1881 	{
1882 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1883 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1884 			yyerror("number expected");
1885 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1886 		free($2);
1887 	}
1888 	;
1889 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1890 	{
1891 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1892 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1893 			yyerror("expected yes or no.");
1894 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1895 		free($2);
1896 	}
1897 	;
1898 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
1899 	{
1900 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
1901 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1902 			yyerror("number expected");
1903 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
1904 		free($2);
1905 	}
1906 	;
1907 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
1908 	{
1909 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
1910 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1911 			yyerror("number expected");
1912 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
1913 		free($2);
1914 	}
1915 	;
1916 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1917 	{
1918 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
1919 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1920 			yyerror("expected yes or no.");
1921 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1922 		else fake_dsa = (strcmp($2, "yes")==0);
1923 		if(fake_dsa)
1924 			log_warn("test option fake_dsa is enabled");
1925 #endif
1926 		free($2);
1927 	}
1928 	;
1929 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1930 	{
1931 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
1932 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1933 			yyerror("expected yes or no.");
1934 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1935 		else fake_sha1 = (strcmp($2, "yes")==0);
1936 		if(fake_sha1)
1937 			log_warn("test option fake_sha1 is enabled");
1938 #endif
1939 		free($2);
1940 	}
1941 	;
1942 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1943 	{
1944 		OUTYY(("P(server_val_log_level:%s)\n", $2));
1945 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1946 			yyerror("number expected");
1947 		else cfg_parser->cfg->val_log_level = atoi($2);
1948 		free($2);
1949 	}
1950 	;
1951 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1952 	{
1953 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1954 		free(cfg_parser->cfg->val_nsec3_key_iterations);
1955 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
1956 	}
1957 	;
1958 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1959 	{
1960 		OUTYY(("P(server_add_holddown:%s)\n", $2));
1961 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1962 			yyerror("number expected");
1963 		else cfg_parser->cfg->add_holddown = atoi($2);
1964 		free($2);
1965 	}
1966 	;
1967 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1968 	{
1969 		OUTYY(("P(server_del_holddown:%s)\n", $2));
1970 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1971 			yyerror("number expected");
1972 		else cfg_parser->cfg->del_holddown = atoi($2);
1973 		free($2);
1974 	}
1975 	;
1976 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1977 	{
1978 		OUTYY(("P(server_keep_missing:%s)\n", $2));
1979 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1980 			yyerror("number expected");
1981 		else cfg_parser->cfg->keep_missing = atoi($2);
1982 		free($2);
1983 	}
1984 	;
1985 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1986 	{
1987 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1988 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1989 			yyerror("expected yes or no.");
1990 		else cfg_parser->cfg->permit_small_holddown =
1991 			(strcmp($2, "yes")==0);
1992 		free($2);
1993 	}
1994 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1995 	{
1996 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
1997 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1998 			yyerror("memory size expected");
1999 		free($2);
2000 	}
2001 	;
2002 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2003 	{
2004 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2005 		if(atoi($2) == 0)
2006 			yyerror("number expected");
2007 		else {
2008 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2009 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2010 				yyerror("must be a power of 2");
2011 		}
2012 		free($2);
2013 	}
2014 	;
2015 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2016 	{
2017 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2018 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2019 			yyerror("memory size expected");
2020 		free($2);
2021 	}
2022 	;
2023 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2024 	{
2025 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2026 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2027 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2028 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2029 		   && strcmp($3, "typetransparent")!=0
2030 		   && strcmp($3, "always_transparent")!=0
2031 		   && strcmp($3, "always_refuse")!=0
2032 		   && strcmp($3, "always_nxdomain")!=0
2033 		   && strcmp($3, "noview")!=0
2034 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2035 		   && strcmp($3, "inform_redirect") != 0
2036 			 && strcmp($3, "ipset") != 0) {
2037 			yyerror("local-zone type: expected static, deny, "
2038 				"refuse, redirect, transparent, "
2039 				"typetransparent, inform, inform_deny, "
2040 				"inform_redirect, always_transparent, "
2041 				"always_refuse, always_nxdomain, noview "
2042 				", nodefault or ipset");
2043 			free($2);
2044 			free($3);
2045 		} else if(strcmp($3, "nodefault")==0) {
2046 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2047 				local_zones_nodefault, $2))
2048 				fatal_exit("out of memory adding local-zone");
2049 			free($3);
2050 #ifdef USE_IPSET
2051 		} else if(strcmp($3, "ipset")==0) {
2052 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2053 				local_zones_ipset, $2))
2054 				fatal_exit("out of memory adding local-zone");
2055 			free($3);
2056 #endif
2057 		} else {
2058 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2059 				$2, $3))
2060 				fatal_exit("out of memory adding local-zone");
2061 		}
2062 	}
2063 	;
2064 server_local_data: VAR_LOCAL_DATA STRING_ARG
2065 	{
2066 		OUTYY(("P(server_local_data:%s)\n", $2));
2067 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2068 			fatal_exit("out of memory adding local-data");
2069 	}
2070 	;
2071 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2072 	{
2073 		char* ptr;
2074 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2075 		ptr = cfg_ptr_reverse($2);
2076 		free($2);
2077 		if(ptr) {
2078 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2079 				local_data, ptr))
2080 				fatal_exit("out of memory adding local-data");
2081 		} else {
2082 			yyerror("local-data-ptr could not be reversed");
2083 		}
2084 	}
2085 	;
2086 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2087 	{
2088 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2089 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2090 			yyerror("expected yes or no.");
2091 		else cfg_parser->cfg->minimal_responses =
2092 			(strcmp($2, "yes")==0);
2093 		free($2);
2094 	}
2095 	;
2096 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2097 	{
2098 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2099 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2100 			yyerror("expected yes or no.");
2101 		else cfg_parser->cfg->rrset_roundrobin =
2102 			(strcmp($2, "yes")==0);
2103 		free($2);
2104 	}
2105 	;
2106 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2107 	{
2108 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2109 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2110 		free($2);
2111 	}
2112 	;
2113 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2114 	{
2115 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2116 		cfg_parser->cfg->max_udp_size = atoi($2);
2117 		free($2);
2118 	}
2119 	;
2120 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2121 	{
2122 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2123 		free(cfg_parser->cfg->dns64_prefix);
2124 		cfg_parser->cfg->dns64_prefix = $2;
2125 	}
2126 	;
2127 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2128 	{
2129 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2130 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2131 			yyerror("expected yes or no.");
2132 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2133 		free($2);
2134 	}
2135 	;
2136 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2137 	{
2138 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2139 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2140 			$2))
2141 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2142 	}
2143 	;
2144 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2145 	{
2146 		char* p, *s = $2;
2147 		OUTYY(("P(server_define_tag:%s)\n", $2));
2148 		while((p=strsep(&s, " \t\n")) != NULL) {
2149 			if(*p) {
2150 				if(!config_add_tag(cfg_parser->cfg, p))
2151 					yyerror("could not define-tag, "
2152 						"out of memory");
2153 			}
2154 		}
2155 		free($2);
2156 	}
2157 	;
2158 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2159 	{
2160 		size_t len = 0;
2161 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2162 			&len);
2163 		free($3);
2164 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2165 		if(!bitlist) {
2166 			yyerror("could not parse tags, (define-tag them first)");
2167 			free($2);
2168 		}
2169 		if(bitlist) {
2170 			if(!cfg_strbytelist_insert(
2171 				&cfg_parser->cfg->local_zone_tags,
2172 				$2, bitlist, len)) {
2173 				yyerror("out of memory");
2174 				free($2);
2175 			}
2176 		}
2177 	}
2178 	;
2179 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2180 	{
2181 		size_t len = 0;
2182 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2183 			&len);
2184 		free($3);
2185 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2186 		if(!bitlist) {
2187 			yyerror("could not parse tags, (define-tag them first)");
2188 			free($2);
2189 		}
2190 		if(bitlist) {
2191 			if(!cfg_strbytelist_insert(
2192 				&cfg_parser->cfg->acl_tags,
2193 				$2, bitlist, len)) {
2194 				yyerror("out of memory");
2195 				free($2);
2196 			}
2197 		}
2198 	}
2199 	;
2200 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2201 	{
2202 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2203 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2204 			$2, $3, $4)) {
2205 			yyerror("out of memory");
2206 			free($2);
2207 			free($3);
2208 			free($4);
2209 		}
2210 	}
2211 	;
2212 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2213 	{
2214 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2215 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2216 			$2, $3, $4)) {
2217 			yyerror("out of memory");
2218 			free($2);
2219 			free($3);
2220 			free($4);
2221 		}
2222 	}
2223 	;
2224 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2225 	{
2226 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2227 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2228 			$2, $3, $4)) {
2229 			yyerror("out of memory");
2230 			free($2);
2231 			free($3);
2232 			free($4);
2233 		}
2234 	}
2235 	;
2236 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2237 	{
2238 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2239 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2240 			$2, $3)) {
2241 			yyerror("out of memory");
2242 		}
2243 	}
2244 	;
2245 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2246 	{
2247 		size_t len = 0;
2248 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2249 			&len);
2250 		free($3);
2251 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2252 		if(!bitlist) {
2253 			yyerror("could not parse tags, (define-tag them first)");
2254 			free($2);
2255 		}
2256 		if(bitlist) {
2257 			if(!cfg_strbytelist_insert(
2258 				&cfg_parser->cfg->respip_tags,
2259 				$2, bitlist, len)) {
2260 				yyerror("out of memory");
2261 				free($2);
2262 			}
2263 		}
2264 	}
2265 	;
2266 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2267 	{
2268 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2269 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2270 			yyerror("number expected");
2271 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2272 		free($2);
2273 	}
2274 	;
2275 
2276 server_ratelimit: VAR_RATELIMIT STRING_ARG
2277 	{
2278 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2279 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2280 			yyerror("number expected");
2281 		else cfg_parser->cfg->ratelimit = atoi($2);
2282 		free($2);
2283 	}
2284 	;
2285 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2286   {
2287   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2288   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2289   		yyerror("memory size expected");
2290   	free($2);
2291   }
2292   ;
2293 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2294 	{
2295 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2296 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2297 			yyerror("memory size expected");
2298 		free($2);
2299 	}
2300 	;
2301 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2302   {
2303   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2304   	if(atoi($2) == 0)
2305   		yyerror("number expected");
2306   	else {
2307   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2308   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2309   			yyerror("must be a power of 2");
2310   	}
2311   	free($2);
2312   }
2313   ;
2314 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2315 	{
2316 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2317 		if(atoi($2) == 0)
2318 			yyerror("number expected");
2319 		else {
2320 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2321 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2322 				yyerror("must be a power of 2");
2323 		}
2324 		free($2);
2325 	}
2326 	;
2327 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2328 	{
2329 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2330 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2331 			yyerror("number expected");
2332 			free($2);
2333 			free($3);
2334 		} else {
2335 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2336 				ratelimit_for_domain, $2, $3))
2337 				fatal_exit("out of memory adding "
2338 					"ratelimit-for-domain");
2339 		}
2340 	}
2341 	;
2342 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2343 	{
2344 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2345 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2346 			yyerror("number expected");
2347 			free($2);
2348 			free($3);
2349 		} else {
2350 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2351 				ratelimit_below_domain, $2, $3))
2352 				fatal_exit("out of memory adding "
2353 					"ratelimit-below-domain");
2354 		}
2355 	}
2356 	;
2357 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2358   {
2359   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2360   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
2361   		yyerror("number expected");
2362   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2363   	free($2);
2364 	}
2365 	;
2366 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2367 	{
2368 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2369 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2370 			yyerror("number expected");
2371 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2372 		free($2);
2373 	}
2374 	;
2375 server_low_rtt: VAR_LOW_RTT STRING_ARG
2376 	{
2377 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2378 		free($2);
2379 	}
2380 	;
2381 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2382 	{
2383 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2384 		if(atoi($2) <= 0)
2385 			yyerror("number expected");
2386 		else cfg_parser->cfg->fast_server_num = atoi($2);
2387 		free($2);
2388 	}
2389 	;
2390 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2391 	{
2392 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2393 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2394 			yyerror("number expected");
2395 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2396 		free($2);
2397 	}
2398 	;
2399 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2400 	{
2401 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2402 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2403 			yyerror("expected yes or no.");
2404 		else cfg_parser->cfg->qname_minimisation =
2405 			(strcmp($2, "yes")==0);
2406 		free($2);
2407 	}
2408 	;
2409 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2410 	{
2411 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2412 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2413 			yyerror("expected yes or no.");
2414 		else cfg_parser->cfg->qname_minimisation_strict =
2415 			(strcmp($2, "yes")==0);
2416 		free($2);
2417 	}
2418 	;
2419 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2420 	{
2421 	#ifdef USE_IPSECMOD
2422 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2423 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2424 			yyerror("expected yes or no.");
2425 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2426 	#else
2427 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2428 	#endif
2429 		free($2);
2430 	}
2431 	;
2432 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2433 	{
2434 	#ifdef USE_IPSECMOD
2435 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2436 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2437 			yyerror("expected yes or no.");
2438 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2439 	#else
2440 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2441 	#endif
2442 		free($2);
2443 	}
2444 	;
2445 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2446 	{
2447 	#ifdef USE_IPSECMOD
2448 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2449 		free(cfg_parser->cfg->ipsecmod_hook);
2450 		cfg_parser->cfg->ipsecmod_hook = $2;
2451 	#else
2452 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2453 		free($2);
2454 	#endif
2455 	}
2456 	;
2457 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2458 	{
2459 	#ifdef USE_IPSECMOD
2460 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2461 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2462 			yyerror("number expected");
2463 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2464 		free($2);
2465 	#else
2466 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2467 		free($2);
2468 	#endif
2469 	}
2470 	;
2471 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2472 	{
2473 	#ifdef USE_IPSECMOD
2474 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2475 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2476 			yyerror("out of memory");
2477 	#else
2478 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2479 		free($2);
2480 	#endif
2481 	}
2482 	;
2483 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2484 	{
2485 	#ifdef USE_IPSECMOD
2486 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2487 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2488 			yyerror("expected yes or no.");
2489 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2490 		free($2);
2491 	#else
2492 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2493 		free($2);
2494 	#endif
2495 	}
2496 	;
2497 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2498 	{
2499 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2500 		if(!cfg_str2list_insert(
2501 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2502 			fatal_exit("out of memory adding "
2503 				"edns-client-string");
2504 	}
2505 	;
2506 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2507 	{
2508 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2509 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2510 			yyerror("option code expected");
2511 		else if(atoi($2) > 65535 || atoi($2) < 0)
2512 			yyerror("option code must be in interval [0, 65535]");
2513 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2514 		free($2);
2515 
2516 	}
2517 	;
2518 stub_name: VAR_NAME STRING_ARG
2519 	{
2520 		OUTYY(("P(name:%s)\n", $2));
2521 		if(cfg_parser->cfg->stubs->name)
2522 			yyerror("stub name override, there must be one name "
2523 				"for one stub-zone");
2524 		free(cfg_parser->cfg->stubs->name);
2525 		cfg_parser->cfg->stubs->name = $2;
2526 	}
2527 	;
2528 stub_host: VAR_STUB_HOST STRING_ARG
2529 	{
2530 		OUTYY(("P(stub-host:%s)\n", $2));
2531 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2532 			yyerror("out of memory");
2533 	}
2534 	;
2535 stub_addr: VAR_STUB_ADDR STRING_ARG
2536 	{
2537 		OUTYY(("P(stub-addr:%s)\n", $2));
2538 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2539 			yyerror("out of memory");
2540 	}
2541 	;
2542 stub_first: VAR_STUB_FIRST STRING_ARG
2543 	{
2544 		OUTYY(("P(stub-first:%s)\n", $2));
2545 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2546 			yyerror("expected yes or no.");
2547 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2548 		free($2);
2549 	}
2550 	;
2551 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2552 	{
2553 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2554 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2555 			yyerror("expected yes or no.");
2556 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2557 		free($2);
2558 	}
2559 	;
2560 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2561 	{
2562 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2563 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2564 			yyerror("expected yes or no.");
2565 		else cfg_parser->cfg->stubs->ssl_upstream =
2566 			(strcmp($2, "yes")==0);
2567 		free($2);
2568 	}
2569 	;
2570 stub_prime: VAR_STUB_PRIME STRING_ARG
2571 	{
2572 		OUTYY(("P(stub-prime:%s)\n", $2));
2573 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2574 			yyerror("expected yes or no.");
2575 		else cfg_parser->cfg->stubs->isprime =
2576 			(strcmp($2, "yes")==0);
2577 		free($2);
2578 	}
2579 	;
2580 forward_name: VAR_NAME STRING_ARG
2581 	{
2582 		OUTYY(("P(name:%s)\n", $2));
2583 		if(cfg_parser->cfg->forwards->name)
2584 			yyerror("forward name override, there must be one "
2585 				"name for one forward-zone");
2586 		free(cfg_parser->cfg->forwards->name);
2587 		cfg_parser->cfg->forwards->name = $2;
2588 	}
2589 	;
2590 forward_host: VAR_FORWARD_HOST STRING_ARG
2591 	{
2592 		OUTYY(("P(forward-host:%s)\n", $2));
2593 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2594 			yyerror("out of memory");
2595 	}
2596 	;
2597 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2598 	{
2599 		OUTYY(("P(forward-addr:%s)\n", $2));
2600 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2601 			yyerror("out of memory");
2602 	}
2603 	;
2604 forward_first: VAR_FORWARD_FIRST STRING_ARG
2605 	{
2606 		OUTYY(("P(forward-first:%s)\n", $2));
2607 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2608 			yyerror("expected yes or no.");
2609 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2610 		free($2);
2611 	}
2612 	;
2613 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2614 	{
2615 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2616 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2617 			yyerror("expected yes or no.");
2618 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2619 		free($2);
2620 	}
2621 	;
2622 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2623 	{
2624 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2625 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2626 			yyerror("expected yes or no.");
2627 		else cfg_parser->cfg->forwards->ssl_upstream =
2628 			(strcmp($2, "yes")==0);
2629 		free($2);
2630 	}
2631 	;
2632 auth_name: VAR_NAME STRING_ARG
2633 	{
2634 		OUTYY(("P(name:%s)\n", $2));
2635 		if(cfg_parser->cfg->auths->name)
2636 			yyerror("auth name override, there must be one name "
2637 				"for one auth-zone");
2638 		free(cfg_parser->cfg->auths->name);
2639 		cfg_parser->cfg->auths->name = $2;
2640 	}
2641 	;
2642 auth_zonefile: VAR_ZONEFILE STRING_ARG
2643 	{
2644 		OUTYY(("P(zonefile:%s)\n", $2));
2645 		free(cfg_parser->cfg->auths->zonefile);
2646 		cfg_parser->cfg->auths->zonefile = $2;
2647 	}
2648 	;
2649 auth_master: VAR_MASTER STRING_ARG
2650 	{
2651 		OUTYY(("P(master:%s)\n", $2));
2652 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2653 			yyerror("out of memory");
2654 	}
2655 	;
2656 auth_url: VAR_URL STRING_ARG
2657 	{
2658 		OUTYY(("P(url:%s)\n", $2));
2659 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2660 			yyerror("out of memory");
2661 	}
2662 	;
2663 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2664 	{
2665 		OUTYY(("P(allow-notify:%s)\n", $2));
2666 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2667 			$2))
2668 			yyerror("out of memory");
2669 	}
2670 	;
2671 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2672 	{
2673 		OUTYY(("P(for-downstream:%s)\n", $2));
2674 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2675 			yyerror("expected yes or no.");
2676 		else cfg_parser->cfg->auths->for_downstream =
2677 			(strcmp($2, "yes")==0);
2678 		free($2);
2679 	}
2680 	;
2681 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2682 	{
2683 		OUTYY(("P(for-upstream:%s)\n", $2));
2684 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2685 			yyerror("expected yes or no.");
2686 		else cfg_parser->cfg->auths->for_upstream =
2687 			(strcmp($2, "yes")==0);
2688 		free($2);
2689 	}
2690 	;
2691 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2692 	{
2693 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2694 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2695 			yyerror("expected yes or no.");
2696 		else cfg_parser->cfg->auths->fallback_enabled =
2697 			(strcmp($2, "yes")==0);
2698 		free($2);
2699 	}
2700 	;
2701 view_name: VAR_NAME STRING_ARG
2702 	{
2703 		OUTYY(("P(name:%s)\n", $2));
2704 		if(cfg_parser->cfg->views->name)
2705 			yyerror("view name override, there must be one "
2706 				"name for one view");
2707 		free(cfg_parser->cfg->views->name);
2708 		cfg_parser->cfg->views->name = $2;
2709 	}
2710 	;
2711 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2712 	{
2713 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2714 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2715 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2716 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2717 		   && strcmp($3, "typetransparent")!=0
2718 		   && strcmp($3, "always_transparent")!=0
2719 		   && strcmp($3, "always_refuse")!=0
2720 		   && strcmp($3, "always_nxdomain")!=0
2721 		   && strcmp($3, "noview")!=0
2722 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2723 			yyerror("local-zone type: expected static, deny, "
2724 				"refuse, redirect, transparent, "
2725 				"typetransparent, inform, inform_deny, "
2726 				"always_transparent, always_refuse, "
2727 				"always_nxdomain, noview or nodefault");
2728 			free($2);
2729 			free($3);
2730 		} else if(strcmp($3, "nodefault")==0) {
2731 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2732 				local_zones_nodefault, $2))
2733 				fatal_exit("out of memory adding local-zone");
2734 			free($3);
2735 #ifdef USE_IPSET
2736 		} else if(strcmp($3, "ipset")==0) {
2737 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2738 				local_zones_ipset, $2))
2739 				fatal_exit("out of memory adding local-zone");
2740 			free($3);
2741 #endif
2742 		} else {
2743 			if(!cfg_str2list_insert(
2744 				&cfg_parser->cfg->views->local_zones,
2745 				$2, $3))
2746 				fatal_exit("out of memory adding local-zone");
2747 		}
2748 	}
2749 	;
2750 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2751 	{
2752 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2753 		validate_respip_action($3);
2754 		if(!cfg_str2list_insert(
2755 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2756 			fatal_exit("out of memory adding per-view "
2757 				"response-ip action");
2758 	}
2759 	;
2760 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2761 	{
2762 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2763 		if(!cfg_str2list_insert(
2764 			&cfg_parser->cfg->views->respip_data, $2, $3))
2765 			fatal_exit("out of memory adding response-ip-data");
2766 	}
2767 	;
2768 view_local_data: VAR_LOCAL_DATA STRING_ARG
2769 	{
2770 		OUTYY(("P(view_local_data:%s)\n", $2));
2771 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2772 			fatal_exit("out of memory adding local-data");
2773 		}
2774 	}
2775 	;
2776 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2777 	{
2778 		char* ptr;
2779 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2780 		ptr = cfg_ptr_reverse($2);
2781 		free($2);
2782 		if(ptr) {
2783 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2784 				local_data, ptr))
2785 				fatal_exit("out of memory adding local-data");
2786 		} else {
2787 			yyerror("local-data-ptr could not be reversed");
2788 		}
2789 	}
2790 	;
2791 view_first: VAR_VIEW_FIRST STRING_ARG
2792 	{
2793 		OUTYY(("P(view-first:%s)\n", $2));
2794 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2795 			yyerror("expected yes or no.");
2796 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2797 		free($2);
2798 	}
2799 	;
2800 rcstart: VAR_REMOTE_CONTROL
2801 	{
2802 		OUTYY(("\nP(remote-control:)\n"));
2803 	}
2804 	;
2805 contents_rc: contents_rc content_rc
2806 	| ;
2807 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2808 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2809 	rc_control_cert_file | rc_control_use_cert
2810 	;
2811 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2812 	{
2813 		OUTYY(("P(control_enable:%s)\n", $2));
2814 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2815 			yyerror("expected yes or no.");
2816 		else cfg_parser->cfg->remote_control_enable =
2817 			(strcmp($2, "yes")==0);
2818 		free($2);
2819 	}
2820 	;
2821 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2822 	{
2823 		OUTYY(("P(control_port:%s)\n", $2));
2824 		if(atoi($2) == 0)
2825 			yyerror("control port number expected");
2826 		else cfg_parser->cfg->control_port = atoi($2);
2827 		free($2);
2828 	}
2829 	;
2830 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2831 	{
2832 		OUTYY(("P(control_interface:%s)\n", $2));
2833 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2834 			yyerror("out of memory");
2835 	}
2836 	;
2837 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2838 	{
2839 		OUTYY(("P(control_use_cert:%s)\n", $2));
2840 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2841 		free($2);
2842 	}
2843 	;
2844 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2845 	{
2846 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
2847 		free(cfg_parser->cfg->server_key_file);
2848 		cfg_parser->cfg->server_key_file = $2;
2849 	}
2850 	;
2851 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2852 	{
2853 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2854 		free(cfg_parser->cfg->server_cert_file);
2855 		cfg_parser->cfg->server_cert_file = $2;
2856 	}
2857 	;
2858 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2859 	{
2860 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
2861 		free(cfg_parser->cfg->control_key_file);
2862 		cfg_parser->cfg->control_key_file = $2;
2863 	}
2864 	;
2865 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2866 	{
2867 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2868 		free(cfg_parser->cfg->control_cert_file);
2869 		cfg_parser->cfg->control_cert_file = $2;
2870 	}
2871 	;
2872 dtstart: VAR_DNSTAP
2873 	{
2874 		OUTYY(("\nP(dnstap:)\n"));
2875 	}
2876 	;
2877 contents_dt: contents_dt content_dt
2878 	| ;
2879 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
2880 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
2881 	dt_dnstap_tls_cert_bundle |
2882 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
2883 	dt_dnstap_send_identity | dt_dnstap_send_version |
2884 	dt_dnstap_identity | dt_dnstap_version |
2885 	dt_dnstap_log_resolver_query_messages |
2886 	dt_dnstap_log_resolver_response_messages |
2887 	dt_dnstap_log_client_query_messages |
2888 	dt_dnstap_log_client_response_messages |
2889 	dt_dnstap_log_forwarder_query_messages |
2890 	dt_dnstap_log_forwarder_response_messages
2891 	;
2892 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2893 	{
2894 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2895 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2896 			yyerror("expected yes or no.");
2897 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2898 		free($2);
2899 	}
2900 	;
2901 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
2902 	{
2903 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
2904 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2905 			yyerror("expected yes or no.");
2906 		else cfg_parser->cfg->dnstap_bidirectional =
2907 			(strcmp($2, "yes")==0);
2908 		free($2);
2909 	}
2910 	;
2911 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2912 	{
2913 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2914 		free(cfg_parser->cfg->dnstap_socket_path);
2915 		cfg_parser->cfg->dnstap_socket_path = $2;
2916 	}
2917 	;
2918 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
2919 	{
2920 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
2921 		free(cfg_parser->cfg->dnstap_ip);
2922 		cfg_parser->cfg->dnstap_ip = $2;
2923 	}
2924 	;
2925 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
2926 	{
2927 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
2928 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2929 			yyerror("expected yes or no.");
2930 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
2931 		free($2);
2932 	}
2933 	;
2934 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
2935 	{
2936 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
2937 		free(cfg_parser->cfg->dnstap_tls_server_name);
2938 		cfg_parser->cfg->dnstap_tls_server_name = $2;
2939 	}
2940 	;
2941 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
2942 	{
2943 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
2944 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
2945 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
2946 	}
2947 	;
2948 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
2949 	{
2950 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
2951 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
2952 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
2953 	}
2954 	;
2955 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
2956 	{
2957 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
2958 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
2959 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
2960 	}
2961 	;
2962 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2963 	{
2964 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2965 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2966 			yyerror("expected yes or no.");
2967 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2968 		free($2);
2969 	}
2970 	;
2971 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2972 	{
2973 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2974 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2975 			yyerror("expected yes or no.");
2976 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2977 		free($2);
2978 	}
2979 	;
2980 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2981 	{
2982 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2983 		free(cfg_parser->cfg->dnstap_identity);
2984 		cfg_parser->cfg->dnstap_identity = $2;
2985 	}
2986 	;
2987 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2988 	{
2989 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2990 		free(cfg_parser->cfg->dnstap_version);
2991 		cfg_parser->cfg->dnstap_version = $2;
2992 	}
2993 	;
2994 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2995 	{
2996 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2997 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2998 			yyerror("expected yes or no.");
2999 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3000 			(strcmp($2, "yes")==0);
3001 		free($2);
3002 	}
3003 	;
3004 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3005 	{
3006 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3007 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3008 			yyerror("expected yes or no.");
3009 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3010 			(strcmp($2, "yes")==0);
3011 		free($2);
3012 	}
3013 	;
3014 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3015 	{
3016 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3017 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3018 			yyerror("expected yes or no.");
3019 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3020 			(strcmp($2, "yes")==0);
3021 		free($2);
3022 	}
3023 	;
3024 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3025 	{
3026 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3027 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3028 			yyerror("expected yes or no.");
3029 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3030 			(strcmp($2, "yes")==0);
3031 		free($2);
3032 	}
3033 	;
3034 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3035 	{
3036 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3037 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3038 			yyerror("expected yes or no.");
3039 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3040 			(strcmp($2, "yes")==0);
3041 		free($2);
3042 	}
3043 	;
3044 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3045 	{
3046 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3047 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3048 			yyerror("expected yes or no.");
3049 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3050 			(strcmp($2, "yes")==0);
3051 		free($2);
3052 	}
3053 	;
3054 pythonstart: VAR_PYTHON
3055 	{
3056 		OUTYY(("\nP(python:)\n"));
3057 	}
3058 	;
3059 contents_py: contents_py content_py
3060 	| ;
3061 content_py: py_script
3062 	;
3063 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3064 	{
3065 		OUTYY(("P(python-script:%s)\n", $2));
3066 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3067 			yyerror("out of memory");
3068 	}
3069 dynlibstart: VAR_DYNLIB
3070 	{
3071 		OUTYY(("\nP(dynlib:)\n"));
3072 	}
3073 	;
3074 contents_dl: contents_dl content_dl
3075 	| ;
3076 content_dl: dl_file
3077 	;
3078 dl_file: VAR_DYNLIB_FILE STRING_ARG
3079 	{
3080 		OUTYY(("P(dynlib-file:%s)\n", $2));
3081 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3082 			yyerror("out of memory");
3083 	}
3084 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3085 	{
3086 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3087 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3088 			yyerror("expected yes or no.");
3089 		else cfg_parser->cfg->disable_dnssec_lame_check =
3090 			(strcmp($2, "yes")==0);
3091 		free($2);
3092 	}
3093 	;
3094 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3095 	{
3096 		OUTYY(("P(server_log_identity:%s)\n", $2));
3097 		free(cfg_parser->cfg->log_identity);
3098 		cfg_parser->cfg->log_identity = $2;
3099 	}
3100 	;
3101 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3102 	{
3103 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3104 		validate_respip_action($3);
3105 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3106 			$2, $3))
3107 			fatal_exit("out of memory adding response-ip");
3108 	}
3109 	;
3110 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3111 	{
3112 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3113 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3114 			$2, $3))
3115 			fatal_exit("out of memory adding response-ip-data");
3116 	}
3117 	;
3118 dnscstart: VAR_DNSCRYPT
3119 	{
3120 		OUTYY(("\nP(dnscrypt:)\n"));
3121 	}
3122 	;
3123 contents_dnsc: contents_dnsc content_dnsc
3124 	| ;
3125 content_dnsc:
3126 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3127 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3128 	dnsc_dnscrypt_provider_cert_rotated |
3129 	dnsc_dnscrypt_shared_secret_cache_size |
3130 	dnsc_dnscrypt_shared_secret_cache_slabs |
3131 	dnsc_dnscrypt_nonce_cache_size |
3132 	dnsc_dnscrypt_nonce_cache_slabs
3133 	;
3134 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3135 	{
3136 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3137 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3138 			yyerror("expected yes or no.");
3139 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3140 		free($2);
3141 	}
3142 	;
3143 
3144 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3145 	{
3146 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3147 		if(atoi($2) == 0)
3148 			yyerror("port number expected");
3149 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3150 		free($2);
3151 	}
3152 	;
3153 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3154 	{
3155 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3156 		free(cfg_parser->cfg->dnscrypt_provider);
3157 		cfg_parser->cfg->dnscrypt_provider = $2;
3158 	}
3159 	;
3160 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3161 	{
3162 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3163 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3164 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3165 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3166 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3167 	}
3168 	;
3169 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3170 	{
3171 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3172 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3173 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3174 	}
3175 	;
3176 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3177 	{
3178 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3179 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3180 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3181 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3182 			fatal_exit("out of memory adding dnscrypt-secret-key");
3183 	}
3184 	;
3185 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3186   {
3187   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3188   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3189   		yyerror("memory size expected");
3190   	free($2);
3191   }
3192   ;
3193 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3194   {
3195   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3196   	if(atoi($2) == 0)
3197   		yyerror("number expected");
3198   	else {
3199   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3200   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3201   			yyerror("must be a power of 2");
3202   	}
3203   	free($2);
3204   }
3205   ;
3206 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3207   {
3208   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3209   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3210   		yyerror("memory size expected");
3211   	free($2);
3212   }
3213   ;
3214 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3215   {
3216   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3217   	if(atoi($2) == 0)
3218   		yyerror("number expected");
3219   	else {
3220   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3221   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3222   			yyerror("must be a power of 2");
3223   	}
3224   	free($2);
3225   }
3226   ;
3227 cachedbstart: VAR_CACHEDB
3228 	{
3229 		OUTYY(("\nP(cachedb:)\n"));
3230 	}
3231 	;
3232 contents_cachedb: contents_cachedb content_cachedb
3233 	| ;
3234 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3235 	redis_server_host | redis_server_port | redis_timeout |
3236 	redis_expire_records
3237 	;
3238 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3239 	{
3240 	#ifdef USE_CACHEDB
3241 		OUTYY(("P(backend:%s)\n", $2));
3242 		free(cfg_parser->cfg->cachedb_backend);
3243 		cfg_parser->cfg->cachedb_backend = $2;
3244 	#else
3245 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3246 		free($2);
3247 	#endif
3248 	}
3249 	;
3250 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3251 	{
3252 	#ifdef USE_CACHEDB
3253 		OUTYY(("P(secret-seed:%s)\n", $2));
3254 		free(cfg_parser->cfg->cachedb_secret);
3255 		cfg_parser->cfg->cachedb_secret = $2;
3256 	#else
3257 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3258 		free($2);
3259 	#endif
3260 	}
3261 	;
3262 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3263 	{
3264 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3265 		OUTYY(("P(redis_server_host:%s)\n", $2));
3266 		free(cfg_parser->cfg->redis_server_host);
3267 		cfg_parser->cfg->redis_server_host = $2;
3268 	#else
3269 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3270 		free($2);
3271 	#endif
3272 	}
3273 	;
3274 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3275 	{
3276 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3277 		int port;
3278 		OUTYY(("P(redis_server_port:%s)\n", $2));
3279 		port = atoi($2);
3280 		if(port == 0 || port < 0 || port > 65535)
3281 			yyerror("valid redis server port number expected");
3282 		else cfg_parser->cfg->redis_server_port = port;
3283 	#else
3284 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3285 	#endif
3286 		free($2);
3287 	}
3288 	;
3289 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3290 	{
3291 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3292 		OUTYY(("P(redis_timeout:%s)\n", $2));
3293 		if(atoi($2) == 0)
3294 			yyerror("redis timeout value expected");
3295 		else cfg_parser->cfg->redis_timeout = atoi($2);
3296 	#else
3297 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3298 	#endif
3299 		free($2);
3300 	}
3301 	;
3302 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3303 	{
3304 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3305 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3306 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3307 			yyerror("expected yes or no.");
3308 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3309 	#else
3310 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3311 	#endif
3312 		free($2);
3313 	}
3314 	;
3315 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3316 	{
3317 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3318 		if (atoi($3) < 0)
3319 			yyerror("positive number expected");
3320 		else {
3321 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3322 				fatal_exit("out of memory adding tcp connection limit");
3323 		}
3324 	}
3325 	;
3326 	ipsetstart: VAR_IPSET
3327 		{
3328 			OUTYY(("\nP(ipset:)\n"));
3329 		}
3330 		;
3331 	contents_ipset: contents_ipset content_ipset
3332 		| ;
3333 	content_ipset: ipset_name_v4 | ipset_name_v6
3334 		;
3335 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3336 		{
3337 		#ifdef USE_IPSET
3338 			OUTYY(("P(name-v4:%s)\n", $2));
3339 			if(cfg_parser->cfg->ipset_name_v4)
3340 				yyerror("ipset name v4 override, there must be one "
3341 					"name for ip v4");
3342 			free(cfg_parser->cfg->ipset_name_v4);
3343 			cfg_parser->cfg->ipset_name_v4 = $2;
3344 		#else
3345 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3346 			free($2);
3347 		#endif
3348 		}
3349 	;
3350 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3351 	{
3352 		#ifdef USE_IPSET
3353 			OUTYY(("P(name-v6:%s)\n", $2));
3354 			if(cfg_parser->cfg->ipset_name_v6)
3355 				yyerror("ipset name v6 override, there must be one "
3356 					"name for ip v6");
3357 			free(cfg_parser->cfg->ipset_name_v6);
3358 			cfg_parser->cfg->ipset_name_v6 = $2;
3359 		#else
3360 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3361 			free($2);
3362 		#endif
3363 		}
3364 	;
3365 %%
3366 
3367 /* parse helper routines could be here */
3368 static void
3369 validate_respip_action(const char* action)
3370 {
3371 	if(strcmp(action, "deny")!=0 &&
3372 		strcmp(action, "redirect")!=0 &&
3373 		strcmp(action, "inform")!=0 &&
3374 		strcmp(action, "inform_deny")!=0 &&
3375 		strcmp(action, "always_transparent")!=0 &&
3376 		strcmp(action, "always_refuse")!=0 &&
3377 		strcmp(action, "always_nxdomain")!=0)
3378 	{
3379 		yyerror("response-ip action: expected deny, redirect, "
3380 			"inform, inform_deny, always_transparent, "
3381 			"always_refuse or always_nxdomain");
3382 	}
3383 }
3384 
3385 
3386