xref: /freebsd/contrib/unbound/util/configparser.y (revision d0ba1baed3f6e4936a0c1b89c25f6c59168ef6de)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS
76 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
77 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
78 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
79 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
80 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
81 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
82 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
83 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
84 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
85 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
86 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
87 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
88 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
89 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
90 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
91 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
92 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
93 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
94 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
95 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
96 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
97 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
98 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
99 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
100 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
101 %token VAR_CONTROL_USE_CERT
102 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
103 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
104 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
105 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
106 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
107 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
108 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
109 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES
110 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
111 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
112 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
113 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
114 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
115 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
116 %token VAR_INFRA_CACHE_MIN_RTT
117 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
118 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
119 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
120 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
121 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
122 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
123 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
124 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
125 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
126 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
127 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
128 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
129 %token VAR_DISABLE_DNSSEC_LAME_CHECK
130 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
131 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
132 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
133 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
134 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
135 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
136 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
137 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
138 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
139 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
140 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
141 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
142 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
143 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
144 %token VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
145 %token VAR_ROOT_KEY_SENTINEL
146 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
147 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
148 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
149 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
150 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
151 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
152 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
153 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
154 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
155 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
156 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
157 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
158 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
159 %token VAR_FALLBACK_ENABLED VAR_ADDITIONAL_TLS_PORT VAR_LOW_RTT VAR_LOW_RTT_PCT
160 %token VAR_ALLOW_NOTIFY
161 
162 %%
163 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
164 toplevelvar: serverstart contents_server | stubstart contents_stub |
165 	forwardstart contents_forward | pythonstart contents_py |
166 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
167 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
168 	authstart contents_auth
169 	;
170 
171 /* server: declaration */
172 serverstart: VAR_SERVER
173 	{
174 		OUTYY(("\nP(server:)\n"));
175 	}
176 	;
177 contents_server: contents_server content_server
178 	| ;
179 content_server: server_num_threads | server_verbosity | server_port |
180 	server_outgoing_range | server_do_ip4 |
181 	server_do_ip6 | server_prefer_ip6 |
182 	server_do_udp | server_do_tcp |
183 	server_tcp_mss | server_outgoing_tcp_mss |
184 	server_interface | server_chroot | server_username |
185 	server_directory | server_logfile | server_pidfile |
186 	server_msg_cache_size | server_msg_cache_slabs |
187 	server_num_queries_per_thread | server_rrset_cache_size |
188 	server_rrset_cache_slabs | server_outgoing_num_tcp |
189 	server_infra_host_ttl | server_infra_lame_ttl |
190 	server_infra_cache_slabs | server_infra_cache_numhosts |
191 	server_infra_cache_lame_size | server_target_fetch_policy |
192 	server_harden_short_bufsize | server_harden_large_queries |
193 	server_do_not_query_address | server_hide_identity |
194 	server_hide_version | server_identity | server_version |
195 	server_harden_glue | server_module_conf | server_trust_anchor_file |
196 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
197 	server_val_clean_additional | server_val_permissive_mode |
198 	server_incoming_num_tcp | server_msg_buffer_size |
199 	server_key_cache_size | server_key_cache_slabs |
200 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
201 	server_use_syslog | server_outgoing_interface | server_root_hints |
202 	server_do_not_query_localhost | server_cache_max_ttl |
203 	server_harden_dnssec_stripped | server_access_control |
204 	server_local_zone | server_local_data | server_interface_automatic |
205 	server_statistics_interval | server_do_daemonize |
206 	server_use_caps_for_id | server_statistics_cumulative |
207 	server_outgoing_port_permit | server_outgoing_port_avoid |
208 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
209 	server_harden_referral_path | server_private_address |
210 	server_private_domain | server_extended_statistics |
211 	server_local_data_ptr | server_jostle_timeout |
212 	server_unwanted_reply_threshold | server_log_time_ascii |
213 	server_domain_insecure | server_val_sig_skew_min |
214 	server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
215 	server_auto_trust_anchor_file | server_add_holddown |
216 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
217 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
218 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
219 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
220 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
221 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
222 	server_so_reuseport | server_delay_close |
223 	server_unblock_lan_zones | server_insecure_lan_zones |
224 	server_dns64_prefix | server_dns64_synthall |
225 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
226 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
227 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
228 	server_ip_ratelimit_size | server_ratelimit_size |
229 	server_ratelimit_for_domain |
230 	server_ratelimit_below_domain | server_ratelimit_factor |
231 	server_ip_ratelimit_factor | server_send_client_subnet |
232 	server_client_subnet_zone | server_client_subnet_always_forward |
233 	server_client_subnet_opcode |
234 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
235 	server_caps_whitelist | server_cache_max_negative_ttl |
236 	server_permit_small_holddown | server_qname_minimisation |
237 	server_ip_freebind | server_define_tag | server_local_zone_tag |
238 	server_disable_dnssec_lame_check | server_access_control_tag |
239 	server_local_zone_override | server_access_control_tag_action |
240 	server_access_control_tag_data | server_access_control_view |
241 	server_qname_minimisation_strict | server_serve_expired |
242 	server_fake_dsa | server_log_identity | server_use_systemd |
243 	server_response_ip_tag | server_response_ip | server_response_ip_data |
244 	server_shm_enable | server_shm_key | server_fake_sha1 |
245 	server_hide_trustanchor | server_trust_anchor_signaling |
246 	server_root_key_sentinel |
247 	server_ipsecmod_enabled | server_ipsecmod_hook |
248 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
249 	server_ipsecmod_whitelist | server_ipsecmod_strict |
250 	server_udp_upstream_without_downstream | server_aggressive_nsec |
251 	server_tls_cert_bundle | server_additional_tls_port | server_low_rtt |
252 	server_low_rtt_pct
253 	;
254 stubstart: VAR_STUB_ZONE
255 	{
256 		struct config_stub* s;
257 		OUTYY(("\nP(stub_zone:)\n"));
258 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
259 		if(s) {
260 			s->next = cfg_parser->cfg->stubs;
261 			cfg_parser->cfg->stubs = s;
262 		} else
263 			yyerror("out of memory");
264 	}
265 	;
266 contents_stub: contents_stub content_stub
267 	| ;
268 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
269 	stub_ssl_upstream
270 	;
271 forwardstart: VAR_FORWARD_ZONE
272 	{
273 		struct config_stub* s;
274 		OUTYY(("\nP(forward_zone:)\n"));
275 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
276 		if(s) {
277 			s->next = cfg_parser->cfg->forwards;
278 			cfg_parser->cfg->forwards = s;
279 		} else
280 			yyerror("out of memory");
281 	}
282 	;
283 contents_forward: contents_forward content_forward
284 	| ;
285 content_forward: forward_name | forward_host | forward_addr | forward_first |
286 	forward_ssl_upstream
287 	;
288 viewstart: VAR_VIEW
289 	{
290 		struct config_view* s;
291 		OUTYY(("\nP(view:)\n"));
292 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
293 		if(s) {
294 			s->next = cfg_parser->cfg->views;
295 			if(s->next && !s->next->name)
296 				yyerror("view without name");
297 			cfg_parser->cfg->views = s;
298 		} else
299 			yyerror("out of memory");
300 	}
301 	;
302 contents_view: contents_view content_view
303 	| ;
304 content_view: view_name | view_local_zone | view_local_data | view_first |
305 		view_response_ip | view_response_ip_data | view_local_data_ptr
306 	;
307 authstart: VAR_AUTH_ZONE
308 	{
309 		struct config_auth* s;
310 		OUTYY(("\nP(auth_zone:)\n"));
311 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
312 		if(s) {
313 			s->next = cfg_parser->cfg->auths;
314 			cfg_parser->cfg->auths = s;
315 			/* defaults for auth zone */
316 			s->for_downstream = 1;
317 			s->for_upstream = 1;
318 			s->fallback_enabled = 0;
319 		} else
320 			yyerror("out of memory");
321 	}
322 	;
323 contents_auth: contents_auth content_auth
324 	| ;
325 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
326 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
327 	auth_allow_notify
328 	;
329 server_num_threads: VAR_NUM_THREADS STRING_ARG
330 	{
331 		OUTYY(("P(server_num_threads:%s)\n", $2));
332 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
333 			yyerror("number expected");
334 		else cfg_parser->cfg->num_threads = atoi($2);
335 		free($2);
336 	}
337 	;
338 server_verbosity: VAR_VERBOSITY STRING_ARG
339 	{
340 		OUTYY(("P(server_verbosity:%s)\n", $2));
341 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
342 			yyerror("number expected");
343 		else cfg_parser->cfg->verbosity = atoi($2);
344 		free($2);
345 	}
346 	;
347 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
348 	{
349 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
350 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
351 			cfg_parser->cfg->stat_interval = 0;
352 		else if(atoi($2) == 0)
353 			yyerror("number expected");
354 		else cfg_parser->cfg->stat_interval = atoi($2);
355 		free($2);
356 	}
357 	;
358 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
359 	{
360 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
361 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
362 			yyerror("expected yes or no.");
363 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
364 		free($2);
365 	}
366 	;
367 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
368 	{
369 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
370 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
371 			yyerror("expected yes or no.");
372 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
373 		free($2);
374 	}
375 	;
376 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
377 	{
378 		OUTYY(("P(server_shm_enable:%s)\n", $2));
379 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
380 			yyerror("expected yes or no.");
381 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
382 		free($2);
383 	}
384 	;
385 server_shm_key: VAR_SHM_KEY STRING_ARG
386 	{
387 		OUTYY(("P(server_shm_key:%s)\n", $2));
388 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
389 			cfg_parser->cfg->shm_key = 0;
390 		else if(atoi($2) == 0)
391 			yyerror("number expected");
392 		else cfg_parser->cfg->shm_key = atoi($2);
393 		free($2);
394 	}
395 	;
396 server_port: VAR_PORT STRING_ARG
397 	{
398 		OUTYY(("P(server_port:%s)\n", $2));
399 		if(atoi($2) == 0)
400 			yyerror("port number expected");
401 		else cfg_parser->cfg->port = atoi($2);
402 		free($2);
403 	}
404 	;
405 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
406 	{
407 	#ifdef CLIENT_SUBNET
408 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
409 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
410 			fatal_exit("out of memory adding client-subnet");
411 	#else
412 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
413 	#endif
414 	}
415 	;
416 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
417 	{
418 	#ifdef CLIENT_SUBNET
419 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
420 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
421 			$2))
422 			fatal_exit("out of memory adding client-subnet-zone");
423 	#else
424 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
425 	#endif
426 	}
427 	;
428 server_client_subnet_always_forward:
429 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
430 	{
431 	#ifdef CLIENT_SUBNET
432 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
433 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
434 			yyerror("expected yes or no.");
435 		else
436 			cfg_parser->cfg->client_subnet_always_forward =
437 				(strcmp($2, "yes")==0);
438 	#else
439 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
440 	#endif
441 		free($2);
442 	}
443 	;
444 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
445 	{
446 	#ifdef CLIENT_SUBNET
447 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
448 		OUTYY(("P(Deprecated option, ignoring)\n"));
449 	#else
450 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
451 	#endif
452 		free($2);
453 	}
454 	;
455 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
456 	{
457 	#ifdef CLIENT_SUBNET
458 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
459 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
460 			yyerror("IPv4 subnet length expected");
461 		else if (atoi($2) > 32)
462 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
463 		else if (atoi($2) < 0)
464 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
465 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
466 	#else
467 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
468 	#endif
469 		free($2);
470 	}
471 	;
472 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
473 	{
474 	#ifdef CLIENT_SUBNET
475 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
476 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
477 			yyerror("Ipv6 subnet length expected");
478 		else if (atoi($2) > 128)
479 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
480 		else if (atoi($2) < 0)
481 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
482 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
483 	#else
484 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
485 	#endif
486 		free($2);
487 	}
488 	;
489 server_interface: VAR_INTERFACE STRING_ARG
490 	{
491 		OUTYY(("P(server_interface:%s)\n", $2));
492 		if(cfg_parser->cfg->num_ifs == 0)
493 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
494 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
495 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
496 		if(!cfg_parser->cfg->ifs)
497 			yyerror("out of memory");
498 		else
499 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
500 	}
501 	;
502 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
503 	{
504 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
505 		if(cfg_parser->cfg->num_out_ifs == 0)
506 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
507 		else 	cfg_parser->cfg->out_ifs = realloc(
508 			cfg_parser->cfg->out_ifs,
509 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
510 		if(!cfg_parser->cfg->out_ifs)
511 			yyerror("out of memory");
512 		else
513 			cfg_parser->cfg->out_ifs[
514 				cfg_parser->cfg->num_out_ifs++] = $2;
515 	}
516 	;
517 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
518 	{
519 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
520 		if(atoi($2) == 0)
521 			yyerror("number expected");
522 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
523 		free($2);
524 	}
525 	;
526 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
527 	{
528 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
529 		if(!cfg_mark_ports($2, 1,
530 			cfg_parser->cfg->outgoing_avail_ports, 65536))
531 			yyerror("port number or range (\"low-high\") expected");
532 		free($2);
533 	}
534 	;
535 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
536 	{
537 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
538 		if(!cfg_mark_ports($2, 0,
539 			cfg_parser->cfg->outgoing_avail_ports, 65536))
540 			yyerror("port number or range (\"low-high\") expected");
541 		free($2);
542 	}
543 	;
544 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
545 	{
546 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
547 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
548 			yyerror("number expected");
549 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
550 		free($2);
551 	}
552 	;
553 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
554 	{
555 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
556 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
557 			yyerror("number expected");
558 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
559 		free($2);
560 	}
561 	;
562 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
563 	{
564 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
565 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
566 			yyerror("expected yes or no.");
567 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
568 		free($2);
569 	}
570 	;
571 server_do_ip4: VAR_DO_IP4 STRING_ARG
572 	{
573 		OUTYY(("P(server_do_ip4:%s)\n", $2));
574 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
575 			yyerror("expected yes or no.");
576 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
577 		free($2);
578 	}
579 	;
580 server_do_ip6: VAR_DO_IP6 STRING_ARG
581 	{
582 		OUTYY(("P(server_do_ip6:%s)\n", $2));
583 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
584 			yyerror("expected yes or no.");
585 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
586 		free($2);
587 	}
588 	;
589 server_do_udp: VAR_DO_UDP STRING_ARG
590 	{
591 		OUTYY(("P(server_do_udp:%s)\n", $2));
592 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
593 			yyerror("expected yes or no.");
594 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
595 		free($2);
596 	}
597 	;
598 server_do_tcp: VAR_DO_TCP STRING_ARG
599 	{
600 		OUTYY(("P(server_do_tcp:%s)\n", $2));
601 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
602 			yyerror("expected yes or no.");
603 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
604 		free($2);
605 	}
606 	;
607 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
608 	{
609 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
610 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
611 			yyerror("expected yes or no.");
612 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
613 		free($2);
614 	}
615 	;
616 server_tcp_mss: VAR_TCP_MSS STRING_ARG
617 	{
618 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
619                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
620                         yyerror("number expected");
621                 else cfg_parser->cfg->tcp_mss = atoi($2);
622                 free($2);
623 	}
624 	;
625 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
626 	{
627 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
628 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
629 			yyerror("number expected");
630 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
631 		free($2);
632 	}
633 	;
634 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
635 	{
636 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
637 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
638 			yyerror("expected yes or no.");
639 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
640 		free($2);
641 	}
642 	;
643 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
644 	{
645 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
646 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
647 			yyerror("expected yes or no.");
648 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
649 		free($2);
650 	}
651 	;
652 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
653 	{
654 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
655 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
656 			yyerror("expected yes or no.");
657 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
658 		free($2);
659 	}
660 	;
661 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
662 	{
663 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
664 		free(cfg_parser->cfg->ssl_service_key);
665 		cfg_parser->cfg->ssl_service_key = $2;
666 	}
667 	;
668 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
669 	{
670 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
671 		free(cfg_parser->cfg->ssl_service_pem);
672 		cfg_parser->cfg->ssl_service_pem = $2;
673 	}
674 	;
675 server_ssl_port: VAR_SSL_PORT STRING_ARG
676 	{
677 		OUTYY(("P(server_ssl_port:%s)\n", $2));
678 		if(atoi($2) == 0)
679 			yyerror("port number expected");
680 		else cfg_parser->cfg->ssl_port = atoi($2);
681 		free($2);
682 	}
683 	;
684 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
685 	{
686 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
687 		free(cfg_parser->cfg->tls_cert_bundle);
688 		cfg_parser->cfg->tls_cert_bundle = $2;
689 	}
690 	;
691 server_additional_tls_port: VAR_ADDITIONAL_TLS_PORT STRING_ARG
692 	{
693 		OUTYY(("P(server_additional_tls_port:%s)\n", $2));
694 		if(!cfg_strlist_insert(&cfg_parser->cfg->additional_tls_port,
695 			$2))
696 			yyerror("out of memory");
697 	}
698 	;
699 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
700 	{
701 		OUTYY(("P(server_use_systemd:%s)\n", $2));
702 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
703 			yyerror("expected yes or no.");
704 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
705 		free($2);
706 	}
707 	;
708 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
709 	{
710 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
711 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
712 			yyerror("expected yes or no.");
713 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
714 		free($2);
715 	}
716 	;
717 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
718 	{
719 		OUTYY(("P(server_use_syslog:%s)\n", $2));
720 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
721 			yyerror("expected yes or no.");
722 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
723 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
724 		if(strcmp($2, "yes") == 0)
725 			yyerror("no syslog services are available. "
726 				"(reconfigure and compile to add)");
727 #endif
728 		free($2);
729 	}
730 	;
731 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
732 	{
733 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
734 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
735 			yyerror("expected yes or no.");
736 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
737 		free($2);
738 	}
739 	;
740 server_log_queries: VAR_LOG_QUERIES STRING_ARG
741 	{
742 		OUTYY(("P(server_log_queries:%s)\n", $2));
743 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
744 			yyerror("expected yes or no.");
745 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
746 		free($2);
747 	}
748 	;
749 server_log_replies: VAR_LOG_REPLIES STRING_ARG
750   {
751   	OUTYY(("P(server_log_replies:%s)\n", $2));
752   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
753   		yyerror("expected yes or no.");
754   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
755   	free($2);
756   }
757   ;
758 server_chroot: VAR_CHROOT STRING_ARG
759 	{
760 		OUTYY(("P(server_chroot:%s)\n", $2));
761 		free(cfg_parser->cfg->chrootdir);
762 		cfg_parser->cfg->chrootdir = $2;
763 	}
764 	;
765 server_username: VAR_USERNAME STRING_ARG
766 	{
767 		OUTYY(("P(server_username:%s)\n", $2));
768 		free(cfg_parser->cfg->username);
769 		cfg_parser->cfg->username = $2;
770 	}
771 	;
772 server_directory: VAR_DIRECTORY STRING_ARG
773 	{
774 		OUTYY(("P(server_directory:%s)\n", $2));
775 		free(cfg_parser->cfg->directory);
776 		cfg_parser->cfg->directory = $2;
777 		/* change there right away for includes relative to this */
778 		if($2[0]) {
779 			char* d;
780 #ifdef UB_ON_WINDOWS
781 			w_config_adjust_directory(cfg_parser->cfg);
782 #endif
783 			d = cfg_parser->cfg->directory;
784 			/* adjust directory if we have already chroot,
785 			 * like, we reread after sighup */
786 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
787 				strncmp(d, cfg_parser->chroot, strlen(
788 				cfg_parser->chroot)) == 0)
789 				d += strlen(cfg_parser->chroot);
790 			if(d[0]) {
791 			    if(chdir(d))
792 				log_err("cannot chdir to directory: %s (%s)",
793 					d, strerror(errno));
794 			}
795 		}
796 	}
797 	;
798 server_logfile: VAR_LOGFILE STRING_ARG
799 	{
800 		OUTYY(("P(server_logfile:%s)\n", $2));
801 		free(cfg_parser->cfg->logfile);
802 		cfg_parser->cfg->logfile = $2;
803 		cfg_parser->cfg->use_syslog = 0;
804 	}
805 	;
806 server_pidfile: VAR_PIDFILE STRING_ARG
807 	{
808 		OUTYY(("P(server_pidfile:%s)\n", $2));
809 		free(cfg_parser->cfg->pidfile);
810 		cfg_parser->cfg->pidfile = $2;
811 	}
812 	;
813 server_root_hints: VAR_ROOT_HINTS STRING_ARG
814 	{
815 		OUTYY(("P(server_root_hints:%s)\n", $2));
816 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
817 			yyerror("out of memory");
818 	}
819 	;
820 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
821 	{
822 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
823 		free(cfg_parser->cfg->dlv_anchor_file);
824 		cfg_parser->cfg->dlv_anchor_file = $2;
825 	}
826 	;
827 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
828 	{
829 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
830 		if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
831 			yyerror("out of memory");
832 	}
833 	;
834 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
835 	{
836 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
837 		if(!cfg_strlist_insert(&cfg_parser->cfg->
838 			auto_trust_anchor_file_list, $2))
839 			yyerror("out of memory");
840 	}
841 	;
842 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
843 	{
844 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
845 		if(!cfg_strlist_insert(&cfg_parser->cfg->
846 			trust_anchor_file_list, $2))
847 			yyerror("out of memory");
848 	}
849 	;
850 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
851 	{
852 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
853 		if(!cfg_strlist_insert(&cfg_parser->cfg->
854 			trusted_keys_file_list, $2))
855 			yyerror("out of memory");
856 	}
857 	;
858 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
859 	{
860 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
861 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
862 			yyerror("out of memory");
863 	}
864 	;
865 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
866 	{
867 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
868 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
869 			yyerror("expected yes or no.");
870 		else
871 			cfg_parser->cfg->trust_anchor_signaling =
872 				(strcmp($2, "yes")==0);
873 		free($2);
874 	}
875 	;
876 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
877 	{
878 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
879 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
880 			yyerror("expected yes or no.");
881 		else
882 			cfg_parser->cfg->root_key_sentinel =
883 				(strcmp($2, "yes")==0);
884 		free($2);
885 	}
886 	;
887 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
888 	{
889 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
890 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
891 			yyerror("out of memory");
892 	}
893 	;
894 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
895 	{
896 		OUTYY(("P(server_hide_identity:%s)\n", $2));
897 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
898 			yyerror("expected yes or no.");
899 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
900 		free($2);
901 	}
902 	;
903 server_hide_version: VAR_HIDE_VERSION STRING_ARG
904 	{
905 		OUTYY(("P(server_hide_version:%s)\n", $2));
906 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
907 			yyerror("expected yes or no.");
908 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
909 		free($2);
910 	}
911 	;
912 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
913 	{
914 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
915 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
916 			yyerror("expected yes or no.");
917 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
918 		free($2);
919 	}
920 	;
921 server_identity: VAR_IDENTITY STRING_ARG
922 	{
923 		OUTYY(("P(server_identity:%s)\n", $2));
924 		free(cfg_parser->cfg->identity);
925 		cfg_parser->cfg->identity = $2;
926 	}
927 	;
928 server_version: VAR_VERSION STRING_ARG
929 	{
930 		OUTYY(("P(server_version:%s)\n", $2));
931 		free(cfg_parser->cfg->version);
932 		cfg_parser->cfg->version = $2;
933 	}
934 	;
935 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
936 	{
937 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
938 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
939 			yyerror("buffer size expected");
940 		free($2);
941 	}
942 	;
943 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
944 	{
945 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
946 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
947 			yyerror("buffer size expected");
948 		free($2);
949 	}
950 	;
951 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
952     {
953         OUTYY(("P(server_so_reuseport:%s)\n", $2));
954         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
955             yyerror("expected yes or no.");
956         else cfg_parser->cfg->so_reuseport =
957             (strcmp($2, "yes")==0);
958         free($2);
959     }
960     ;
961 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
962     {
963         OUTYY(("P(server_ip_transparent:%s)\n", $2));
964         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
965             yyerror("expected yes or no.");
966         else cfg_parser->cfg->ip_transparent =
967             (strcmp($2, "yes")==0);
968         free($2);
969     }
970     ;
971 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
972     {
973         OUTYY(("P(server_ip_freebind:%s)\n", $2));
974         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
975             yyerror("expected yes or no.");
976         else cfg_parser->cfg->ip_freebind =
977             (strcmp($2, "yes")==0);
978         free($2);
979     }
980     ;
981 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
982 	{
983 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
984 		if(atoi($2) == 0)
985 			yyerror("number expected");
986 		else if (atoi($2) < 12)
987 			yyerror("edns buffer size too small");
988 		else if (atoi($2) > 65535)
989 			cfg_parser->cfg->edns_buffer_size = 65535;
990 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
991 		free($2);
992 	}
993 	;
994 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
995 	{
996 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
997 		if(atoi($2) == 0)
998 			yyerror("number expected");
999 		else if (atoi($2) < 4096)
1000 			yyerror("message buffer size too small (use 4096)");
1001 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1002 		free($2);
1003 	}
1004 	;
1005 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1006 	{
1007 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1008 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1009 			yyerror("memory size expected");
1010 		free($2);
1011 	}
1012 	;
1013 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1014 	{
1015 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1016 		if(atoi($2) == 0)
1017 			yyerror("number expected");
1018 		else {
1019 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1020 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1021 				yyerror("must be a power of 2");
1022 		}
1023 		free($2);
1024 	}
1025 	;
1026 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1027 	{
1028 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1029 		if(atoi($2) == 0)
1030 			yyerror("number expected");
1031 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1032 		free($2);
1033 	}
1034 	;
1035 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1036 	{
1037 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1038 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1039 			yyerror("number expected");
1040 		else cfg_parser->cfg->jostle_time = atoi($2);
1041 		free($2);
1042 	}
1043 	;
1044 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1045 	{
1046 		OUTYY(("P(server_delay_close:%s)\n", $2));
1047 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1048 			yyerror("number expected");
1049 		else cfg_parser->cfg->delay_close = atoi($2);
1050 		free($2);
1051 	}
1052 	;
1053 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1054 	{
1055 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1056 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1057 			yyerror("expected yes or no.");
1058 		else cfg_parser->cfg->unblock_lan_zones =
1059 			(strcmp($2, "yes")==0);
1060 		free($2);
1061 	}
1062 	;
1063 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1064 	{
1065 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1066 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1067 			yyerror("expected yes or no.");
1068 		else cfg_parser->cfg->insecure_lan_zones =
1069 			(strcmp($2, "yes")==0);
1070 		free($2);
1071 	}
1072 	;
1073 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1074 	{
1075 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1076 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1077 			yyerror("memory size expected");
1078 		free($2);
1079 	}
1080 	;
1081 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1082 	{
1083 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1084 		if(atoi($2) == 0)
1085 			yyerror("number expected");
1086 		else {
1087 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1088 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1089 				yyerror("must be a power of 2");
1090 		}
1091 		free($2);
1092 	}
1093 	;
1094 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1095 	{
1096 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1097 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1098 			yyerror("number expected");
1099 		else cfg_parser->cfg->host_ttl = atoi($2);
1100 		free($2);
1101 	}
1102 	;
1103 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1104 	{
1105 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1106 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1107 			"removed, use infra-host-ttl)", $2);
1108 		free($2);
1109 	}
1110 	;
1111 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1112 	{
1113 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1114 		if(atoi($2) == 0)
1115 			yyerror("number expected");
1116 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1117 		free($2);
1118 	}
1119 	;
1120 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1121 	{
1122 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1123 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1124 			"(option removed, use infra-cache-numhosts)", $2);
1125 		free($2);
1126 	}
1127 	;
1128 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1129 	{
1130 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1131 		if(atoi($2) == 0)
1132 			yyerror("number expected");
1133 		else {
1134 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1135 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1136 				yyerror("must be a power of 2");
1137 		}
1138 		free($2);
1139 	}
1140 	;
1141 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1142 	{
1143 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1144 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1145 			yyerror("number expected");
1146 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1147 		free($2);
1148 	}
1149 	;
1150 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1151 	{
1152 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1153 		free(cfg_parser->cfg->target_fetch_policy);
1154 		cfg_parser->cfg->target_fetch_policy = $2;
1155 	}
1156 	;
1157 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1158 	{
1159 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1160 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1161 			yyerror("expected yes or no.");
1162 		else cfg_parser->cfg->harden_short_bufsize =
1163 			(strcmp($2, "yes")==0);
1164 		free($2);
1165 	}
1166 	;
1167 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1168 	{
1169 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1170 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1171 			yyerror("expected yes or no.");
1172 		else cfg_parser->cfg->harden_large_queries =
1173 			(strcmp($2, "yes")==0);
1174 		free($2);
1175 	}
1176 	;
1177 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1178 	{
1179 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1180 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1181 			yyerror("expected yes or no.");
1182 		else cfg_parser->cfg->harden_glue =
1183 			(strcmp($2, "yes")==0);
1184 		free($2);
1185 	}
1186 	;
1187 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1188 	{
1189 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1190 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1191 			yyerror("expected yes or no.");
1192 		else cfg_parser->cfg->harden_dnssec_stripped =
1193 			(strcmp($2, "yes")==0);
1194 		free($2);
1195 	}
1196 	;
1197 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1198 	{
1199 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1200 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1201 			yyerror("expected yes or no.");
1202 		else cfg_parser->cfg->harden_below_nxdomain =
1203 			(strcmp($2, "yes")==0);
1204 		free($2);
1205 	}
1206 	;
1207 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1208 	{
1209 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1210 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1211 			yyerror("expected yes or no.");
1212 		else cfg_parser->cfg->harden_referral_path =
1213 			(strcmp($2, "yes")==0);
1214 		free($2);
1215 	}
1216 	;
1217 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1218 	{
1219 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1220 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1221 			yyerror("expected yes or no.");
1222 		else cfg_parser->cfg->harden_algo_downgrade =
1223 			(strcmp($2, "yes")==0);
1224 		free($2);
1225 	}
1226 	;
1227 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1228 	{
1229 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1230 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1231 			yyerror("expected yes or no.");
1232 		else cfg_parser->cfg->use_caps_bits_for_id =
1233 			(strcmp($2, "yes")==0);
1234 		free($2);
1235 	}
1236 	;
1237 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1238 	{
1239 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1240 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1241 			yyerror("out of memory");
1242 	}
1243 	;
1244 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1245 	{
1246 		OUTYY(("P(server_private_address:%s)\n", $2));
1247 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1248 			yyerror("out of memory");
1249 	}
1250 	;
1251 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1252 	{
1253 		OUTYY(("P(server_private_domain:%s)\n", $2));
1254 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1255 			yyerror("out of memory");
1256 	}
1257 	;
1258 server_prefetch: VAR_PREFETCH STRING_ARG
1259 	{
1260 		OUTYY(("P(server_prefetch:%s)\n", $2));
1261 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1262 			yyerror("expected yes or no.");
1263 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1264 		free($2);
1265 	}
1266 	;
1267 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1268 	{
1269 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1270 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1271 			yyerror("expected yes or no.");
1272 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1273 		free($2);
1274 	}
1275 	;
1276 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1277 	{
1278 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1279 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1280 			yyerror("number expected");
1281 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1282 		free($2);
1283 	}
1284 	;
1285 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1286 	{
1287 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1288 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1289 			yyerror("out of memory");
1290 	}
1291 	;
1292 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1293 	{
1294 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1295 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1296 			yyerror("expected yes or no.");
1297 		else cfg_parser->cfg->donotquery_localhost =
1298 			(strcmp($2, "yes")==0);
1299 		free($2);
1300 	}
1301 	;
1302 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1303 	{
1304 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1305 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1306 			strcmp($3, "deny_non_local")!=0 &&
1307 			strcmp($3, "refuse_non_local")!=0 &&
1308 			strcmp($3, "allow")!=0 &&
1309 			strcmp($3, "allow_snoop")!=0) {
1310 			yyerror("expected deny, refuse, deny_non_local, "
1311 				"refuse_non_local, allow or allow_snoop "
1312 				"in access control action");
1313 		} else {
1314 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1315 				fatal_exit("out of memory adding acl");
1316 		}
1317 	}
1318 	;
1319 server_module_conf: VAR_MODULE_CONF STRING_ARG
1320 	{
1321 		OUTYY(("P(server_module_conf:%s)\n", $2));
1322 		free(cfg_parser->cfg->module_conf);
1323 		cfg_parser->cfg->module_conf = $2;
1324 	}
1325 	;
1326 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1327 	{
1328 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1329 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1330 			cfg_parser->cfg->val_date_override = 0;
1331 		} else if(strlen($2) == 14) {
1332 			cfg_parser->cfg->val_date_override =
1333 				cfg_convert_timeval($2);
1334 			if(!cfg_parser->cfg->val_date_override)
1335 				yyerror("bad date/time specification");
1336 		} else {
1337 			if(atoi($2) == 0)
1338 				yyerror("number expected");
1339 			cfg_parser->cfg->val_date_override = atoi($2);
1340 		}
1341 		free($2);
1342 	}
1343 	;
1344 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1345 	{
1346 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1347 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1348 			cfg_parser->cfg->val_sig_skew_min = 0;
1349 		} else {
1350 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1351 			if(!cfg_parser->cfg->val_sig_skew_min)
1352 				yyerror("number expected");
1353 		}
1354 		free($2);
1355 	}
1356 	;
1357 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1358 	{
1359 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1360 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1361 			cfg_parser->cfg->val_sig_skew_max = 0;
1362 		} else {
1363 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1364 			if(!cfg_parser->cfg->val_sig_skew_max)
1365 				yyerror("number expected");
1366 		}
1367 		free($2);
1368 	}
1369 	;
1370 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1371 	{
1372 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1373 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1374 			yyerror("number expected");
1375 		else cfg_parser->cfg->max_ttl = atoi($2);
1376 		free($2);
1377 	}
1378 	;
1379 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1380 	{
1381 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1382 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1383 			yyerror("number expected");
1384 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1385 		free($2);
1386 	}
1387 	;
1388 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1389 	{
1390 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1391 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1392 			yyerror("number expected");
1393 		else cfg_parser->cfg->min_ttl = atoi($2);
1394 		free($2);
1395 	}
1396 	;
1397 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1398 	{
1399 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1400 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1401 			yyerror("number expected");
1402 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1403 		free($2);
1404 	}
1405 	;
1406 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1407 	{
1408 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1409 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1410 			yyerror("expected yes or no.");
1411 		else cfg_parser->cfg->val_clean_additional =
1412 			(strcmp($2, "yes")==0);
1413 		free($2);
1414 	}
1415 	;
1416 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1417 	{
1418 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1419 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1420 			yyerror("expected yes or no.");
1421 		else cfg_parser->cfg->val_permissive_mode =
1422 			(strcmp($2, "yes")==0);
1423 		free($2);
1424 	}
1425 	;
1426 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1427 	{
1428 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1429 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1430 			yyerror("expected yes or no.");
1431 		else
1432 			cfg_parser->cfg->aggressive_nsec =
1433 				(strcmp($2, "yes")==0);
1434 		free($2);
1435 	}
1436 	;
1437 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1438 	{
1439 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1440 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1441 			yyerror("expected yes or no.");
1442 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1443 		free($2);
1444 	}
1445 	;
1446 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1447 	{
1448 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1449 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1450 			yyerror("expected yes or no.");
1451 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1452 		free($2);
1453 	}
1454 	;
1455 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1456 	{
1457 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
1458 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1459 			yyerror("expected yes or no.");
1460 #ifdef HAVE_SSL
1461 		else fake_dsa = (strcmp($2, "yes")==0);
1462 		if(fake_dsa)
1463 			log_warn("test option fake_dsa is enabled");
1464 #endif
1465 		free($2);
1466 	}
1467 	;
1468 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1469 	{
1470 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
1471 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1472 			yyerror("expected yes or no.");
1473 #ifdef HAVE_SSL
1474 		else fake_sha1 = (strcmp($2, "yes")==0);
1475 		if(fake_sha1)
1476 			log_warn("test option fake_sha1 is enabled");
1477 #endif
1478 		free($2);
1479 	}
1480 	;
1481 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1482 	{
1483 		OUTYY(("P(server_val_log_level:%s)\n", $2));
1484 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1485 			yyerror("number expected");
1486 		else cfg_parser->cfg->val_log_level = atoi($2);
1487 		free($2);
1488 	}
1489 	;
1490 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1491 	{
1492 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1493 		free(cfg_parser->cfg->val_nsec3_key_iterations);
1494 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
1495 	}
1496 	;
1497 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1498 	{
1499 		OUTYY(("P(server_add_holddown:%s)\n", $2));
1500 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1501 			yyerror("number expected");
1502 		else cfg_parser->cfg->add_holddown = atoi($2);
1503 		free($2);
1504 	}
1505 	;
1506 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1507 	{
1508 		OUTYY(("P(server_del_holddown:%s)\n", $2));
1509 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1510 			yyerror("number expected");
1511 		else cfg_parser->cfg->del_holddown = atoi($2);
1512 		free($2);
1513 	}
1514 	;
1515 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1516 	{
1517 		OUTYY(("P(server_keep_missing:%s)\n", $2));
1518 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1519 			yyerror("number expected");
1520 		else cfg_parser->cfg->keep_missing = atoi($2);
1521 		free($2);
1522 	}
1523 	;
1524 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1525 	{
1526 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1527 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1528 			yyerror("expected yes or no.");
1529 		else cfg_parser->cfg->permit_small_holddown =
1530 			(strcmp($2, "yes")==0);
1531 		free($2);
1532 	}
1533 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1534 	{
1535 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
1536 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1537 			yyerror("memory size expected");
1538 		free($2);
1539 	}
1540 	;
1541 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1542 	{
1543 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1544 		if(atoi($2) == 0)
1545 			yyerror("number expected");
1546 		else {
1547 			cfg_parser->cfg->key_cache_slabs = atoi($2);
1548 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1549 				yyerror("must be a power of 2");
1550 		}
1551 		free($2);
1552 	}
1553 	;
1554 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1555 	{
1556 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1557 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1558 			yyerror("memory size expected");
1559 		free($2);
1560 	}
1561 	;
1562 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1563 	{
1564 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1565 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1566 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1567 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1568 		   && strcmp($3, "typetransparent")!=0
1569 		   && strcmp($3, "always_transparent")!=0
1570 		   && strcmp($3, "always_refuse")!=0
1571 		   && strcmp($3, "always_nxdomain")!=0
1572 		   && strcmp($3, "noview")!=0
1573 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
1574 			yyerror("local-zone type: expected static, deny, "
1575 				"refuse, redirect, transparent, "
1576 				"typetransparent, inform, inform_deny, "
1577 				"always_transparent, always_refuse, "
1578 				"always_nxdomain, noview or nodefault");
1579 		else if(strcmp($3, "nodefault")==0) {
1580 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1581 				local_zones_nodefault, $2))
1582 				fatal_exit("out of memory adding local-zone");
1583 			free($3);
1584 		} else {
1585 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1586 				$2, $3))
1587 				fatal_exit("out of memory adding local-zone");
1588 		}
1589 	}
1590 	;
1591 server_local_data: VAR_LOCAL_DATA STRING_ARG
1592 	{
1593 		OUTYY(("P(server_local_data:%s)\n", $2));
1594 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1595 			fatal_exit("out of memory adding local-data");
1596 	}
1597 	;
1598 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1599 	{
1600 		char* ptr;
1601 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1602 		ptr = cfg_ptr_reverse($2);
1603 		free($2);
1604 		if(ptr) {
1605 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1606 				local_data, ptr))
1607 				fatal_exit("out of memory adding local-data");
1608 		} else {
1609 			yyerror("local-data-ptr could not be reversed");
1610 		}
1611 	}
1612 	;
1613 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1614 	{
1615 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
1616 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1617 			yyerror("expected yes or no.");
1618 		else cfg_parser->cfg->minimal_responses =
1619 			(strcmp($2, "yes")==0);
1620 		free($2);
1621 	}
1622 	;
1623 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1624 	{
1625 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1626 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1627 			yyerror("expected yes or no.");
1628 		else cfg_parser->cfg->rrset_roundrobin =
1629 			(strcmp($2, "yes")==0);
1630 		free($2);
1631 	}
1632 	;
1633 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1634 	{
1635 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
1636 		cfg_parser->cfg->max_udp_size = atoi($2);
1637 		free($2);
1638 	}
1639 	;
1640 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1641 	{
1642 		OUTYY(("P(dns64_prefix:%s)\n", $2));
1643 		free(cfg_parser->cfg->dns64_prefix);
1644 		cfg_parser->cfg->dns64_prefix = $2;
1645 	}
1646 	;
1647 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1648 	{
1649 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1650 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1651 			yyerror("expected yes or no.");
1652 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1653 		free($2);
1654 	}
1655 	;
1656 server_define_tag: VAR_DEFINE_TAG STRING_ARG
1657 	{
1658 		char* p, *s = $2;
1659 		OUTYY(("P(server_define_tag:%s)\n", $2));
1660 		while((p=strsep(&s, " \t\n")) != NULL) {
1661 			if(*p) {
1662 				if(!config_add_tag(cfg_parser->cfg, p))
1663 					yyerror("could not define-tag, "
1664 						"out of memory");
1665 			}
1666 		}
1667 		free($2);
1668 	}
1669 	;
1670 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
1671 	{
1672 		size_t len = 0;
1673 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1674 			&len);
1675 		free($3);
1676 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
1677 		if(!bitlist)
1678 			yyerror("could not parse tags, (define-tag them first)");
1679 		if(bitlist) {
1680 			if(!cfg_strbytelist_insert(
1681 				&cfg_parser->cfg->local_zone_tags,
1682 				$2, bitlist, len)) {
1683 				yyerror("out of memory");
1684 				free($2);
1685 			}
1686 		}
1687 	}
1688 	;
1689 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
1690 	{
1691 		size_t len = 0;
1692 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1693 			&len);
1694 		free($3);
1695 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
1696 		if(!bitlist)
1697 			yyerror("could not parse tags, (define-tag them first)");
1698 		if(bitlist) {
1699 			if(!cfg_strbytelist_insert(
1700 				&cfg_parser->cfg->acl_tags,
1701 				$2, bitlist, len)) {
1702 				yyerror("out of memory");
1703 				free($2);
1704 			}
1705 		}
1706 	}
1707 	;
1708 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
1709 	{
1710 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
1711 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
1712 			$2, $3, $4)) {
1713 			yyerror("out of memory");
1714 			free($2);
1715 			free($3);
1716 			free($4);
1717 		}
1718 	}
1719 	;
1720 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
1721 	{
1722 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
1723 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
1724 			$2, $3, $4)) {
1725 			yyerror("out of memory");
1726 			free($2);
1727 			free($3);
1728 			free($4);
1729 		}
1730 	}
1731 	;
1732 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
1733 	{
1734 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
1735 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
1736 			$2, $3, $4)) {
1737 			yyerror("out of memory");
1738 			free($2);
1739 			free($3);
1740 			free($4);
1741 		}
1742 	}
1743 	;
1744 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
1745 	{
1746 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
1747 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
1748 			$2, $3)) {
1749 			yyerror("out of memory");
1750 			free($2);
1751 			free($3);
1752 		}
1753 	}
1754 	;
1755 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
1756 	{
1757 		size_t len = 0;
1758 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1759 			&len);
1760 		free($3);
1761 		OUTYY(("P(response_ip_tag:%s)\n", $2));
1762 		if(!bitlist)
1763 			yyerror("could not parse tags, (define-tag them first)");
1764 		if(bitlist) {
1765 			if(!cfg_strbytelist_insert(
1766 				&cfg_parser->cfg->respip_tags,
1767 				$2, bitlist, len)) {
1768 				yyerror("out of memory");
1769 				free($2);
1770 			}
1771 		}
1772 	}
1773 	;
1774 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
1775 	{
1776 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
1777 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1778 			yyerror("number expected");
1779 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
1780 		free($2);
1781 	}
1782 	;
1783 
1784 server_ratelimit: VAR_RATELIMIT STRING_ARG
1785 	{
1786 		OUTYY(("P(server_ratelimit:%s)\n", $2));
1787 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1788 			yyerror("number expected");
1789 		else cfg_parser->cfg->ratelimit = atoi($2);
1790 		free($2);
1791 	}
1792 	;
1793 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
1794   {
1795   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
1796   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
1797   		yyerror("memory size expected");
1798   	free($2);
1799   }
1800   ;
1801 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
1802 	{
1803 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
1804 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
1805 			yyerror("memory size expected");
1806 		free($2);
1807 	}
1808 	;
1809 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
1810   {
1811   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
1812   	if(atoi($2) == 0)
1813   		yyerror("number expected");
1814   	else {
1815   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
1816   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
1817   			yyerror("must be a power of 2");
1818   	}
1819   	free($2);
1820   }
1821   ;
1822 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
1823 	{
1824 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
1825 		if(atoi($2) == 0)
1826 			yyerror("number expected");
1827 		else {
1828 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
1829 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
1830 				yyerror("must be a power of 2");
1831 		}
1832 		free($2);
1833 	}
1834 	;
1835 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
1836 	{
1837 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
1838 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1839 			yyerror("number expected");
1840 		} else {
1841 			if(!cfg_str2list_insert(&cfg_parser->cfg->
1842 				ratelimit_for_domain, $2, $3))
1843 				fatal_exit("out of memory adding "
1844 					"ratelimit-for-domain");
1845 		}
1846 	}
1847 	;
1848 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
1849 	{
1850 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
1851 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1852 			yyerror("number expected");
1853 		} else {
1854 			if(!cfg_str2list_insert(&cfg_parser->cfg->
1855 				ratelimit_below_domain, $2, $3))
1856 				fatal_exit("out of memory adding "
1857 					"ratelimit-below-domain");
1858 		}
1859 	}
1860 	;
1861 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
1862   {
1863   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
1864   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
1865   		yyerror("number expected");
1866   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
1867   	free($2);
1868 	}
1869 	;
1870 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
1871 	{
1872 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
1873 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1874 			yyerror("number expected");
1875 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
1876 		free($2);
1877 	}
1878 	;
1879 server_low_rtt: VAR_LOW_RTT STRING_ARG
1880 	{
1881 		OUTYY(("P(server_low_rtt:%s)\n", $2));
1882 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1883 			yyerror("number expected");
1884 		else cfg_parser->cfg->low_rtt = atoi($2);
1885 		free($2);
1886 	}
1887 	;
1888 server_low_rtt_pct: VAR_LOW_RTT_PCT STRING_ARG
1889 	{
1890 		OUTYY(("P(server_low_rtt_pct:%s)\n", $2));
1891 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1892 			yyerror("number expected");
1893 		else cfg_parser->cfg->low_rtt_pct = atoi($2);
1894 		free($2);
1895 	}
1896 	;
1897 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
1898 	{
1899 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
1900 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1901 			yyerror("expected yes or no.");
1902 		else cfg_parser->cfg->qname_minimisation =
1903 			(strcmp($2, "yes")==0);
1904 		free($2);
1905 	}
1906 	;
1907 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
1908 	{
1909 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
1910 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1911 			yyerror("expected yes or no.");
1912 		else cfg_parser->cfg->qname_minimisation_strict =
1913 			(strcmp($2, "yes")==0);
1914 		free($2);
1915 	}
1916 	;
1917 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
1918 	{
1919 	#ifdef USE_IPSECMOD
1920 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
1921 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1922 			yyerror("expected yes or no.");
1923 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
1924 		free($2);
1925 	#else
1926 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1927 	#endif
1928 	}
1929 	;
1930 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
1931 	{
1932 	#ifdef USE_IPSECMOD
1933 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
1934 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1935 			yyerror("expected yes or no.");
1936 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
1937 		free($2);
1938 	#else
1939 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1940 	#endif
1941 	}
1942 	;
1943 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
1944 	{
1945 	#ifdef USE_IPSECMOD
1946 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
1947 		free(cfg_parser->cfg->ipsecmod_hook);
1948 		cfg_parser->cfg->ipsecmod_hook = $2;
1949 	#else
1950 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1951 	#endif
1952 	}
1953 	;
1954 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
1955 	{
1956 	#ifdef USE_IPSECMOD
1957 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
1958 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1959 			yyerror("number expected");
1960 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
1961 		free($2);
1962 	#else
1963 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1964 	#endif
1965 	}
1966 	;
1967 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
1968 	{
1969 	#ifdef USE_IPSECMOD
1970 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
1971 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
1972 			yyerror("out of memory");
1973 	#else
1974 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1975 	#endif
1976 	}
1977 	;
1978 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
1979 	{
1980 	#ifdef USE_IPSECMOD
1981 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
1982 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1983 			yyerror("expected yes or no.");
1984 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
1985 		free($2);
1986 	#else
1987 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1988 	#endif
1989 	}
1990 	;
1991 stub_name: VAR_NAME STRING_ARG
1992 	{
1993 		OUTYY(("P(name:%s)\n", $2));
1994 		if(cfg_parser->cfg->stubs->name)
1995 			yyerror("stub name override, there must be one name "
1996 				"for one stub-zone");
1997 		free(cfg_parser->cfg->stubs->name);
1998 		cfg_parser->cfg->stubs->name = $2;
1999 	}
2000 	;
2001 stub_host: VAR_STUB_HOST STRING_ARG
2002 	{
2003 		OUTYY(("P(stub-host:%s)\n", $2));
2004 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2005 			yyerror("out of memory");
2006 	}
2007 	;
2008 stub_addr: VAR_STUB_ADDR STRING_ARG
2009 	{
2010 		OUTYY(("P(stub-addr:%s)\n", $2));
2011 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2012 			yyerror("out of memory");
2013 	}
2014 	;
2015 stub_first: VAR_STUB_FIRST STRING_ARG
2016 	{
2017 		OUTYY(("P(stub-first:%s)\n", $2));
2018 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2019 			yyerror("expected yes or no.");
2020 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2021 		free($2);
2022 	}
2023 	;
2024 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2025 	{
2026 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2027 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2028 			yyerror("expected yes or no.");
2029 		else cfg_parser->cfg->stubs->ssl_upstream =
2030 			(strcmp($2, "yes")==0);
2031 		free($2);
2032 	}
2033 	;
2034 stub_prime: VAR_STUB_PRIME STRING_ARG
2035 	{
2036 		OUTYY(("P(stub-prime:%s)\n", $2));
2037 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2038 			yyerror("expected yes or no.");
2039 		else cfg_parser->cfg->stubs->isprime =
2040 			(strcmp($2, "yes")==0);
2041 		free($2);
2042 	}
2043 	;
2044 forward_name: VAR_NAME STRING_ARG
2045 	{
2046 		OUTYY(("P(name:%s)\n", $2));
2047 		if(cfg_parser->cfg->forwards->name)
2048 			yyerror("forward name override, there must be one "
2049 				"name for one forward-zone");
2050 		free(cfg_parser->cfg->forwards->name);
2051 		cfg_parser->cfg->forwards->name = $2;
2052 	}
2053 	;
2054 forward_host: VAR_FORWARD_HOST STRING_ARG
2055 	{
2056 		OUTYY(("P(forward-host:%s)\n", $2));
2057 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2058 			yyerror("out of memory");
2059 	}
2060 	;
2061 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2062 	{
2063 		OUTYY(("P(forward-addr:%s)\n", $2));
2064 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2065 			yyerror("out of memory");
2066 	}
2067 	;
2068 forward_first: VAR_FORWARD_FIRST STRING_ARG
2069 	{
2070 		OUTYY(("P(forward-first:%s)\n", $2));
2071 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2072 			yyerror("expected yes or no.");
2073 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2074 		free($2);
2075 	}
2076 	;
2077 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2078 	{
2079 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2080 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2081 			yyerror("expected yes or no.");
2082 		else cfg_parser->cfg->forwards->ssl_upstream =
2083 			(strcmp($2, "yes")==0);
2084 		free($2);
2085 	}
2086 	;
2087 auth_name: VAR_NAME STRING_ARG
2088 	{
2089 		OUTYY(("P(name:%s)\n", $2));
2090 		if(cfg_parser->cfg->auths->name)
2091 			yyerror("auth name override, there must be one name "
2092 				"for one auth-zone");
2093 		free(cfg_parser->cfg->auths->name);
2094 		cfg_parser->cfg->auths->name = $2;
2095 	}
2096 	;
2097 auth_zonefile: VAR_ZONEFILE STRING_ARG
2098 	{
2099 		OUTYY(("P(zonefile:%s)\n", $2));
2100 		free(cfg_parser->cfg->auths->zonefile);
2101 		cfg_parser->cfg->auths->zonefile = $2;
2102 	}
2103 	;
2104 auth_master: VAR_MASTER STRING_ARG
2105 	{
2106 		OUTYY(("P(master:%s)\n", $2));
2107 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2108 			yyerror("out of memory");
2109 	}
2110 	;
2111 auth_url: VAR_URL STRING_ARG
2112 	{
2113 		OUTYY(("P(url:%s)\n", $2));
2114 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2115 			yyerror("out of memory");
2116 	}
2117 	;
2118 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2119 	{
2120 		OUTYY(("P(allow-notify:%s)\n", $2));
2121 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2122 			$2))
2123 			yyerror("out of memory");
2124 	}
2125 	;
2126 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2127 	{
2128 		OUTYY(("P(for-downstream:%s)\n", $2));
2129 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2130 			yyerror("expected yes or no.");
2131 		else cfg_parser->cfg->auths->for_downstream =
2132 			(strcmp($2, "yes")==0);
2133 		free($2);
2134 	}
2135 	;
2136 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2137 	{
2138 		OUTYY(("P(for-upstream:%s)\n", $2));
2139 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140 			yyerror("expected yes or no.");
2141 		else cfg_parser->cfg->auths->for_upstream =
2142 			(strcmp($2, "yes")==0);
2143 		free($2);
2144 	}
2145 	;
2146 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2147 	{
2148 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2149 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2150 			yyerror("expected yes or no.");
2151 		else cfg_parser->cfg->auths->fallback_enabled =
2152 			(strcmp($2, "yes")==0);
2153 		free($2);
2154 	}
2155 	;
2156 view_name: VAR_NAME STRING_ARG
2157 	{
2158 		OUTYY(("P(name:%s)\n", $2));
2159 		if(cfg_parser->cfg->views->name)
2160 			yyerror("view name override, there must be one "
2161 				"name for one view");
2162 		free(cfg_parser->cfg->views->name);
2163 		cfg_parser->cfg->views->name = $2;
2164 	}
2165 	;
2166 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2167 	{
2168 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2169 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2170 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2171 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2172 		   && strcmp($3, "typetransparent")!=0
2173 		   && strcmp($3, "always_transparent")!=0
2174 		   && strcmp($3, "always_refuse")!=0
2175 		   && strcmp($3, "always_nxdomain")!=0
2176 		   && strcmp($3, "noview")!=0
2177 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
2178 			yyerror("local-zone type: expected static, deny, "
2179 				"refuse, redirect, transparent, "
2180 				"typetransparent, inform, inform_deny, "
2181 				"always_transparent, always_refuse, "
2182 				"always_nxdomain, noview or nodefault");
2183 		else if(strcmp($3, "nodefault")==0) {
2184 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2185 				local_zones_nodefault, $2))
2186 				fatal_exit("out of memory adding local-zone");
2187 			free($3);
2188 		} else {
2189 			if(!cfg_str2list_insert(
2190 				&cfg_parser->cfg->views->local_zones,
2191 				$2, $3))
2192 				fatal_exit("out of memory adding local-zone");
2193 		}
2194 	}
2195 	;
2196 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2197 	{
2198 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2199 		validate_respip_action($3);
2200 		if(!cfg_str2list_insert(
2201 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2202 			fatal_exit("out of memory adding per-view "
2203 				"response-ip action");
2204 	}
2205 	;
2206 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2207 	{
2208 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2209 		if(!cfg_str2list_insert(
2210 			&cfg_parser->cfg->views->respip_data, $2, $3))
2211 			fatal_exit("out of memory adding response-ip-data");
2212 	}
2213 	;
2214 view_local_data: VAR_LOCAL_DATA STRING_ARG
2215 	{
2216 		OUTYY(("P(view_local_data:%s)\n", $2));
2217 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2218 			fatal_exit("out of memory adding local-data");
2219 			free($2);
2220 		}
2221 	}
2222 	;
2223 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2224 	{
2225 		char* ptr;
2226 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2227 		ptr = cfg_ptr_reverse($2);
2228 		free($2);
2229 		if(ptr) {
2230 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2231 				local_data, ptr))
2232 				fatal_exit("out of memory adding local-data");
2233 		} else {
2234 			yyerror("local-data-ptr could not be reversed");
2235 		}
2236 	}
2237 	;
2238 view_first: VAR_VIEW_FIRST STRING_ARG
2239 	{
2240 		OUTYY(("P(view-first:%s)\n", $2));
2241 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2242 			yyerror("expected yes or no.");
2243 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2244 		free($2);
2245 	}
2246 	;
2247 rcstart: VAR_REMOTE_CONTROL
2248 	{
2249 		OUTYY(("\nP(remote-control:)\n"));
2250 	}
2251 	;
2252 contents_rc: contents_rc content_rc
2253 	| ;
2254 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2255 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2256 	rc_control_cert_file | rc_control_use_cert
2257 	;
2258 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2259 	{
2260 		OUTYY(("P(control_enable:%s)\n", $2));
2261 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2262 			yyerror("expected yes or no.");
2263 		else cfg_parser->cfg->remote_control_enable =
2264 			(strcmp($2, "yes")==0);
2265 		free($2);
2266 	}
2267 	;
2268 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2269 	{
2270 		OUTYY(("P(control_port:%s)\n", $2));
2271 		if(atoi($2) == 0)
2272 			yyerror("control port number expected");
2273 		else cfg_parser->cfg->control_port = atoi($2);
2274 		free($2);
2275 	}
2276 	;
2277 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2278 	{
2279 		OUTYY(("P(control_interface:%s)\n", $2));
2280 		if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
2281 			yyerror("out of memory");
2282 	}
2283 	;
2284 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2285 	{
2286 		OUTYY(("P(control_use_cert:%s)\n", $2));
2287 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2288 			yyerror("expected yes or no.");
2289 		else cfg_parser->cfg->remote_control_use_cert =
2290 			(strcmp($2, "yes")==0);
2291 		free($2);
2292 	}
2293 	;
2294 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2295 	{
2296 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
2297 		free(cfg_parser->cfg->server_key_file);
2298 		cfg_parser->cfg->server_key_file = $2;
2299 	}
2300 	;
2301 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2302 	{
2303 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2304 		free(cfg_parser->cfg->server_cert_file);
2305 		cfg_parser->cfg->server_cert_file = $2;
2306 	}
2307 	;
2308 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2309 	{
2310 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
2311 		free(cfg_parser->cfg->control_key_file);
2312 		cfg_parser->cfg->control_key_file = $2;
2313 	}
2314 	;
2315 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2316 	{
2317 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2318 		free(cfg_parser->cfg->control_cert_file);
2319 		cfg_parser->cfg->control_cert_file = $2;
2320 	}
2321 	;
2322 dtstart: VAR_DNSTAP
2323 	{
2324 		OUTYY(("\nP(dnstap:)\n"));
2325 	}
2326 	;
2327 contents_dt: contents_dt content_dt
2328 	| ;
2329 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2330 	dt_dnstap_send_identity | dt_dnstap_send_version |
2331 	dt_dnstap_identity | dt_dnstap_version |
2332 	dt_dnstap_log_resolver_query_messages |
2333 	dt_dnstap_log_resolver_response_messages |
2334 	dt_dnstap_log_client_query_messages |
2335 	dt_dnstap_log_client_response_messages |
2336 	dt_dnstap_log_forwarder_query_messages |
2337 	dt_dnstap_log_forwarder_response_messages
2338 	;
2339 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2340 	{
2341 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2342 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2343 			yyerror("expected yes or no.");
2344 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2345 	}
2346 	;
2347 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2348 	{
2349 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2350 		free(cfg_parser->cfg->dnstap_socket_path);
2351 		cfg_parser->cfg->dnstap_socket_path = $2;
2352 	}
2353 	;
2354 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2355 	{
2356 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2357 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2358 			yyerror("expected yes or no.");
2359 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2360 	}
2361 	;
2362 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2363 	{
2364 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2365 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2366 			yyerror("expected yes or no.");
2367 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2368 	}
2369 	;
2370 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2371 	{
2372 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2373 		free(cfg_parser->cfg->dnstap_identity);
2374 		cfg_parser->cfg->dnstap_identity = $2;
2375 	}
2376 	;
2377 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2378 	{
2379 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2380 		free(cfg_parser->cfg->dnstap_version);
2381 		cfg_parser->cfg->dnstap_version = $2;
2382 	}
2383 	;
2384 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2385 	{
2386 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2387 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2388 			yyerror("expected yes or no.");
2389 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2390 			(strcmp($2, "yes")==0);
2391 	}
2392 	;
2393 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2394 	{
2395 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2396 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2397 			yyerror("expected yes or no.");
2398 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2399 			(strcmp($2, "yes")==0);
2400 	}
2401 	;
2402 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2403 	{
2404 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2405 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2406 			yyerror("expected yes or no.");
2407 		else cfg_parser->cfg->dnstap_log_client_query_messages =
2408 			(strcmp($2, "yes")==0);
2409 	}
2410 	;
2411 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2412 	{
2413 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2414 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2415 			yyerror("expected yes or no.");
2416 		else cfg_parser->cfg->dnstap_log_client_response_messages =
2417 			(strcmp($2, "yes")==0);
2418 	}
2419 	;
2420 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2421 	{
2422 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2423 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2424 			yyerror("expected yes or no.");
2425 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2426 			(strcmp($2, "yes")==0);
2427 	}
2428 	;
2429 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2430 	{
2431 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2432 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2433 			yyerror("expected yes or no.");
2434 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2435 			(strcmp($2, "yes")==0);
2436 	}
2437 	;
2438 pythonstart: VAR_PYTHON
2439 	{
2440 		OUTYY(("\nP(python:)\n"));
2441 	}
2442 	;
2443 contents_py: contents_py content_py
2444 	| ;
2445 content_py: py_script
2446 	;
2447 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2448 	{
2449 		OUTYY(("P(python-script:%s)\n", $2));
2450 		free(cfg_parser->cfg->python_script);
2451 		cfg_parser->cfg->python_script = $2;
2452 	}
2453 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2454 	{
2455 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2456 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2457 			yyerror("expected yes or no.");
2458 		else cfg_parser->cfg->disable_dnssec_lame_check =
2459 			(strcmp($2, "yes")==0);
2460 		free($2);
2461 	}
2462 	;
2463 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2464 	{
2465 		OUTYY(("P(server_log_identity:%s)\n", $2));
2466 		free(cfg_parser->cfg->log_identity);
2467 		cfg_parser->cfg->log_identity = $2;
2468 	}
2469 	;
2470 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2471 	{
2472 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2473 		validate_respip_action($3);
2474 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2475 			$2, $3))
2476 			fatal_exit("out of memory adding response-ip");
2477 	}
2478 	;
2479 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2480 	{
2481 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
2482 			if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2483 				$2, $3))
2484 				fatal_exit("out of memory adding response-ip-data");
2485 	}
2486 	;
2487 dnscstart: VAR_DNSCRYPT
2488 	{
2489 		OUTYY(("\nP(dnscrypt:)\n"));
2490 		OUTYY(("\nP(dnscrypt:)\n"));
2491 	}
2492 	;
2493 contents_dnsc: contents_dnsc content_dnsc
2494 	| ;
2495 content_dnsc:
2496 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2497 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2498 	dnsc_dnscrypt_provider_cert_rotated |
2499 	dnsc_dnscrypt_shared_secret_cache_size |
2500 	dnsc_dnscrypt_shared_secret_cache_slabs |
2501 	dnsc_dnscrypt_nonce_cache_size |
2502 	dnsc_dnscrypt_nonce_cache_slabs
2503 	;
2504 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2505 	{
2506 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2507 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2508 			yyerror("expected yes or no.");
2509 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2510 		free($2);
2511 	}
2512 	;
2513 
2514 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2515 	{
2516 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2517 
2518 		if(atoi($2) == 0)
2519 			yyerror("port number expected");
2520 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
2521 		free($2);
2522 	}
2523 	;
2524 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2525 	{
2526 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2527 		free(cfg_parser->cfg->dnscrypt_provider);
2528 		cfg_parser->cfg->dnscrypt_provider = $2;
2529 	}
2530 	;
2531 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2532 	{
2533 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2534 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2535 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2536 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2537 			fatal_exit("out of memory adding dnscrypt-provider-cert");
2538 	}
2539 	;
2540 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2541 	{
2542 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2543 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2544 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2545 	}
2546 	;
2547 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2548 	{
2549 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2550 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2551 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2552 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2553 			fatal_exit("out of memory adding dnscrypt-secret-key");
2554 	}
2555 	;
2556 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2557   {
2558   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2559   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2560   		yyerror("memory size expected");
2561   	free($2);
2562   }
2563   ;
2564 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2565   {
2566   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2567   	if(atoi($2) == 0)
2568   		yyerror("number expected");
2569   	else {
2570   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2571   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2572   			yyerror("must be a power of 2");
2573   	}
2574   	free($2);
2575   }
2576   ;
2577 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2578   {
2579   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2580   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2581   		yyerror("memory size expected");
2582   	free($2);
2583   }
2584   ;
2585 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2586   {
2587   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2588   	if(atoi($2) == 0)
2589   		yyerror("number expected");
2590   	else {
2591   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2592   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2593   			yyerror("must be a power of 2");
2594   	}
2595   	free($2);
2596   }
2597   ;
2598 cachedbstart: VAR_CACHEDB
2599 	{
2600 		OUTYY(("\nP(cachedb:)\n"));
2601 	}
2602 	;
2603 contents_cachedb: contents_cachedb content_cachedb
2604 	| ;
2605 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
2606 	redis_server_host | redis_server_port | redis_timeout
2607 	;
2608 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
2609 	{
2610 	#ifdef USE_CACHEDB
2611 		OUTYY(("P(backend:%s)\n", $2));
2612 		if(cfg_parser->cfg->cachedb_backend)
2613 			yyerror("cachedb backend override, there must be one "
2614 				"backend");
2615 		free(cfg_parser->cfg->cachedb_backend);
2616 		cfg_parser->cfg->cachedb_backend = $2;
2617 	#else
2618 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2619 	#endif
2620 	}
2621 	;
2622 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
2623 	{
2624 	#ifdef USE_CACHEDB
2625 		OUTYY(("P(secret-seed:%s)\n", $2));
2626 		if(cfg_parser->cfg->cachedb_secret)
2627 			yyerror("cachedb secret-seed override, there must be "
2628 				"only one secret");
2629 		free(cfg_parser->cfg->cachedb_secret);
2630 		cfg_parser->cfg->cachedb_secret = $2;
2631 	#else
2632 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2633 		free($2);
2634 	#endif
2635 	}
2636 	;
2637 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
2638 	{
2639 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
2640 		OUTYY(("P(redis_server_host:%s)\n", $2));
2641 		free(cfg_parser->cfg->redis_server_host);
2642 		cfg_parser->cfg->redis_server_host = $2;
2643 	#else
2644 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2645 		free($2);
2646 	#endif
2647 	}
2648 	;
2649 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
2650 	{
2651 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
2652 		int port;
2653 		OUTYY(("P(redis_server_port:%s)\n", $2));
2654 		port = atoi($2);
2655 		if(port == 0 || port < 0 || port > 65535)
2656 			yyerror("valid redis server port number expected");
2657 		else cfg_parser->cfg->redis_server_port = port;
2658 	#else
2659 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2660 	#endif
2661 		free($2);
2662 	}
2663 	;
2664 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
2665 	{
2666 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
2667 		OUTYY(("P(redis_timeout:%s)\n", $2));
2668 		if(atoi($2) == 0)
2669 			yyerror("redis timeout value expected");
2670 		else cfg_parser->cfg->redis_timeout = atoi($2);
2671 	#else
2672 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2673 	#endif
2674 		free($2);
2675 	}
2676 	;
2677 %%
2678 
2679 /* parse helper routines could be here */
2680 static void
2681 validate_respip_action(const char* action)
2682 {
2683 	if(strcmp(action, "deny")!=0 &&
2684 		strcmp(action, "redirect")!=0 &&
2685 		strcmp(action, "inform")!=0 &&
2686 		strcmp(action, "inform_deny")!=0 &&
2687 		strcmp(action, "always_transparent")!=0 &&
2688 		strcmp(action, "always_refuse")!=0 &&
2689 		strcmp(action, "always_nxdomain")!=0)
2690 	{
2691 		yyerror("response-ip action: expected deny, redirect, "
2692 			"inform, inform_deny, always_transparent, "
2693 			"always_refuse or always_nxdomain");
2694 	}
2695 }
2696