xref: /freebsd/contrib/unbound/util/configparser.y (revision d13def78ccef6dbc25c2e197089ee5fc4d7b82c3)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
76 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
77 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
78 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
79 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
80 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
81 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
82 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
83 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
84 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
85 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
86 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
87 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
88 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
89 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
90 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
91 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
92 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
93 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
94 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
95 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
96 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
97 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
98 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
99 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
100 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
101 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
102 %token VAR_CONTROL_USE_CERT
103 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
104 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
105 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
106 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
107 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
108 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
109 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
110 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
111 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
112 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
113 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
114 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
115 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
116 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
117 %token VAR_INFRA_CACHE_MIN_RTT
118 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
119 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
120 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
121 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
122 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
123 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
124 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
125 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
126 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
127 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
128 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
129 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
130 %token VAR_DISABLE_DNSSEC_LAME_CHECK
131 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
132 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
133 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
134 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
135 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
136 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
137 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
138 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
139 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
140 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
141 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
142 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
143 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
144 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
145 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
146 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
147 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA
148 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
149 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
150 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
151 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
152 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
153 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
154 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
155 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
156 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
157 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
158 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
159 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
160 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
161 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
162 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
163 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
164 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
165 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
166 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
167 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
168 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
169 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES
170 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
171 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
172 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
173 
174 %%
175 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
176 toplevelvar: serverstart contents_server | stubstart contents_stub |
177 	forwardstart contents_forward | pythonstart contents_py |
178 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
179 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
180 	ipsetstart contents_ipset | authstart contents_auth |
181 	rpzstart contents_rpz
182 	;
183 
184 /* server: declaration */
185 serverstart: VAR_SERVER
186 	{
187 		OUTYY(("\nP(server:)\n"));
188 	}
189 	;
190 contents_server: contents_server content_server
191 	| ;
192 content_server: server_num_threads | server_verbosity | server_port |
193 	server_outgoing_range | server_do_ip4 |
194 	server_do_ip6 | server_prefer_ip6 |
195 	server_do_udp | server_do_tcp |
196 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
197 	server_tcp_keepalive | server_tcp_keepalive_timeout |
198 	server_interface | server_chroot | server_username |
199 	server_directory | server_logfile | server_pidfile |
200 	server_msg_cache_size | server_msg_cache_slabs |
201 	server_num_queries_per_thread | server_rrset_cache_size |
202 	server_rrset_cache_slabs | server_outgoing_num_tcp |
203 	server_infra_host_ttl | server_infra_lame_ttl |
204 	server_infra_cache_slabs | server_infra_cache_numhosts |
205 	server_infra_cache_lame_size | server_target_fetch_policy |
206 	server_harden_short_bufsize | server_harden_large_queries |
207 	server_do_not_query_address | server_hide_identity |
208 	server_hide_version | server_identity | server_version |
209 	server_harden_glue | server_module_conf | server_trust_anchor_file |
210 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
211 	server_val_clean_additional | server_val_permissive_mode |
212 	server_incoming_num_tcp | server_msg_buffer_size |
213 	server_key_cache_size | server_key_cache_slabs |
214 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
215 	server_use_syslog | server_outgoing_interface | server_root_hints |
216 	server_do_not_query_localhost | server_cache_max_ttl |
217 	server_harden_dnssec_stripped | server_access_control |
218 	server_local_zone | server_local_data | server_interface_automatic |
219 	server_statistics_interval | server_do_daemonize |
220 	server_use_caps_for_id | server_statistics_cumulative |
221 	server_outgoing_port_permit | server_outgoing_port_avoid |
222 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
223 	server_harden_referral_path | server_private_address |
224 	server_private_domain | server_extended_statistics |
225 	server_local_data_ptr | server_jostle_timeout |
226 	server_unwanted_reply_threshold | server_log_time_ascii |
227 	server_domain_insecure | server_val_sig_skew_min |
228 	server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
229 	server_auto_trust_anchor_file | server_add_holddown |
230 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
231 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
232 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
233 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
234 	server_log_local_actions |
235 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
236 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
237 	server_so_reuseport | server_delay_close |
238 	server_unblock_lan_zones | server_insecure_lan_zones |
239 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
240 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
241 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
242 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
243 	server_ip_ratelimit_size | server_ratelimit_size |
244 	server_ratelimit_for_domain |
245 	server_ratelimit_below_domain | server_ratelimit_factor |
246 	server_ip_ratelimit_factor | server_send_client_subnet |
247 	server_client_subnet_zone | server_client_subnet_always_forward |
248 	server_client_subnet_opcode |
249 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
250 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
251 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
252 	server_caps_whitelist | server_cache_max_negative_ttl |
253 	server_permit_small_holddown | server_qname_minimisation |
254 	server_ip_freebind | server_define_tag | server_local_zone_tag |
255 	server_disable_dnssec_lame_check | server_access_control_tag |
256 	server_local_zone_override | server_access_control_tag_action |
257 	server_access_control_tag_data | server_access_control_view |
258 	server_qname_minimisation_strict | server_serve_expired |
259 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
260 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
261 	server_fake_dsa | server_log_identity | server_use_systemd |
262 	server_response_ip_tag | server_response_ip | server_response_ip_data |
263 	server_shm_enable | server_shm_key | server_fake_sha1 |
264 	server_hide_trustanchor | server_trust_anchor_signaling |
265 	server_root_key_sentinel |
266 	server_ipsecmod_enabled | server_ipsecmod_hook |
267 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
268 	server_ipsecmod_whitelist | server_ipsecmod_strict |
269 	server_udp_upstream_without_downstream | server_aggressive_nsec |
270 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
271 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
272 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
273 	server_unknown_server_time_limit | server_log_tag_queryreply |
274 	server_stream_wait_size | server_tls_ciphers |
275 	server_tls_ciphersuites | server_tls_session_ticket_keys
276 	;
277 stubstart: VAR_STUB_ZONE
278 	{
279 		struct config_stub* s;
280 		OUTYY(("\nP(stub_zone:)\n"));
281 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
282 		if(s) {
283 			s->next = cfg_parser->cfg->stubs;
284 			cfg_parser->cfg->stubs = s;
285 		} else
286 			yyerror("out of memory");
287 	}
288 	;
289 contents_stub: contents_stub content_stub
290 	| ;
291 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
292 	stub_no_cache | stub_ssl_upstream
293 	;
294 forwardstart: VAR_FORWARD_ZONE
295 	{
296 		struct config_stub* s;
297 		OUTYY(("\nP(forward_zone:)\n"));
298 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
299 		if(s) {
300 			s->next = cfg_parser->cfg->forwards;
301 			cfg_parser->cfg->forwards = s;
302 		} else
303 			yyerror("out of memory");
304 	}
305 	;
306 contents_forward: contents_forward content_forward
307 	| ;
308 content_forward: forward_name | forward_host | forward_addr | forward_first |
309 	forward_no_cache | forward_ssl_upstream
310 	;
311 viewstart: VAR_VIEW
312 	{
313 		struct config_view* s;
314 		OUTYY(("\nP(view:)\n"));
315 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
316 		if(s) {
317 			s->next = cfg_parser->cfg->views;
318 			if(s->next && !s->next->name)
319 				yyerror("view without name");
320 			cfg_parser->cfg->views = s;
321 		} else
322 			yyerror("out of memory");
323 	}
324 	;
325 contents_view: contents_view content_view
326 	| ;
327 content_view: view_name | view_local_zone | view_local_data | view_first |
328 		view_response_ip | view_response_ip_data | view_local_data_ptr
329 	;
330 authstart: VAR_AUTH_ZONE
331 	{
332 		struct config_auth* s;
333 		OUTYY(("\nP(auth_zone:)\n"));
334 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
335 		if(s) {
336 			s->next = cfg_parser->cfg->auths;
337 			cfg_parser->cfg->auths = s;
338 			/* defaults for auth zone */
339 			s->for_downstream = 1;
340 			s->for_upstream = 1;
341 			s->fallback_enabled = 0;
342 			s->isrpz = 0;
343 		} else
344 			yyerror("out of memory");
345 	}
346 	;
347 contents_auth: contents_auth content_auth
348 	| ;
349 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
350 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
351 	auth_allow_notify
352 	;
353 
354 rpz_tag: VAR_TAGS STRING_ARG
355 	{
356 		uint8_t* bitlist;
357 		size_t len = 0;
358 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
359 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
360 			&len);
361 		free($2);
362 		if(!bitlist) {
363 			yyerror("could not parse tags, (define-tag them first)");
364 		}
365 		if(bitlist) {
366 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
367 			cfg_parser->cfg->auths->rpz_taglistlen = len;
368 
369 		}
370 	}
371 	;
372 
373 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
374 	{
375 		OUTYY(("P(rpz_action_override:%s)\n", $2));
376 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
377 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
378 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
379 			yyerror("rpz-action-override action: expected nxdomain, "
380 				"nodata, passthru, drop, cname or disabled");
381 			free($2);
382 			cfg_parser->cfg->auths->rpz_action_override = NULL;
383 		}
384 		else {
385 			cfg_parser->cfg->auths->rpz_action_override = $2;
386 		}
387 	}
388 	;
389 
390 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
391 	{
392 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
393 		free(cfg_parser->cfg->auths->rpz_cname);
394 		cfg_parser->cfg->auths->rpz_cname = $2;
395 	}
396 	;
397 
398 rpz_log: VAR_RPZ_LOG STRING_ARG
399 	{
400 		OUTYY(("P(rpz_log:%s)\n", $2));
401 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
402 			yyerror("expected yes or no.");
403 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
404 		free($2);
405 	}
406 	;
407 
408 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
409 	{
410 		OUTYY(("P(rpz_log_name:%s)\n", $2));
411 		free(cfg_parser->cfg->auths->rpz_log_name);
412 		cfg_parser->cfg->auths->rpz_log_name = $2;
413 	}
414 	;
415 
416 rpzstart: VAR_RPZ
417 	{
418 		struct config_auth* s;
419 		OUTYY(("\nP(rpz:)\n"));
420 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
421 		if(s) {
422 			s->next = cfg_parser->cfg->auths;
423 			cfg_parser->cfg->auths = s;
424 			/* defaults for RPZ auth zone */
425 			s->for_downstream = 0;
426 			s->for_upstream = 0;
427 			s->fallback_enabled = 0;
428 			s->isrpz = 1;
429 		} else
430 			yyerror("out of memory");
431 	}
432 	;
433 contents_rpz: contents_rpz content_rpz
434 	| ;
435 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
436 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
437 	   rpz_log | rpz_log_name
438 	;
439 server_num_threads: VAR_NUM_THREADS STRING_ARG
440 	{
441 		OUTYY(("P(server_num_threads:%s)\n", $2));
442 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
443 			yyerror("number expected");
444 		else cfg_parser->cfg->num_threads = atoi($2);
445 		free($2);
446 	}
447 	;
448 server_verbosity: VAR_VERBOSITY STRING_ARG
449 	{
450 		OUTYY(("P(server_verbosity:%s)\n", $2));
451 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
452 			yyerror("number expected");
453 		else cfg_parser->cfg->verbosity = atoi($2);
454 		free($2);
455 	}
456 	;
457 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
458 	{
459 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
460 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
461 			cfg_parser->cfg->stat_interval = 0;
462 		else if(atoi($2) == 0)
463 			yyerror("number expected");
464 		else cfg_parser->cfg->stat_interval = atoi($2);
465 		free($2);
466 	}
467 	;
468 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
469 	{
470 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
471 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
472 			yyerror("expected yes or no.");
473 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
474 		free($2);
475 	}
476 	;
477 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
478 	{
479 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
480 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
481 			yyerror("expected yes or no.");
482 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
483 		free($2);
484 	}
485 	;
486 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
487 	{
488 		OUTYY(("P(server_shm_enable:%s)\n", $2));
489 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
490 			yyerror("expected yes or no.");
491 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
492 		free($2);
493 	}
494 	;
495 server_shm_key: VAR_SHM_KEY STRING_ARG
496 	{
497 		OUTYY(("P(server_shm_key:%s)\n", $2));
498 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
499 			cfg_parser->cfg->shm_key = 0;
500 		else if(atoi($2) == 0)
501 			yyerror("number expected");
502 		else cfg_parser->cfg->shm_key = atoi($2);
503 		free($2);
504 	}
505 	;
506 server_port: VAR_PORT STRING_ARG
507 	{
508 		OUTYY(("P(server_port:%s)\n", $2));
509 		if(atoi($2) == 0)
510 			yyerror("port number expected");
511 		else cfg_parser->cfg->port = atoi($2);
512 		free($2);
513 	}
514 	;
515 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
516 	{
517 	#ifdef CLIENT_SUBNET
518 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
519 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
520 			fatal_exit("out of memory adding client-subnet");
521 	#else
522 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
523 		free($2);
524 	#endif
525 	}
526 	;
527 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
528 	{
529 	#ifdef CLIENT_SUBNET
530 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
531 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
532 			$2))
533 			fatal_exit("out of memory adding client-subnet-zone");
534 	#else
535 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
536 		free($2);
537 	#endif
538 	}
539 	;
540 server_client_subnet_always_forward:
541 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
542 	{
543 	#ifdef CLIENT_SUBNET
544 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
545 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
546 			yyerror("expected yes or no.");
547 		else
548 			cfg_parser->cfg->client_subnet_always_forward =
549 				(strcmp($2, "yes")==0);
550 	#else
551 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
552 	#endif
553 		free($2);
554 	}
555 	;
556 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
557 	{
558 	#ifdef CLIENT_SUBNET
559 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
560 		OUTYY(("P(Deprecated option, ignoring)\n"));
561 	#else
562 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
563 	#endif
564 		free($2);
565 	}
566 	;
567 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
568 	{
569 	#ifdef CLIENT_SUBNET
570 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
571 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
572 			yyerror("IPv4 subnet length expected");
573 		else if (atoi($2) > 32)
574 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
575 		else if (atoi($2) < 0)
576 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
577 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
578 	#else
579 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
580 	#endif
581 		free($2);
582 	}
583 	;
584 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
585 	{
586 	#ifdef CLIENT_SUBNET
587 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
588 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
589 			yyerror("Ipv6 subnet length expected");
590 		else if (atoi($2) > 128)
591 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
592 		else if (atoi($2) < 0)
593 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
594 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
595 	#else
596 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
597 	#endif
598 		free($2);
599 	}
600 	;
601 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
602 	{
603 	#ifdef CLIENT_SUBNET
604 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
605 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
606 			yyerror("IPv4 subnet length expected");
607 		else if (atoi($2) > 32)
608 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
609 		else if (atoi($2) < 0)
610 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
611 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
612 	#else
613 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
614 	#endif
615 		free($2);
616 	}
617 	;
618 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
619 	{
620 	#ifdef CLIENT_SUBNET
621 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
622 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
623 			yyerror("Ipv6 subnet length expected");
624 		else if (atoi($2) > 128)
625 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
626 		else if (atoi($2) < 0)
627 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
628 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
629 	#else
630 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
631 	#endif
632 		free($2);
633 	}
634 	;
635 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
636 	{
637 	#ifdef CLIENT_SUBNET
638 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
639 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
640 			yyerror("IPv4 ECS tree size expected");
641 		else if (atoi($2) < 0)
642 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
643 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
644 	#else
645 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
646 	#endif
647 		free($2);
648 	}
649 	;
650 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
651 	{
652 	#ifdef CLIENT_SUBNET
653 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
654 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
655 			yyerror("IPv6 ECS tree size expected");
656 		else if (atoi($2) < 0)
657 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
658 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
659 	#else
660 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
661 	#endif
662 		free($2);
663 	}
664 	;
665 server_interface: VAR_INTERFACE STRING_ARG
666 	{
667 		OUTYY(("P(server_interface:%s)\n", $2));
668 		if(cfg_parser->cfg->num_ifs == 0)
669 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
670 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
671 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
672 		if(!cfg_parser->cfg->ifs)
673 			yyerror("out of memory");
674 		else
675 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
676 	}
677 	;
678 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
679 	{
680 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
681 		if(cfg_parser->cfg->num_out_ifs == 0)
682 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
683 		else 	cfg_parser->cfg->out_ifs = realloc(
684 			cfg_parser->cfg->out_ifs,
685 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
686 		if(!cfg_parser->cfg->out_ifs)
687 			yyerror("out of memory");
688 		else
689 			cfg_parser->cfg->out_ifs[
690 				cfg_parser->cfg->num_out_ifs++] = $2;
691 	}
692 	;
693 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
694 	{
695 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
696 		if(atoi($2) == 0)
697 			yyerror("number expected");
698 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
699 		free($2);
700 	}
701 	;
702 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
703 	{
704 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
705 		if(!cfg_mark_ports($2, 1,
706 			cfg_parser->cfg->outgoing_avail_ports, 65536))
707 			yyerror("port number or range (\"low-high\") expected");
708 		free($2);
709 	}
710 	;
711 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
712 	{
713 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
714 		if(!cfg_mark_ports($2, 0,
715 			cfg_parser->cfg->outgoing_avail_ports, 65536))
716 			yyerror("port number or range (\"low-high\") expected");
717 		free($2);
718 	}
719 	;
720 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
721 	{
722 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
723 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
724 			yyerror("number expected");
725 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
726 		free($2);
727 	}
728 	;
729 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
730 	{
731 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
732 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
733 			yyerror("number expected");
734 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
735 		free($2);
736 	}
737 	;
738 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
739 	{
740 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
741 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
742 			yyerror("expected yes or no.");
743 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
744 		free($2);
745 	}
746 	;
747 server_do_ip4: VAR_DO_IP4 STRING_ARG
748 	{
749 		OUTYY(("P(server_do_ip4:%s)\n", $2));
750 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
751 			yyerror("expected yes or no.");
752 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
753 		free($2);
754 	}
755 	;
756 server_do_ip6: VAR_DO_IP6 STRING_ARG
757 	{
758 		OUTYY(("P(server_do_ip6:%s)\n", $2));
759 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
760 			yyerror("expected yes or no.");
761 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
762 		free($2);
763 	}
764 	;
765 server_do_udp: VAR_DO_UDP STRING_ARG
766 	{
767 		OUTYY(("P(server_do_udp:%s)\n", $2));
768 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
769 			yyerror("expected yes or no.");
770 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
771 		free($2);
772 	}
773 	;
774 server_do_tcp: VAR_DO_TCP STRING_ARG
775 	{
776 		OUTYY(("P(server_do_tcp:%s)\n", $2));
777 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
778 			yyerror("expected yes or no.");
779 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
780 		free($2);
781 	}
782 	;
783 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
784 	{
785 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
786 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
787 			yyerror("expected yes or no.");
788 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
789 		free($2);
790 	}
791 	;
792 server_tcp_mss: VAR_TCP_MSS STRING_ARG
793 	{
794 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
795                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
796                         yyerror("number expected");
797                 else cfg_parser->cfg->tcp_mss = atoi($2);
798                 free($2);
799 	}
800 	;
801 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
802 	{
803 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
804 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
805 			yyerror("number expected");
806 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
807 		free($2);
808 	}
809 	;
810 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
811 	{
812 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
813 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
814 			yyerror("number expected");
815 		else if (atoi($2) > 120000)
816 			cfg_parser->cfg->tcp_idle_timeout = 120000;
817 		else if (atoi($2) < 1)
818 			cfg_parser->cfg->tcp_idle_timeout = 1;
819 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
820 		free($2);
821 	}
822 	;
823 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
824 	{
825 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
826 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
827 			yyerror("expected yes or no.");
828 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
829 		free($2);
830 	}
831 	;
832 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
833 	{
834 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
835 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
836 			yyerror("number expected");
837 		else if (atoi($2) > 6553500)
838 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
839 		else if (atoi($2) < 1)
840 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
841 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
842 		free($2);
843 	}
844 	;
845 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
846 	{
847 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
848 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849 			yyerror("expected yes or no.");
850 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
851 		free($2);
852 	}
853 	;
854 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
855 	{
856 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
857 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
858 			yyerror("expected yes or no.");
859 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
860 		free($2);
861 	}
862 	;
863 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
864 	{
865 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
866 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
867 			yyerror("expected yes or no.");
868 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
869 		free($2);
870 	}
871 	;
872 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
873 	{
874 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
875 		free(cfg_parser->cfg->ssl_service_key);
876 		cfg_parser->cfg->ssl_service_key = $2;
877 	}
878 	;
879 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
880 	{
881 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
882 		free(cfg_parser->cfg->ssl_service_pem);
883 		cfg_parser->cfg->ssl_service_pem = $2;
884 	}
885 	;
886 server_ssl_port: VAR_SSL_PORT STRING_ARG
887 	{
888 		OUTYY(("P(server_ssl_port:%s)\n", $2));
889 		if(atoi($2) == 0)
890 			yyerror("port number expected");
891 		else cfg_parser->cfg->ssl_port = atoi($2);
892 		free($2);
893 	}
894 	;
895 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
896 	{
897 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
898 		free(cfg_parser->cfg->tls_cert_bundle);
899 		cfg_parser->cfg->tls_cert_bundle = $2;
900 	}
901 	;
902 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
903 	{
904 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
905 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
906 			yyerror("expected yes or no.");
907 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
908 		free($2);
909 	}
910 	;
911 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
912 	{
913 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
914 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
915 			$2))
916 			yyerror("out of memory");
917 	}
918 	;
919 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
920 	{
921 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
922 		free(cfg_parser->cfg->tls_ciphers);
923 		cfg_parser->cfg->tls_ciphers = $2;
924 	}
925 	;
926 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
927 	{
928 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
929 		free(cfg_parser->cfg->tls_ciphersuites);
930 		cfg_parser->cfg->tls_ciphersuites = $2;
931 	}
932 	;
933 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
934 	{
935 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
936 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
937 			$2))
938 			yyerror("out of memory");
939 	}
940 	;
941 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
942 	{
943 		OUTYY(("P(server_use_systemd:%s)\n", $2));
944 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
945 			yyerror("expected yes or no.");
946 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
947 		free($2);
948 	}
949 	;
950 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
951 	{
952 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
953 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
954 			yyerror("expected yes or no.");
955 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
956 		free($2);
957 	}
958 	;
959 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
960 	{
961 		OUTYY(("P(server_use_syslog:%s)\n", $2));
962 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
963 			yyerror("expected yes or no.");
964 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
965 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
966 		if(strcmp($2, "yes") == 0)
967 			yyerror("no syslog services are available. "
968 				"(reconfigure and compile to add)");
969 #endif
970 		free($2);
971 	}
972 	;
973 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
974 	{
975 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
976 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
977 			yyerror("expected yes or no.");
978 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
979 		free($2);
980 	}
981 	;
982 server_log_queries: VAR_LOG_QUERIES STRING_ARG
983 	{
984 		OUTYY(("P(server_log_queries:%s)\n", $2));
985 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
986 			yyerror("expected yes or no.");
987 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
988 		free($2);
989 	}
990 	;
991 server_log_replies: VAR_LOG_REPLIES STRING_ARG
992   {
993   	OUTYY(("P(server_log_replies:%s)\n", $2));
994   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
995   		yyerror("expected yes or no.");
996   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
997   	free($2);
998   }
999   ;
1000 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1001   {
1002   	OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1003   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1004   		yyerror("expected yes or no.");
1005   	else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1006   	free($2);
1007   }
1008   ;
1009 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1010 	{
1011 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1012 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1013 			yyerror("expected yes or no.");
1014 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1015 		free($2);
1016 	}
1017 	;
1018 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1019   {
1020   	OUTYY(("P(server_log_local_actions:%s)\n", $2));
1021   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1022   		yyerror("expected yes or no.");
1023   	else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1024   	free($2);
1025   }
1026   ;
1027 server_chroot: VAR_CHROOT STRING_ARG
1028 	{
1029 		OUTYY(("P(server_chroot:%s)\n", $2));
1030 		free(cfg_parser->cfg->chrootdir);
1031 		cfg_parser->cfg->chrootdir = $2;
1032 	}
1033 	;
1034 server_username: VAR_USERNAME STRING_ARG
1035 	{
1036 		OUTYY(("P(server_username:%s)\n", $2));
1037 		free(cfg_parser->cfg->username);
1038 		cfg_parser->cfg->username = $2;
1039 	}
1040 	;
1041 server_directory: VAR_DIRECTORY STRING_ARG
1042 	{
1043 		OUTYY(("P(server_directory:%s)\n", $2));
1044 		free(cfg_parser->cfg->directory);
1045 		cfg_parser->cfg->directory = $2;
1046 		/* change there right away for includes relative to this */
1047 		if($2[0]) {
1048 			char* d;
1049 #ifdef UB_ON_WINDOWS
1050 			w_config_adjust_directory(cfg_parser->cfg);
1051 #endif
1052 			d = cfg_parser->cfg->directory;
1053 			/* adjust directory if we have already chroot,
1054 			 * like, we reread after sighup */
1055 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1056 				strncmp(d, cfg_parser->chroot, strlen(
1057 				cfg_parser->chroot)) == 0)
1058 				d += strlen(cfg_parser->chroot);
1059 			if(d[0]) {
1060 			    if(chdir(d))
1061 				log_err("cannot chdir to directory: %s (%s)",
1062 					d, strerror(errno));
1063 			}
1064 		}
1065 	}
1066 	;
1067 server_logfile: VAR_LOGFILE STRING_ARG
1068 	{
1069 		OUTYY(("P(server_logfile:%s)\n", $2));
1070 		free(cfg_parser->cfg->logfile);
1071 		cfg_parser->cfg->logfile = $2;
1072 		cfg_parser->cfg->use_syslog = 0;
1073 	}
1074 	;
1075 server_pidfile: VAR_PIDFILE STRING_ARG
1076 	{
1077 		OUTYY(("P(server_pidfile:%s)\n", $2));
1078 		free(cfg_parser->cfg->pidfile);
1079 		cfg_parser->cfg->pidfile = $2;
1080 	}
1081 	;
1082 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1083 	{
1084 		OUTYY(("P(server_root_hints:%s)\n", $2));
1085 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1086 			yyerror("out of memory");
1087 	}
1088 	;
1089 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1090 	{
1091 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1092 		free(cfg_parser->cfg->dlv_anchor_file);
1093 		cfg_parser->cfg->dlv_anchor_file = $2;
1094 	}
1095 	;
1096 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1097 	{
1098 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1099 		if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
1100 			yyerror("out of memory");
1101 	}
1102 	;
1103 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1104 	{
1105 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1106 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1107 			auto_trust_anchor_file_list, $2))
1108 			yyerror("out of memory");
1109 	}
1110 	;
1111 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1112 	{
1113 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1114 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1115 			trust_anchor_file_list, $2))
1116 			yyerror("out of memory");
1117 	}
1118 	;
1119 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1120 	{
1121 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1122 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1123 			trusted_keys_file_list, $2))
1124 			yyerror("out of memory");
1125 	}
1126 	;
1127 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1128 	{
1129 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1130 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1131 			yyerror("out of memory");
1132 	}
1133 	;
1134 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1135 	{
1136 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1137 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1138 			yyerror("expected yes or no.");
1139 		else
1140 			cfg_parser->cfg->trust_anchor_signaling =
1141 				(strcmp($2, "yes")==0);
1142 		free($2);
1143 	}
1144 	;
1145 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1146 	{
1147 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1148 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1149 			yyerror("expected yes or no.");
1150 		else
1151 			cfg_parser->cfg->root_key_sentinel =
1152 				(strcmp($2, "yes")==0);
1153 		free($2);
1154 	}
1155 	;
1156 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1157 	{
1158 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1159 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1160 			yyerror("out of memory");
1161 	}
1162 	;
1163 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1164 	{
1165 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1166 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1167 			yyerror("expected yes or no.");
1168 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1169 		free($2);
1170 	}
1171 	;
1172 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1173 	{
1174 		OUTYY(("P(server_hide_version:%s)\n", $2));
1175 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1176 			yyerror("expected yes or no.");
1177 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1178 		free($2);
1179 	}
1180 	;
1181 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1182 	{
1183 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1184 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1185 			yyerror("expected yes or no.");
1186 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1187 		free($2);
1188 	}
1189 	;
1190 server_identity: VAR_IDENTITY STRING_ARG
1191 	{
1192 		OUTYY(("P(server_identity:%s)\n", $2));
1193 		free(cfg_parser->cfg->identity);
1194 		cfg_parser->cfg->identity = $2;
1195 	}
1196 	;
1197 server_version: VAR_VERSION STRING_ARG
1198 	{
1199 		OUTYY(("P(server_version:%s)\n", $2));
1200 		free(cfg_parser->cfg->version);
1201 		cfg_parser->cfg->version = $2;
1202 	}
1203 	;
1204 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1205 	{
1206 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1207 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1208 			yyerror("buffer size expected");
1209 		free($2);
1210 	}
1211 	;
1212 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1213 	{
1214 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1215 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1216 			yyerror("buffer size expected");
1217 		free($2);
1218 	}
1219 	;
1220 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1221     {
1222         OUTYY(("P(server_so_reuseport:%s)\n", $2));
1223         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1224             yyerror("expected yes or no.");
1225         else cfg_parser->cfg->so_reuseport =
1226             (strcmp($2, "yes")==0);
1227         free($2);
1228     }
1229     ;
1230 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1231     {
1232         OUTYY(("P(server_ip_transparent:%s)\n", $2));
1233         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1234             yyerror("expected yes or no.");
1235         else cfg_parser->cfg->ip_transparent =
1236             (strcmp($2, "yes")==0);
1237         free($2);
1238     }
1239     ;
1240 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1241     {
1242         OUTYY(("P(server_ip_freebind:%s)\n", $2));
1243         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1244             yyerror("expected yes or no.");
1245         else cfg_parser->cfg->ip_freebind =
1246             (strcmp($2, "yes")==0);
1247         free($2);
1248     }
1249     ;
1250 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1251 	{
1252 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1253 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1254 			yyerror("memory size expected");
1255 		free($2);
1256 	}
1257 	;
1258 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1259 	{
1260 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1261 		if(atoi($2) == 0)
1262 			yyerror("number expected");
1263 		else if (atoi($2) < 12)
1264 			yyerror("edns buffer size too small");
1265 		else if (atoi($2) > 65535)
1266 			cfg_parser->cfg->edns_buffer_size = 65535;
1267 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1268 		free($2);
1269 	}
1270 	;
1271 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1272 	{
1273 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1274 		if(atoi($2) == 0)
1275 			yyerror("number expected");
1276 		else if (atoi($2) < 4096)
1277 			yyerror("message buffer size too small (use 4096)");
1278 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1279 		free($2);
1280 	}
1281 	;
1282 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1283 	{
1284 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1285 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1286 			yyerror("memory size expected");
1287 		free($2);
1288 	}
1289 	;
1290 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1291 	{
1292 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1293 		if(atoi($2) == 0)
1294 			yyerror("number expected");
1295 		else {
1296 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1297 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1298 				yyerror("must be a power of 2");
1299 		}
1300 		free($2);
1301 	}
1302 	;
1303 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1304 	{
1305 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1306 		if(atoi($2) == 0)
1307 			yyerror("number expected");
1308 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1309 		free($2);
1310 	}
1311 	;
1312 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1313 	{
1314 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1315 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1316 			yyerror("number expected");
1317 		else cfg_parser->cfg->jostle_time = atoi($2);
1318 		free($2);
1319 	}
1320 	;
1321 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1322 	{
1323 		OUTYY(("P(server_delay_close:%s)\n", $2));
1324 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1325 			yyerror("number expected");
1326 		else cfg_parser->cfg->delay_close = atoi($2);
1327 		free($2);
1328 	}
1329 	;
1330 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1331 	{
1332 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1333 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1334 			yyerror("expected yes or no.");
1335 		else cfg_parser->cfg->unblock_lan_zones =
1336 			(strcmp($2, "yes")==0);
1337 		free($2);
1338 	}
1339 	;
1340 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1341 	{
1342 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1343 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1344 			yyerror("expected yes or no.");
1345 		else cfg_parser->cfg->insecure_lan_zones =
1346 			(strcmp($2, "yes")==0);
1347 		free($2);
1348 	}
1349 	;
1350 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1351 	{
1352 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1353 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1354 			yyerror("memory size expected");
1355 		free($2);
1356 	}
1357 	;
1358 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1359 	{
1360 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1361 		if(atoi($2) == 0)
1362 			yyerror("number expected");
1363 		else {
1364 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1365 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1366 				yyerror("must be a power of 2");
1367 		}
1368 		free($2);
1369 	}
1370 	;
1371 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1372 	{
1373 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1374 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1375 			yyerror("number expected");
1376 		else cfg_parser->cfg->host_ttl = atoi($2);
1377 		free($2);
1378 	}
1379 	;
1380 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1381 	{
1382 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1383 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1384 			"removed, use infra-host-ttl)", $2);
1385 		free($2);
1386 	}
1387 	;
1388 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1389 	{
1390 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1391 		if(atoi($2) == 0)
1392 			yyerror("number expected");
1393 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1394 		free($2);
1395 	}
1396 	;
1397 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1398 	{
1399 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1400 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1401 			"(option removed, use infra-cache-numhosts)", $2);
1402 		free($2);
1403 	}
1404 	;
1405 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1406 	{
1407 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1408 		if(atoi($2) == 0)
1409 			yyerror("number expected");
1410 		else {
1411 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1412 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1413 				yyerror("must be a power of 2");
1414 		}
1415 		free($2);
1416 	}
1417 	;
1418 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1419 	{
1420 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1421 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1422 			yyerror("number expected");
1423 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1424 		free($2);
1425 	}
1426 	;
1427 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1428 	{
1429 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1430 		free(cfg_parser->cfg->target_fetch_policy);
1431 		cfg_parser->cfg->target_fetch_policy = $2;
1432 	}
1433 	;
1434 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1435 	{
1436 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1437 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1438 			yyerror("expected yes or no.");
1439 		else cfg_parser->cfg->harden_short_bufsize =
1440 			(strcmp($2, "yes")==0);
1441 		free($2);
1442 	}
1443 	;
1444 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1445 	{
1446 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1447 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1448 			yyerror("expected yes or no.");
1449 		else cfg_parser->cfg->harden_large_queries =
1450 			(strcmp($2, "yes")==0);
1451 		free($2);
1452 	}
1453 	;
1454 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1455 	{
1456 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1457 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1458 			yyerror("expected yes or no.");
1459 		else cfg_parser->cfg->harden_glue =
1460 			(strcmp($2, "yes")==0);
1461 		free($2);
1462 	}
1463 	;
1464 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1465 	{
1466 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1467 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1468 			yyerror("expected yes or no.");
1469 		else cfg_parser->cfg->harden_dnssec_stripped =
1470 			(strcmp($2, "yes")==0);
1471 		free($2);
1472 	}
1473 	;
1474 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1475 	{
1476 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1477 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1478 			yyerror("expected yes or no.");
1479 		else cfg_parser->cfg->harden_below_nxdomain =
1480 			(strcmp($2, "yes")==0);
1481 		free($2);
1482 	}
1483 	;
1484 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1485 	{
1486 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1487 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1488 			yyerror("expected yes or no.");
1489 		else cfg_parser->cfg->harden_referral_path =
1490 			(strcmp($2, "yes")==0);
1491 		free($2);
1492 	}
1493 	;
1494 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1495 	{
1496 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1497 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1498 			yyerror("expected yes or no.");
1499 		else cfg_parser->cfg->harden_algo_downgrade =
1500 			(strcmp($2, "yes")==0);
1501 		free($2);
1502 	}
1503 	;
1504 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1505 	{
1506 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1507 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1508 			yyerror("expected yes or no.");
1509 		else cfg_parser->cfg->use_caps_bits_for_id =
1510 			(strcmp($2, "yes")==0);
1511 		free($2);
1512 	}
1513 	;
1514 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1515 	{
1516 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1517 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1518 			yyerror("out of memory");
1519 	}
1520 	;
1521 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1522 	{
1523 		OUTYY(("P(server_private_address:%s)\n", $2));
1524 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1525 			yyerror("out of memory");
1526 	}
1527 	;
1528 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1529 	{
1530 		OUTYY(("P(server_private_domain:%s)\n", $2));
1531 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1532 			yyerror("out of memory");
1533 	}
1534 	;
1535 server_prefetch: VAR_PREFETCH STRING_ARG
1536 	{
1537 		OUTYY(("P(server_prefetch:%s)\n", $2));
1538 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1539 			yyerror("expected yes or no.");
1540 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1541 		free($2);
1542 	}
1543 	;
1544 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1545 	{
1546 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1547 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1548 			yyerror("expected yes or no.");
1549 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1550 		free($2);
1551 	}
1552 	;
1553 server_deny_any: VAR_DENY_ANY STRING_ARG
1554 	{
1555 		OUTYY(("P(server_deny_any:%s)\n", $2));
1556 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1557 			yyerror("expected yes or no.");
1558 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1559 		free($2);
1560 	}
1561 	;
1562 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1563 	{
1564 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1565 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1566 			yyerror("number expected");
1567 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1568 		free($2);
1569 	}
1570 	;
1571 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1572 	{
1573 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1574 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1575 			yyerror("out of memory");
1576 	}
1577 	;
1578 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1579 	{
1580 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1581 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1582 			yyerror("expected yes or no.");
1583 		else cfg_parser->cfg->donotquery_localhost =
1584 			(strcmp($2, "yes")==0);
1585 		free($2);
1586 	}
1587 	;
1588 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1589 	{
1590 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1591 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1592 			strcmp($3, "deny_non_local")!=0 &&
1593 			strcmp($3, "refuse_non_local")!=0 &&
1594 			strcmp($3, "allow_setrd")!=0 &&
1595 			strcmp($3, "allow")!=0 &&
1596 			strcmp($3, "allow_snoop")!=0) {
1597 			yyerror("expected deny, refuse, deny_non_local, "
1598 				"refuse_non_local, allow, allow_setrd or "
1599 				"allow_snoop in access control action");
1600 			free($2);
1601 			free($3);
1602 		} else {
1603 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1604 				fatal_exit("out of memory adding acl");
1605 		}
1606 	}
1607 	;
1608 server_module_conf: VAR_MODULE_CONF STRING_ARG
1609 	{
1610 		OUTYY(("P(server_module_conf:%s)\n", $2));
1611 		free(cfg_parser->cfg->module_conf);
1612 		cfg_parser->cfg->module_conf = $2;
1613 	}
1614 	;
1615 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1616 	{
1617 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1618 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1619 			cfg_parser->cfg->val_date_override = 0;
1620 		} else if(strlen($2) == 14) {
1621 			cfg_parser->cfg->val_date_override =
1622 				cfg_convert_timeval($2);
1623 			if(!cfg_parser->cfg->val_date_override)
1624 				yyerror("bad date/time specification");
1625 		} else {
1626 			if(atoi($2) == 0)
1627 				yyerror("number expected");
1628 			cfg_parser->cfg->val_date_override = atoi($2);
1629 		}
1630 		free($2);
1631 	}
1632 	;
1633 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1634 	{
1635 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1636 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1637 			cfg_parser->cfg->val_sig_skew_min = 0;
1638 		} else {
1639 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1640 			if(!cfg_parser->cfg->val_sig_skew_min)
1641 				yyerror("number expected");
1642 		}
1643 		free($2);
1644 	}
1645 	;
1646 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1647 	{
1648 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1649 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1650 			cfg_parser->cfg->val_sig_skew_max = 0;
1651 		} else {
1652 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1653 			if(!cfg_parser->cfg->val_sig_skew_max)
1654 				yyerror("number expected");
1655 		}
1656 		free($2);
1657 	}
1658 	;
1659 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1660 	{
1661 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1662 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1663 			yyerror("number expected");
1664 		else cfg_parser->cfg->max_ttl = atoi($2);
1665 		free($2);
1666 	}
1667 	;
1668 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1669 	{
1670 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1671 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1672 			yyerror("number expected");
1673 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1674 		free($2);
1675 	}
1676 	;
1677 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1678 	{
1679 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1680 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1681 			yyerror("number expected");
1682 		else cfg_parser->cfg->min_ttl = atoi($2);
1683 		free($2);
1684 	}
1685 	;
1686 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1687 	{
1688 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1689 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1690 			yyerror("number expected");
1691 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1692 		free($2);
1693 	}
1694 	;
1695 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1696 	{
1697 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1698 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1699 			yyerror("expected yes or no.");
1700 		else cfg_parser->cfg->val_clean_additional =
1701 			(strcmp($2, "yes")==0);
1702 		free($2);
1703 	}
1704 	;
1705 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1706 	{
1707 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1708 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1709 			yyerror("expected yes or no.");
1710 		else cfg_parser->cfg->val_permissive_mode =
1711 			(strcmp($2, "yes")==0);
1712 		free($2);
1713 	}
1714 	;
1715 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1716 	{
1717 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1718 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1719 			yyerror("expected yes or no.");
1720 		else
1721 			cfg_parser->cfg->aggressive_nsec =
1722 				(strcmp($2, "yes")==0);
1723 		free($2);
1724 	}
1725 	;
1726 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1727 	{
1728 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1729 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1730 			yyerror("expected yes or no.");
1731 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1732 		free($2);
1733 	}
1734 	;
1735 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1736 	{
1737 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1738 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1739 			yyerror("expected yes or no.");
1740 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1741 		free($2);
1742 	}
1743 	;
1744 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1745 	{
1746 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1747 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1748 			yyerror("number expected");
1749 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1750 		free($2);
1751 	}
1752 	;
1753 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1754 	{
1755 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1756 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1757 			yyerror("expected yes or no.");
1758 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1759 		free($2);
1760 	}
1761 	;
1762 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
1763 	{
1764 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
1765 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1766 			yyerror("number expected");
1767 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
1768 		free($2);
1769 	}
1770 	;
1771 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
1772 	{
1773 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
1774 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1775 			yyerror("number expected");
1776 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
1777 		free($2);
1778 	}
1779 	;
1780 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1781 	{
1782 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
1783 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1784 			yyerror("expected yes or no.");
1785 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1786 		else fake_dsa = (strcmp($2, "yes")==0);
1787 		if(fake_dsa)
1788 			log_warn("test option fake_dsa is enabled");
1789 #endif
1790 		free($2);
1791 	}
1792 	;
1793 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1794 	{
1795 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
1796 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1797 			yyerror("expected yes or no.");
1798 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1799 		else fake_sha1 = (strcmp($2, "yes")==0);
1800 		if(fake_sha1)
1801 			log_warn("test option fake_sha1 is enabled");
1802 #endif
1803 		free($2);
1804 	}
1805 	;
1806 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1807 	{
1808 		OUTYY(("P(server_val_log_level:%s)\n", $2));
1809 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1810 			yyerror("number expected");
1811 		else cfg_parser->cfg->val_log_level = atoi($2);
1812 		free($2);
1813 	}
1814 	;
1815 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1816 	{
1817 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1818 		free(cfg_parser->cfg->val_nsec3_key_iterations);
1819 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
1820 	}
1821 	;
1822 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1823 	{
1824 		OUTYY(("P(server_add_holddown:%s)\n", $2));
1825 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1826 			yyerror("number expected");
1827 		else cfg_parser->cfg->add_holddown = atoi($2);
1828 		free($2);
1829 	}
1830 	;
1831 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1832 	{
1833 		OUTYY(("P(server_del_holddown:%s)\n", $2));
1834 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1835 			yyerror("number expected");
1836 		else cfg_parser->cfg->del_holddown = atoi($2);
1837 		free($2);
1838 	}
1839 	;
1840 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1841 	{
1842 		OUTYY(("P(server_keep_missing:%s)\n", $2));
1843 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1844 			yyerror("number expected");
1845 		else cfg_parser->cfg->keep_missing = atoi($2);
1846 		free($2);
1847 	}
1848 	;
1849 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1850 	{
1851 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1852 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1853 			yyerror("expected yes or no.");
1854 		else cfg_parser->cfg->permit_small_holddown =
1855 			(strcmp($2, "yes")==0);
1856 		free($2);
1857 	}
1858 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1859 	{
1860 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
1861 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1862 			yyerror("memory size expected");
1863 		free($2);
1864 	}
1865 	;
1866 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1867 	{
1868 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1869 		if(atoi($2) == 0)
1870 			yyerror("number expected");
1871 		else {
1872 			cfg_parser->cfg->key_cache_slabs = atoi($2);
1873 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1874 				yyerror("must be a power of 2");
1875 		}
1876 		free($2);
1877 	}
1878 	;
1879 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1880 	{
1881 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1882 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1883 			yyerror("memory size expected");
1884 		free($2);
1885 	}
1886 	;
1887 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1888 	{
1889 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1890 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1891 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1892 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1893 		   && strcmp($3, "typetransparent")!=0
1894 		   && strcmp($3, "always_transparent")!=0
1895 		   && strcmp($3, "always_refuse")!=0
1896 		   && strcmp($3, "always_nxdomain")!=0
1897 		   && strcmp($3, "noview")!=0
1898 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
1899 		   && strcmp($3, "inform_redirect") != 0
1900 			 && strcmp($3, "ipset") != 0) {
1901 			yyerror("local-zone type: expected static, deny, "
1902 				"refuse, redirect, transparent, "
1903 				"typetransparent, inform, inform_deny, "
1904 				"inform_redirect, always_transparent, "
1905 				"always_refuse, always_nxdomain, noview "
1906 				", nodefault or ipset");
1907 			free($2);
1908 			free($3);
1909 		} else if(strcmp($3, "nodefault")==0) {
1910 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1911 				local_zones_nodefault, $2))
1912 				fatal_exit("out of memory adding local-zone");
1913 			free($3);
1914 #ifdef USE_IPSET
1915 		} else if(strcmp($3, "ipset")==0) {
1916 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1917 				local_zones_ipset, $2))
1918 				fatal_exit("out of memory adding local-zone");
1919 			free($3);
1920 #endif
1921 		} else {
1922 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1923 				$2, $3))
1924 				fatal_exit("out of memory adding local-zone");
1925 		}
1926 	}
1927 	;
1928 server_local_data: VAR_LOCAL_DATA STRING_ARG
1929 	{
1930 		OUTYY(("P(server_local_data:%s)\n", $2));
1931 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1932 			fatal_exit("out of memory adding local-data");
1933 	}
1934 	;
1935 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1936 	{
1937 		char* ptr;
1938 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1939 		ptr = cfg_ptr_reverse($2);
1940 		free($2);
1941 		if(ptr) {
1942 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1943 				local_data, ptr))
1944 				fatal_exit("out of memory adding local-data");
1945 		} else {
1946 			yyerror("local-data-ptr could not be reversed");
1947 		}
1948 	}
1949 	;
1950 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1951 	{
1952 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
1953 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1954 			yyerror("expected yes or no.");
1955 		else cfg_parser->cfg->minimal_responses =
1956 			(strcmp($2, "yes")==0);
1957 		free($2);
1958 	}
1959 	;
1960 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1961 	{
1962 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1963 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1964 			yyerror("expected yes or no.");
1965 		else cfg_parser->cfg->rrset_roundrobin =
1966 			(strcmp($2, "yes")==0);
1967 		free($2);
1968 	}
1969 	;
1970 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
1971 	{
1972 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
1973 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
1974 		free($2);
1975 	}
1976 	;
1977 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1978 	{
1979 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
1980 		cfg_parser->cfg->max_udp_size = atoi($2);
1981 		free($2);
1982 	}
1983 	;
1984 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1985 	{
1986 		OUTYY(("P(dns64_prefix:%s)\n", $2));
1987 		free(cfg_parser->cfg->dns64_prefix);
1988 		cfg_parser->cfg->dns64_prefix = $2;
1989 	}
1990 	;
1991 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1992 	{
1993 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1994 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1995 			yyerror("expected yes or no.");
1996 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1997 		free($2);
1998 	}
1999 	;
2000 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2001 	{
2002 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2003 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2004 			$2))
2005 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2006 	}
2007 	;
2008 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2009 	{
2010 		char* p, *s = $2;
2011 		OUTYY(("P(server_define_tag:%s)\n", $2));
2012 		while((p=strsep(&s, " \t\n")) != NULL) {
2013 			if(*p) {
2014 				if(!config_add_tag(cfg_parser->cfg, p))
2015 					yyerror("could not define-tag, "
2016 						"out of memory");
2017 			}
2018 		}
2019 		free($2);
2020 	}
2021 	;
2022 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2023 	{
2024 		size_t len = 0;
2025 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2026 			&len);
2027 		free($3);
2028 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2029 		if(!bitlist) {
2030 			yyerror("could not parse tags, (define-tag them first)");
2031 			free($2);
2032 		}
2033 		if(bitlist) {
2034 			if(!cfg_strbytelist_insert(
2035 				&cfg_parser->cfg->local_zone_tags,
2036 				$2, bitlist, len)) {
2037 				yyerror("out of memory");
2038 				free($2);
2039 			}
2040 		}
2041 	}
2042 	;
2043 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2044 	{
2045 		size_t len = 0;
2046 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2047 			&len);
2048 		free($3);
2049 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2050 		if(!bitlist) {
2051 			yyerror("could not parse tags, (define-tag them first)");
2052 			free($2);
2053 		}
2054 		if(bitlist) {
2055 			if(!cfg_strbytelist_insert(
2056 				&cfg_parser->cfg->acl_tags,
2057 				$2, bitlist, len)) {
2058 				yyerror("out of memory");
2059 				free($2);
2060 			}
2061 		}
2062 	}
2063 	;
2064 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2065 	{
2066 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2067 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2068 			$2, $3, $4)) {
2069 			yyerror("out of memory");
2070 			free($2);
2071 			free($3);
2072 			free($4);
2073 		}
2074 	}
2075 	;
2076 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2077 	{
2078 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2079 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2080 			$2, $3, $4)) {
2081 			yyerror("out of memory");
2082 			free($2);
2083 			free($3);
2084 			free($4);
2085 		}
2086 	}
2087 	;
2088 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2089 	{
2090 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2091 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2092 			$2, $3, $4)) {
2093 			yyerror("out of memory");
2094 			free($2);
2095 			free($3);
2096 			free($4);
2097 		}
2098 	}
2099 	;
2100 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2101 	{
2102 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2103 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2104 			$2, $3)) {
2105 			yyerror("out of memory");
2106 		}
2107 	}
2108 	;
2109 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2110 	{
2111 		size_t len = 0;
2112 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2113 			&len);
2114 		free($3);
2115 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2116 		if(!bitlist) {
2117 			yyerror("could not parse tags, (define-tag them first)");
2118 			free($2);
2119 		}
2120 		if(bitlist) {
2121 			if(!cfg_strbytelist_insert(
2122 				&cfg_parser->cfg->respip_tags,
2123 				$2, bitlist, len)) {
2124 				yyerror("out of memory");
2125 				free($2);
2126 			}
2127 		}
2128 	}
2129 	;
2130 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2131 	{
2132 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2133 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2134 			yyerror("number expected");
2135 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2136 		free($2);
2137 	}
2138 	;
2139 
2140 server_ratelimit: VAR_RATELIMIT STRING_ARG
2141 	{
2142 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2143 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2144 			yyerror("number expected");
2145 		else cfg_parser->cfg->ratelimit = atoi($2);
2146 		free($2);
2147 	}
2148 	;
2149 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2150   {
2151   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2152   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2153   		yyerror("memory size expected");
2154   	free($2);
2155   }
2156   ;
2157 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2158 	{
2159 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2160 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2161 			yyerror("memory size expected");
2162 		free($2);
2163 	}
2164 	;
2165 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2166   {
2167   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2168   	if(atoi($2) == 0)
2169   		yyerror("number expected");
2170   	else {
2171   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2172   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2173   			yyerror("must be a power of 2");
2174   	}
2175   	free($2);
2176   }
2177   ;
2178 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2179 	{
2180 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2181 		if(atoi($2) == 0)
2182 			yyerror("number expected");
2183 		else {
2184 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2185 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2186 				yyerror("must be a power of 2");
2187 		}
2188 		free($2);
2189 	}
2190 	;
2191 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2192 	{
2193 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2194 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2195 			yyerror("number expected");
2196 			free($2);
2197 			free($3);
2198 		} else {
2199 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2200 				ratelimit_for_domain, $2, $3))
2201 				fatal_exit("out of memory adding "
2202 					"ratelimit-for-domain");
2203 		}
2204 	}
2205 	;
2206 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2207 	{
2208 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2209 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2210 			yyerror("number expected");
2211 			free($2);
2212 			free($3);
2213 		} else {
2214 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2215 				ratelimit_below_domain, $2, $3))
2216 				fatal_exit("out of memory adding "
2217 					"ratelimit-below-domain");
2218 		}
2219 	}
2220 	;
2221 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2222   {
2223   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2224   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
2225   		yyerror("number expected");
2226   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2227   	free($2);
2228 	}
2229 	;
2230 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2231 	{
2232 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2233 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2234 			yyerror("number expected");
2235 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2236 		free($2);
2237 	}
2238 	;
2239 server_low_rtt: VAR_LOW_RTT STRING_ARG
2240 	{
2241 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2242 		free($2);
2243 	}
2244 	;
2245 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2246 	{
2247 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2248 		if(atoi($2) <= 0)
2249 			yyerror("number expected");
2250 		else cfg_parser->cfg->fast_server_num = atoi($2);
2251 		free($2);
2252 	}
2253 	;
2254 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2255 	{
2256 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2257 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2258 			yyerror("number expected");
2259 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2260 		free($2);
2261 	}
2262 	;
2263 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2264 	{
2265 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2266 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2267 			yyerror("expected yes or no.");
2268 		else cfg_parser->cfg->qname_minimisation =
2269 			(strcmp($2, "yes")==0);
2270 		free($2);
2271 	}
2272 	;
2273 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2274 	{
2275 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2276 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2277 			yyerror("expected yes or no.");
2278 		else cfg_parser->cfg->qname_minimisation_strict =
2279 			(strcmp($2, "yes")==0);
2280 		free($2);
2281 	}
2282 	;
2283 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2284 	{
2285 	#ifdef USE_IPSECMOD
2286 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2287 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2288 			yyerror("expected yes or no.");
2289 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2290 	#else
2291 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2292 	#endif
2293 		free($2);
2294 	}
2295 	;
2296 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2297 	{
2298 	#ifdef USE_IPSECMOD
2299 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2300 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2301 			yyerror("expected yes or no.");
2302 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2303 	#else
2304 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2305 	#endif
2306 		free($2);
2307 	}
2308 	;
2309 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2310 	{
2311 	#ifdef USE_IPSECMOD
2312 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2313 		free(cfg_parser->cfg->ipsecmod_hook);
2314 		cfg_parser->cfg->ipsecmod_hook = $2;
2315 	#else
2316 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2317 		free($2);
2318 	#endif
2319 	}
2320 	;
2321 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2322 	{
2323 	#ifdef USE_IPSECMOD
2324 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2325 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2326 			yyerror("number expected");
2327 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2328 		free($2);
2329 	#else
2330 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2331 		free($2);
2332 	#endif
2333 	}
2334 	;
2335 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2336 	{
2337 	#ifdef USE_IPSECMOD
2338 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2339 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2340 			yyerror("out of memory");
2341 	#else
2342 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2343 		free($2);
2344 	#endif
2345 	}
2346 	;
2347 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2348 	{
2349 	#ifdef USE_IPSECMOD
2350 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2351 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2352 			yyerror("expected yes or no.");
2353 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2354 		free($2);
2355 	#else
2356 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2357 		free($2);
2358 	#endif
2359 	}
2360 	;
2361 stub_name: VAR_NAME STRING_ARG
2362 	{
2363 		OUTYY(("P(name:%s)\n", $2));
2364 		if(cfg_parser->cfg->stubs->name)
2365 			yyerror("stub name override, there must be one name "
2366 				"for one stub-zone");
2367 		free(cfg_parser->cfg->stubs->name);
2368 		cfg_parser->cfg->stubs->name = $2;
2369 	}
2370 	;
2371 stub_host: VAR_STUB_HOST STRING_ARG
2372 	{
2373 		OUTYY(("P(stub-host:%s)\n", $2));
2374 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2375 			yyerror("out of memory");
2376 	}
2377 	;
2378 stub_addr: VAR_STUB_ADDR STRING_ARG
2379 	{
2380 		OUTYY(("P(stub-addr:%s)\n", $2));
2381 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2382 			yyerror("out of memory");
2383 	}
2384 	;
2385 stub_first: VAR_STUB_FIRST STRING_ARG
2386 	{
2387 		OUTYY(("P(stub-first:%s)\n", $2));
2388 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2389 			yyerror("expected yes or no.");
2390 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2391 		free($2);
2392 	}
2393 	;
2394 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2395 	{
2396 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2397 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2398 			yyerror("expected yes or no.");
2399 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2400 		free($2);
2401 	}
2402 	;
2403 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2404 	{
2405 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2406 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2407 			yyerror("expected yes or no.");
2408 		else cfg_parser->cfg->stubs->ssl_upstream =
2409 			(strcmp($2, "yes")==0);
2410 		free($2);
2411 	}
2412 	;
2413 stub_prime: VAR_STUB_PRIME STRING_ARG
2414 	{
2415 		OUTYY(("P(stub-prime:%s)\n", $2));
2416 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2417 			yyerror("expected yes or no.");
2418 		else cfg_parser->cfg->stubs->isprime =
2419 			(strcmp($2, "yes")==0);
2420 		free($2);
2421 	}
2422 	;
2423 forward_name: VAR_NAME STRING_ARG
2424 	{
2425 		OUTYY(("P(name:%s)\n", $2));
2426 		if(cfg_parser->cfg->forwards->name)
2427 			yyerror("forward name override, there must be one "
2428 				"name for one forward-zone");
2429 		free(cfg_parser->cfg->forwards->name);
2430 		cfg_parser->cfg->forwards->name = $2;
2431 	}
2432 	;
2433 forward_host: VAR_FORWARD_HOST STRING_ARG
2434 	{
2435 		OUTYY(("P(forward-host:%s)\n", $2));
2436 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2437 			yyerror("out of memory");
2438 	}
2439 	;
2440 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2441 	{
2442 		OUTYY(("P(forward-addr:%s)\n", $2));
2443 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2444 			yyerror("out of memory");
2445 	}
2446 	;
2447 forward_first: VAR_FORWARD_FIRST STRING_ARG
2448 	{
2449 		OUTYY(("P(forward-first:%s)\n", $2));
2450 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2451 			yyerror("expected yes or no.");
2452 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2453 		free($2);
2454 	}
2455 	;
2456 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2457 	{
2458 		OUTYY(("P(forward-no-cache:%s)\n", $2));
2459 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2460 			yyerror("expected yes or no.");
2461 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2462 		free($2);
2463 	}
2464 	;
2465 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2466 	{
2467 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2468 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2469 			yyerror("expected yes or no.");
2470 		else cfg_parser->cfg->forwards->ssl_upstream =
2471 			(strcmp($2, "yes")==0);
2472 		free($2);
2473 	}
2474 	;
2475 auth_name: VAR_NAME STRING_ARG
2476 	{
2477 		OUTYY(("P(name:%s)\n", $2));
2478 		if(cfg_parser->cfg->auths->name)
2479 			yyerror("auth name override, there must be one name "
2480 				"for one auth-zone");
2481 		free(cfg_parser->cfg->auths->name);
2482 		cfg_parser->cfg->auths->name = $2;
2483 	}
2484 	;
2485 auth_zonefile: VAR_ZONEFILE STRING_ARG
2486 	{
2487 		OUTYY(("P(zonefile:%s)\n", $2));
2488 		free(cfg_parser->cfg->auths->zonefile);
2489 		cfg_parser->cfg->auths->zonefile = $2;
2490 	}
2491 	;
2492 auth_master: VAR_MASTER STRING_ARG
2493 	{
2494 		OUTYY(("P(master:%s)\n", $2));
2495 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2496 			yyerror("out of memory");
2497 	}
2498 	;
2499 auth_url: VAR_URL STRING_ARG
2500 	{
2501 		OUTYY(("P(url:%s)\n", $2));
2502 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2503 			yyerror("out of memory");
2504 	}
2505 	;
2506 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2507 	{
2508 		OUTYY(("P(allow-notify:%s)\n", $2));
2509 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2510 			$2))
2511 			yyerror("out of memory");
2512 	}
2513 	;
2514 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2515 	{
2516 		OUTYY(("P(for-downstream:%s)\n", $2));
2517 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2518 			yyerror("expected yes or no.");
2519 		else cfg_parser->cfg->auths->for_downstream =
2520 			(strcmp($2, "yes")==0);
2521 		free($2);
2522 	}
2523 	;
2524 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2525 	{
2526 		OUTYY(("P(for-upstream:%s)\n", $2));
2527 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2528 			yyerror("expected yes or no.");
2529 		else cfg_parser->cfg->auths->for_upstream =
2530 			(strcmp($2, "yes")==0);
2531 		free($2);
2532 	}
2533 	;
2534 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2535 	{
2536 		OUTYY(("P(fallback-enabled:%s)\n", $2));
2537 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2538 			yyerror("expected yes or no.");
2539 		else cfg_parser->cfg->auths->fallback_enabled =
2540 			(strcmp($2, "yes")==0);
2541 		free($2);
2542 	}
2543 	;
2544 view_name: VAR_NAME STRING_ARG
2545 	{
2546 		OUTYY(("P(name:%s)\n", $2));
2547 		if(cfg_parser->cfg->views->name)
2548 			yyerror("view name override, there must be one "
2549 				"name for one view");
2550 		free(cfg_parser->cfg->views->name);
2551 		cfg_parser->cfg->views->name = $2;
2552 	}
2553 	;
2554 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2555 	{
2556 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2557 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2558 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2559 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2560 		   && strcmp($3, "typetransparent")!=0
2561 		   && strcmp($3, "always_transparent")!=0
2562 		   && strcmp($3, "always_refuse")!=0
2563 		   && strcmp($3, "always_nxdomain")!=0
2564 		   && strcmp($3, "noview")!=0
2565 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2566 			yyerror("local-zone type: expected static, deny, "
2567 				"refuse, redirect, transparent, "
2568 				"typetransparent, inform, inform_deny, "
2569 				"always_transparent, always_refuse, "
2570 				"always_nxdomain, noview or nodefault");
2571 			free($2);
2572 			free($3);
2573 		} else if(strcmp($3, "nodefault")==0) {
2574 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2575 				local_zones_nodefault, $2))
2576 				fatal_exit("out of memory adding local-zone");
2577 			free($3);
2578 #ifdef USE_IPSET
2579 		} else if(strcmp($3, "ipset")==0) {
2580 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2581 				local_zones_ipset, $2))
2582 				fatal_exit("out of memory adding local-zone");
2583 			free($3);
2584 #endif
2585 		} else {
2586 			if(!cfg_str2list_insert(
2587 				&cfg_parser->cfg->views->local_zones,
2588 				$2, $3))
2589 				fatal_exit("out of memory adding local-zone");
2590 		}
2591 	}
2592 	;
2593 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2594 	{
2595 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2596 		validate_respip_action($3);
2597 		if(!cfg_str2list_insert(
2598 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2599 			fatal_exit("out of memory adding per-view "
2600 				"response-ip action");
2601 	}
2602 	;
2603 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2604 	{
2605 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2606 		if(!cfg_str2list_insert(
2607 			&cfg_parser->cfg->views->respip_data, $2, $3))
2608 			fatal_exit("out of memory adding response-ip-data");
2609 	}
2610 	;
2611 view_local_data: VAR_LOCAL_DATA STRING_ARG
2612 	{
2613 		OUTYY(("P(view_local_data:%s)\n", $2));
2614 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2615 			fatal_exit("out of memory adding local-data");
2616 		}
2617 	}
2618 	;
2619 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2620 	{
2621 		char* ptr;
2622 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2623 		ptr = cfg_ptr_reverse($2);
2624 		free($2);
2625 		if(ptr) {
2626 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2627 				local_data, ptr))
2628 				fatal_exit("out of memory adding local-data");
2629 		} else {
2630 			yyerror("local-data-ptr could not be reversed");
2631 		}
2632 	}
2633 	;
2634 view_first: VAR_VIEW_FIRST STRING_ARG
2635 	{
2636 		OUTYY(("P(view-first:%s)\n", $2));
2637 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2638 			yyerror("expected yes or no.");
2639 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2640 		free($2);
2641 	}
2642 	;
2643 rcstart: VAR_REMOTE_CONTROL
2644 	{
2645 		OUTYY(("\nP(remote-control:)\n"));
2646 	}
2647 	;
2648 contents_rc: contents_rc content_rc
2649 	| ;
2650 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2651 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2652 	rc_control_cert_file | rc_control_use_cert
2653 	;
2654 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2655 	{
2656 		OUTYY(("P(control_enable:%s)\n", $2));
2657 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2658 			yyerror("expected yes or no.");
2659 		else cfg_parser->cfg->remote_control_enable =
2660 			(strcmp($2, "yes")==0);
2661 		free($2);
2662 	}
2663 	;
2664 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2665 	{
2666 		OUTYY(("P(control_port:%s)\n", $2));
2667 		if(atoi($2) == 0)
2668 			yyerror("control port number expected");
2669 		else cfg_parser->cfg->control_port = atoi($2);
2670 		free($2);
2671 	}
2672 	;
2673 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2674 	{
2675 		OUTYY(("P(control_interface:%s)\n", $2));
2676 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2677 			yyerror("out of memory");
2678 	}
2679 	;
2680 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2681 	{
2682 		OUTYY(("P(control_use_cert:%s)\n", $2));
2683 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2684 		free($2);
2685 	}
2686 	;
2687 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2688 	{
2689 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
2690 		free(cfg_parser->cfg->server_key_file);
2691 		cfg_parser->cfg->server_key_file = $2;
2692 	}
2693 	;
2694 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2695 	{
2696 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2697 		free(cfg_parser->cfg->server_cert_file);
2698 		cfg_parser->cfg->server_cert_file = $2;
2699 	}
2700 	;
2701 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2702 	{
2703 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
2704 		free(cfg_parser->cfg->control_key_file);
2705 		cfg_parser->cfg->control_key_file = $2;
2706 	}
2707 	;
2708 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2709 	{
2710 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2711 		free(cfg_parser->cfg->control_cert_file);
2712 		cfg_parser->cfg->control_cert_file = $2;
2713 	}
2714 	;
2715 dtstart: VAR_DNSTAP
2716 	{
2717 		OUTYY(("\nP(dnstap:)\n"));
2718 	}
2719 	;
2720 contents_dt: contents_dt content_dt
2721 	| ;
2722 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2723 	dt_dnstap_send_identity | dt_dnstap_send_version |
2724 	dt_dnstap_identity | dt_dnstap_version |
2725 	dt_dnstap_log_resolver_query_messages |
2726 	dt_dnstap_log_resolver_response_messages |
2727 	dt_dnstap_log_client_query_messages |
2728 	dt_dnstap_log_client_response_messages |
2729 	dt_dnstap_log_forwarder_query_messages |
2730 	dt_dnstap_log_forwarder_response_messages
2731 	;
2732 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2733 	{
2734 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2735 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2736 			yyerror("expected yes or no.");
2737 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2738 		free($2);
2739 	}
2740 	;
2741 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2742 	{
2743 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2744 		free(cfg_parser->cfg->dnstap_socket_path);
2745 		cfg_parser->cfg->dnstap_socket_path = $2;
2746 	}
2747 	;
2748 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2749 	{
2750 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2751 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2752 			yyerror("expected yes or no.");
2753 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2754 		free($2);
2755 	}
2756 	;
2757 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2758 	{
2759 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2760 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2761 			yyerror("expected yes or no.");
2762 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2763 		free($2);
2764 	}
2765 	;
2766 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2767 	{
2768 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2769 		free(cfg_parser->cfg->dnstap_identity);
2770 		cfg_parser->cfg->dnstap_identity = $2;
2771 	}
2772 	;
2773 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2774 	{
2775 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2776 		free(cfg_parser->cfg->dnstap_version);
2777 		cfg_parser->cfg->dnstap_version = $2;
2778 	}
2779 	;
2780 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2781 	{
2782 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2783 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784 			yyerror("expected yes or no.");
2785 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2786 			(strcmp($2, "yes")==0);
2787 		free($2);
2788 	}
2789 	;
2790 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2791 	{
2792 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2793 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2794 			yyerror("expected yes or no.");
2795 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2796 			(strcmp($2, "yes")==0);
2797 		free($2);
2798 	}
2799 	;
2800 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2801 	{
2802 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2803 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2804 			yyerror("expected yes or no.");
2805 		else cfg_parser->cfg->dnstap_log_client_query_messages =
2806 			(strcmp($2, "yes")==0);
2807 		free($2);
2808 	}
2809 	;
2810 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2811 	{
2812 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2813 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2814 			yyerror("expected yes or no.");
2815 		else cfg_parser->cfg->dnstap_log_client_response_messages =
2816 			(strcmp($2, "yes")==0);
2817 		free($2);
2818 	}
2819 	;
2820 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2821 	{
2822 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2823 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2824 			yyerror("expected yes or no.");
2825 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2826 			(strcmp($2, "yes")==0);
2827 		free($2);
2828 	}
2829 	;
2830 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2831 	{
2832 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2833 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2834 			yyerror("expected yes or no.");
2835 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2836 			(strcmp($2, "yes")==0);
2837 		free($2);
2838 	}
2839 	;
2840 pythonstart: VAR_PYTHON
2841 	{
2842 		OUTYY(("\nP(python:)\n"));
2843 	}
2844 	;
2845 contents_py: contents_py content_py
2846 	| ;
2847 content_py: py_script
2848 	;
2849 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2850 	{
2851 		OUTYY(("P(python-script:%s)\n", $2));
2852 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
2853 			yyerror("out of memory");
2854 	}
2855 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2856 	{
2857 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2858 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2859 			yyerror("expected yes or no.");
2860 		else cfg_parser->cfg->disable_dnssec_lame_check =
2861 			(strcmp($2, "yes")==0);
2862 		free($2);
2863 	}
2864 	;
2865 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2866 	{
2867 		OUTYY(("P(server_log_identity:%s)\n", $2));
2868 		free(cfg_parser->cfg->log_identity);
2869 		cfg_parser->cfg->log_identity = $2;
2870 	}
2871 	;
2872 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2873 	{
2874 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2875 		validate_respip_action($3);
2876 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2877 			$2, $3))
2878 			fatal_exit("out of memory adding response-ip");
2879 	}
2880 	;
2881 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2882 	{
2883 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
2884 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2885 			$2, $3))
2886 			fatal_exit("out of memory adding response-ip-data");
2887 	}
2888 	;
2889 dnscstart: VAR_DNSCRYPT
2890 	{
2891 		OUTYY(("\nP(dnscrypt:)\n"));
2892 	}
2893 	;
2894 contents_dnsc: contents_dnsc content_dnsc
2895 	| ;
2896 content_dnsc:
2897 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2898 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2899 	dnsc_dnscrypt_provider_cert_rotated |
2900 	dnsc_dnscrypt_shared_secret_cache_size |
2901 	dnsc_dnscrypt_shared_secret_cache_slabs |
2902 	dnsc_dnscrypt_nonce_cache_size |
2903 	dnsc_dnscrypt_nonce_cache_slabs
2904 	;
2905 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2906 	{
2907 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2908 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2909 			yyerror("expected yes or no.");
2910 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2911 		free($2);
2912 	}
2913 	;
2914 
2915 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2916 	{
2917 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2918 		if(atoi($2) == 0)
2919 			yyerror("port number expected");
2920 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
2921 		free($2);
2922 	}
2923 	;
2924 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2925 	{
2926 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2927 		free(cfg_parser->cfg->dnscrypt_provider);
2928 		cfg_parser->cfg->dnscrypt_provider = $2;
2929 	}
2930 	;
2931 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2932 	{
2933 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2934 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2935 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2936 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2937 			fatal_exit("out of memory adding dnscrypt-provider-cert");
2938 	}
2939 	;
2940 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2941 	{
2942 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2943 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2944 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2945 	}
2946 	;
2947 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2948 	{
2949 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2950 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2951 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2952 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2953 			fatal_exit("out of memory adding dnscrypt-secret-key");
2954 	}
2955 	;
2956 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2957   {
2958   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2959   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2960   		yyerror("memory size expected");
2961   	free($2);
2962   }
2963   ;
2964 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2965   {
2966   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2967   	if(atoi($2) == 0)
2968   		yyerror("number expected");
2969   	else {
2970   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2971   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2972   			yyerror("must be a power of 2");
2973   	}
2974   	free($2);
2975   }
2976   ;
2977 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2978   {
2979   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2980   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2981   		yyerror("memory size expected");
2982   	free($2);
2983   }
2984   ;
2985 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2986   {
2987   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2988   	if(atoi($2) == 0)
2989   		yyerror("number expected");
2990   	else {
2991   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2992   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2993   			yyerror("must be a power of 2");
2994   	}
2995   	free($2);
2996   }
2997   ;
2998 cachedbstart: VAR_CACHEDB
2999 	{
3000 		OUTYY(("\nP(cachedb:)\n"));
3001 	}
3002 	;
3003 contents_cachedb: contents_cachedb content_cachedb
3004 	| ;
3005 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3006 	redis_server_host | redis_server_port | redis_timeout
3007 	;
3008 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3009 	{
3010 	#ifdef USE_CACHEDB
3011 		OUTYY(("P(backend:%s)\n", $2));
3012 		free(cfg_parser->cfg->cachedb_backend);
3013 		cfg_parser->cfg->cachedb_backend = $2;
3014 	#else
3015 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3016 		free($2);
3017 	#endif
3018 	}
3019 	;
3020 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3021 	{
3022 	#ifdef USE_CACHEDB
3023 		OUTYY(("P(secret-seed:%s)\n", $2));
3024 		free(cfg_parser->cfg->cachedb_secret);
3025 		cfg_parser->cfg->cachedb_secret = $2;
3026 	#else
3027 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3028 		free($2);
3029 	#endif
3030 	}
3031 	;
3032 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3033 	{
3034 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3035 		OUTYY(("P(redis_server_host:%s)\n", $2));
3036 		free(cfg_parser->cfg->redis_server_host);
3037 		cfg_parser->cfg->redis_server_host = $2;
3038 	#else
3039 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3040 		free($2);
3041 	#endif
3042 	}
3043 	;
3044 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3045 	{
3046 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3047 		int port;
3048 		OUTYY(("P(redis_server_port:%s)\n", $2));
3049 		port = atoi($2);
3050 		if(port == 0 || port < 0 || port > 65535)
3051 			yyerror("valid redis server port number expected");
3052 		else cfg_parser->cfg->redis_server_port = port;
3053 	#else
3054 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3055 	#endif
3056 		free($2);
3057 	}
3058 	;
3059 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3060 	{
3061 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3062 		OUTYY(("P(redis_timeout:%s)\n", $2));
3063 		if(atoi($2) == 0)
3064 			yyerror("redis timeout value expected");
3065 		else cfg_parser->cfg->redis_timeout = atoi($2);
3066 	#else
3067 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3068 	#endif
3069 		free($2);
3070 	}
3071 	;
3072 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3073 	{
3074 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3075 		if (atoi($3) < 0)
3076 			yyerror("positive number expected");
3077 		else {
3078 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3079 				fatal_exit("out of memory adding tcp connection limit");
3080 		}
3081 	}
3082 	;
3083 	ipsetstart: VAR_IPSET
3084 		{
3085 			OUTYY(("\nP(ipset:)\n"));
3086 		}
3087 		;
3088 	contents_ipset: contents_ipset content_ipset
3089 		| ;
3090 	content_ipset: ipset_name_v4 | ipset_name_v6
3091 		;
3092 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3093 		{
3094 		#ifdef USE_IPSET
3095 			OUTYY(("P(name-v4:%s)\n", $2));
3096 			if(cfg_parser->cfg->ipset_name_v4)
3097 				yyerror("ipset name v4 override, there must be one "
3098 					"name for ip v4");
3099 			free(cfg_parser->cfg->ipset_name_v4);
3100 			cfg_parser->cfg->ipset_name_v4 = $2;
3101 		#else
3102 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3103 			free($2);
3104 		#endif
3105 		}
3106 	;
3107 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3108 	{
3109 		#ifdef USE_IPSET
3110 			OUTYY(("P(name-v6:%s)\n", $2));
3111 			if(cfg_parser->cfg->ipset_name_v6)
3112 				yyerror("ipset name v6 override, there must be one "
3113 					"name for ip v6");
3114 			free(cfg_parser->cfg->ipset_name_v6);
3115 			cfg_parser->cfg->ipset_name_v6 = $2;
3116 		#else
3117 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3118 			free($2);
3119 		#endif
3120 		}
3121 	;
3122 %%
3123 
3124 /* parse helper routines could be here */
3125 static void
3126 validate_respip_action(const char* action)
3127 {
3128 	if(strcmp(action, "deny")!=0 &&
3129 		strcmp(action, "redirect")!=0 &&
3130 		strcmp(action, "inform")!=0 &&
3131 		strcmp(action, "inform_deny")!=0 &&
3132 		strcmp(action, "always_transparent")!=0 &&
3133 		strcmp(action, "always_refuse")!=0 &&
3134 		strcmp(action, "always_nxdomain")!=0)
3135 	{
3136 		yyerror("response-ip action: expected deny, redirect, "
3137 			"inform, inform_deny, always_transparent, "
3138 			"always_refuse or always_nxdomain");
3139 	}
3140 }
3141 
3142 
3143