2 * configparser.y -- yacc grammar for unbound configuration files
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
8 * This software is open source.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
52 void ub_c_error(const char *message);
54 static void validate_respip_action(const char* action);
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
60 #define OUTYY(s) printf s /* used ONLY when debugging */
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_FORCE_TOPLEVEL
73 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
74 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
75 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
76 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
77 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
78 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
79 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
80 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
81 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
82 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
83 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
84 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
85 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
86 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
87 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
88 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
89 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
90 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
91 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
92 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
93 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
94 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
95 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
96 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
97 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
98 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
99 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
100 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
101 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
102 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
103 %token VAR_CONTROL_USE_CERT
104 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
105 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
106 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
107 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
108 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
109 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
110 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
111 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
112 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
113 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
114 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
115 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
116 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
117 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
118 %token VAR_INFRA_CACHE_MIN_RTT
119 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
120 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
121 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
122 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
123 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
124 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
125 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
126 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
127 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
128 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
129 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
130 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
131 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
132 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
134 %token VAR_DISABLE_DNSSEC_LAME_CHECK
135 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
136 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
137 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
138 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
139 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
140 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
141 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
142 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
143 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
144 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
145 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
146 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
147 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
148 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
149 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
150 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
151 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA
152 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
153 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
154 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
155 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
156 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
157 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
158 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
159 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
160 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
161 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
162 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
163 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
164 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
165 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
166 %token VAR_CACHEDB_REDISEXPIRERECORDS
167 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
168 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
169 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
170 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
171 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
172 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
173 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
174 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
175 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
176 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
177 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
178 %token VAR_DYNLIB VAR_DYNLIB_FILE
181 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
182 toplevelvar: serverstart contents_server | stubstart contents_stub |
183 forwardstart contents_forward | pythonstart contents_py |
184 rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
185 dnscstart contents_dnsc | cachedbstart contents_cachedb |
186 ipsetstart contents_ipset | authstart contents_auth |
187 rpzstart contents_rpz | dynlibstart contents_dl |
190 force_toplevel: VAR_FORCE_TOPLEVEL
192 OUTYY(("\nP(force-toplevel)\n"));
195 /* server: declaration */
196 serverstart: VAR_SERVER
198 OUTYY(("\nP(server:)\n"));
201 contents_server: contents_server content_server
203 content_server: server_num_threads | server_verbosity | server_port |
204 server_outgoing_range | server_do_ip4 |
205 server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
206 server_do_udp | server_do_tcp |
207 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
208 server_tcp_keepalive | server_tcp_keepalive_timeout |
209 server_interface | server_chroot | server_username |
210 server_directory | server_logfile | server_pidfile |
211 server_msg_cache_size | server_msg_cache_slabs |
212 server_num_queries_per_thread | server_rrset_cache_size |
213 server_rrset_cache_slabs | server_outgoing_num_tcp |
214 server_infra_host_ttl | server_infra_lame_ttl |
215 server_infra_cache_slabs | server_infra_cache_numhosts |
216 server_infra_cache_lame_size | server_target_fetch_policy |
217 server_harden_short_bufsize | server_harden_large_queries |
218 server_do_not_query_address | server_hide_identity |
219 server_hide_version | server_identity | server_version |
220 server_harden_glue | server_module_conf | server_trust_anchor_file |
221 server_trust_anchor | server_val_override_date | server_bogus_ttl |
222 server_val_clean_additional | server_val_permissive_mode |
223 server_incoming_num_tcp | server_msg_buffer_size |
224 server_key_cache_size | server_key_cache_slabs |
225 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
226 server_use_syslog | server_outgoing_interface | server_root_hints |
227 server_do_not_query_localhost | server_cache_max_ttl |
228 server_harden_dnssec_stripped | server_access_control |
229 server_local_zone | server_local_data | server_interface_automatic |
230 server_statistics_interval | server_do_daemonize |
231 server_use_caps_for_id | server_statistics_cumulative |
232 server_outgoing_port_permit | server_outgoing_port_avoid |
233 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
234 server_harden_referral_path | server_private_address |
235 server_private_domain | server_extended_statistics |
236 server_local_data_ptr | server_jostle_timeout |
237 server_unwanted_reply_threshold | server_log_time_ascii |
238 server_domain_insecure | server_val_sig_skew_min |
239 server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
240 server_auto_trust_anchor_file | server_add_holddown |
241 server_del_holddown | server_keep_missing | server_so_rcvbuf |
242 server_edns_buffer_size | server_prefetch | server_prefetch_key |
243 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
244 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
245 server_log_local_actions |
246 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
247 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
248 server_so_reuseport | server_delay_close |
249 server_unblock_lan_zones | server_insecure_lan_zones |
250 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
251 server_infra_cache_min_rtt | server_harden_algo_downgrade |
252 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
254 server_ip_ratelimit_slabs | server_ratelimit_slabs |
255 server_ip_ratelimit_size | server_ratelimit_size |
256 server_ratelimit_for_domain |
257 server_ratelimit_below_domain | server_ratelimit_factor |
258 server_ip_ratelimit_factor | server_send_client_subnet |
259 server_client_subnet_zone | server_client_subnet_always_forward |
260 server_client_subnet_opcode |
261 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
262 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
263 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
264 server_caps_whitelist | server_cache_max_negative_ttl |
265 server_permit_small_holddown | server_qname_minimisation |
266 server_ip_freebind | server_define_tag | server_local_zone_tag |
267 server_disable_dnssec_lame_check | server_access_control_tag |
268 server_local_zone_override | server_access_control_tag_action |
269 server_access_control_tag_data | server_access_control_view |
270 server_qname_minimisation_strict | server_serve_expired |
271 server_serve_expired_ttl | server_serve_expired_ttl_reset |
272 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
273 server_fake_dsa | server_log_identity | server_use_systemd |
274 server_response_ip_tag | server_response_ip | server_response_ip_data |
275 server_shm_enable | server_shm_key | server_fake_sha1 |
276 server_hide_trustanchor | server_trust_anchor_signaling |
277 server_root_key_sentinel |
278 server_ipsecmod_enabled | server_ipsecmod_hook |
279 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
280 server_ipsecmod_whitelist | server_ipsecmod_strict |
281 server_udp_upstream_without_downstream | server_aggressive_nsec |
282 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
283 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
284 server_tcp_connection_limit | server_log_servfail | server_deny_any |
285 server_unknown_server_time_limit | server_log_tag_queryreply |
286 server_stream_wait_size | server_tls_ciphers |
287 server_tls_ciphersuites | server_tls_session_ticket_keys |
290 stubstart: VAR_STUB_ZONE
292 struct config_stub* s;
293 OUTYY(("\nP(stub_zone:)\n"));
294 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
296 s->next = cfg_parser->cfg->stubs;
297 cfg_parser->cfg->stubs = s;
299 yyerror("out of memory");
302 contents_stub: contents_stub content_stub
304 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
305 stub_no_cache | stub_ssl_upstream
307 forwardstart: VAR_FORWARD_ZONE
309 struct config_stub* s;
310 OUTYY(("\nP(forward_zone:)\n"));
311 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
313 s->next = cfg_parser->cfg->forwards;
314 cfg_parser->cfg->forwards = s;
316 yyerror("out of memory");
319 contents_forward: contents_forward content_forward
321 content_forward: forward_name | forward_host | forward_addr | forward_first |
322 forward_no_cache | forward_ssl_upstream
326 struct config_view* s;
327 OUTYY(("\nP(view:)\n"));
328 s = (struct config_view*)calloc(1, sizeof(struct config_view));
330 s->next = cfg_parser->cfg->views;
331 if(s->next && !s->next->name)
332 yyerror("view without name");
333 cfg_parser->cfg->views = s;
335 yyerror("out of memory");
338 contents_view: contents_view content_view
340 content_view: view_name | view_local_zone | view_local_data | view_first |
341 view_response_ip | view_response_ip_data | view_local_data_ptr
343 authstart: VAR_AUTH_ZONE
345 struct config_auth* s;
346 OUTYY(("\nP(auth_zone:)\n"));
347 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
349 s->next = cfg_parser->cfg->auths;
350 cfg_parser->cfg->auths = s;
351 /* defaults for auth zone */
352 s->for_downstream = 1;
354 s->fallback_enabled = 0;
357 yyerror("out of memory");
360 contents_auth: contents_auth content_auth
362 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
363 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
367 rpz_tag: VAR_TAGS STRING_ARG
371 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
372 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
376 yyerror("could not parse tags, (define-tag them first)");
379 cfg_parser->cfg->auths->rpz_taglist = bitlist;
380 cfg_parser->cfg->auths->rpz_taglistlen = len;
386 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
388 OUTYY(("P(rpz_action_override:%s)\n", $2));
389 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
390 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
391 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
392 yyerror("rpz-action-override action: expected nxdomain, "
393 "nodata, passthru, drop, cname or disabled");
395 cfg_parser->cfg->auths->rpz_action_override = NULL;
398 cfg_parser->cfg->auths->rpz_action_override = $2;
403 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
405 OUTYY(("P(rpz_cname_override:%s)\n", $2));
406 free(cfg_parser->cfg->auths->rpz_cname);
407 cfg_parser->cfg->auths->rpz_cname = $2;
411 rpz_log: VAR_RPZ_LOG STRING_ARG
413 OUTYY(("P(rpz_log:%s)\n", $2));
414 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
415 yyerror("expected yes or no.");
416 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
421 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
423 OUTYY(("P(rpz_log_name:%s)\n", $2));
424 free(cfg_parser->cfg->auths->rpz_log_name);
425 cfg_parser->cfg->auths->rpz_log_name = $2;
431 struct config_auth* s;
432 OUTYY(("\nP(rpz:)\n"));
433 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
435 s->next = cfg_parser->cfg->auths;
436 cfg_parser->cfg->auths = s;
437 /* defaults for RPZ auth zone */
438 s->for_downstream = 0;
440 s->fallback_enabled = 0;
443 yyerror("out of memory");
446 contents_rpz: contents_rpz content_rpz
448 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
449 auth_allow_notify | rpz_action_override | rpz_cname_override |
450 rpz_log | rpz_log_name
452 server_num_threads: VAR_NUM_THREADS STRING_ARG
454 OUTYY(("P(server_num_threads:%s)\n", $2));
455 if(atoi($2) == 0 && strcmp($2, "0") != 0)
456 yyerror("number expected");
457 else cfg_parser->cfg->num_threads = atoi($2);
461 server_verbosity: VAR_VERBOSITY STRING_ARG
463 OUTYY(("P(server_verbosity:%s)\n", $2));
464 if(atoi($2) == 0 && strcmp($2, "0") != 0)
465 yyerror("number expected");
466 else cfg_parser->cfg->verbosity = atoi($2);
470 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
472 OUTYY(("P(server_statistics_interval:%s)\n", $2));
473 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
474 cfg_parser->cfg->stat_interval = 0;
475 else if(atoi($2) == 0)
476 yyerror("number expected");
477 else cfg_parser->cfg->stat_interval = atoi($2);
481 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
483 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
484 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
485 yyerror("expected yes or no.");
486 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
490 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
492 OUTYY(("P(server_extended_statistics:%s)\n", $2));
493 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
494 yyerror("expected yes or no.");
495 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
499 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
501 OUTYY(("P(server_shm_enable:%s)\n", $2));
502 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
503 yyerror("expected yes or no.");
504 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
508 server_shm_key: VAR_SHM_KEY STRING_ARG
510 OUTYY(("P(server_shm_key:%s)\n", $2));
511 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
512 cfg_parser->cfg->shm_key = 0;
513 else if(atoi($2) == 0)
514 yyerror("number expected");
515 else cfg_parser->cfg->shm_key = atoi($2);
519 server_port: VAR_PORT STRING_ARG
521 OUTYY(("P(server_port:%s)\n", $2));
523 yyerror("port number expected");
524 else cfg_parser->cfg->port = atoi($2);
528 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
531 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
532 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
533 fatal_exit("out of memory adding client-subnet");
535 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
540 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
543 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
544 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
546 fatal_exit("out of memory adding client-subnet-zone");
548 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
553 server_client_subnet_always_forward:
554 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
557 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
558 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
559 yyerror("expected yes or no.");
561 cfg_parser->cfg->client_subnet_always_forward =
562 (strcmp($2, "yes")==0);
564 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
569 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
572 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
573 OUTYY(("P(Deprecated option, ignoring)\n"));
575 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
580 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
583 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
584 if(atoi($2) == 0 && strcmp($2, "0") != 0)
585 yyerror("IPv4 subnet length expected");
586 else if (atoi($2) > 32)
587 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
588 else if (atoi($2) < 0)
589 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
590 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
592 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
597 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
600 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
601 if(atoi($2) == 0 && strcmp($2, "0") != 0)
602 yyerror("Ipv6 subnet length expected");
603 else if (atoi($2) > 128)
604 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
605 else if (atoi($2) < 0)
606 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
607 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
609 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
614 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
617 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
618 if(atoi($2) == 0 && strcmp($2, "0") != 0)
619 yyerror("IPv4 subnet length expected");
620 else if (atoi($2) > 32)
621 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
622 else if (atoi($2) < 0)
623 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
624 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
626 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
631 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
634 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
635 if(atoi($2) == 0 && strcmp($2, "0") != 0)
636 yyerror("Ipv6 subnet length expected");
637 else if (atoi($2) > 128)
638 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
639 else if (atoi($2) < 0)
640 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
641 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
643 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
648 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
651 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
652 if(atoi($2) == 0 && strcmp($2, "0") != 0)
653 yyerror("IPv4 ECS tree size expected");
654 else if (atoi($2) < 0)
655 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
656 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
658 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
663 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
666 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
667 if(atoi($2) == 0 && strcmp($2, "0") != 0)
668 yyerror("IPv6 ECS tree size expected");
669 else if (atoi($2) < 0)
670 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
671 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
673 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
678 server_interface: VAR_INTERFACE STRING_ARG
680 OUTYY(("P(server_interface:%s)\n", $2));
681 if(cfg_parser->cfg->num_ifs == 0)
682 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
683 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
684 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
685 if(!cfg_parser->cfg->ifs)
686 yyerror("out of memory");
688 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
691 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
693 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
694 if(cfg_parser->cfg->num_out_ifs == 0)
695 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
696 else cfg_parser->cfg->out_ifs = realloc(
697 cfg_parser->cfg->out_ifs,
698 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
699 if(!cfg_parser->cfg->out_ifs)
700 yyerror("out of memory");
702 cfg_parser->cfg->out_ifs[
703 cfg_parser->cfg->num_out_ifs++] = $2;
706 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
708 OUTYY(("P(server_outgoing_range:%s)\n", $2));
710 yyerror("number expected");
711 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
715 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
717 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
718 if(!cfg_mark_ports($2, 1,
719 cfg_parser->cfg->outgoing_avail_ports, 65536))
720 yyerror("port number or range (\"low-high\") expected");
724 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
726 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
727 if(!cfg_mark_ports($2, 0,
728 cfg_parser->cfg->outgoing_avail_ports, 65536))
729 yyerror("port number or range (\"low-high\") expected");
733 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
735 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
736 if(atoi($2) == 0 && strcmp($2, "0") != 0)
737 yyerror("number expected");
738 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
742 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
744 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
745 if(atoi($2) == 0 && strcmp($2, "0") != 0)
746 yyerror("number expected");
747 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
751 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
753 OUTYY(("P(server_interface_automatic:%s)\n", $2));
754 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
755 yyerror("expected yes or no.");
756 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
760 server_do_ip4: VAR_DO_IP4 STRING_ARG
762 OUTYY(("P(server_do_ip4:%s)\n", $2));
763 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
764 yyerror("expected yes or no.");
765 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
769 server_do_ip6: VAR_DO_IP6 STRING_ARG
771 OUTYY(("P(server_do_ip6:%s)\n", $2));
772 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
773 yyerror("expected yes or no.");
774 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
778 server_do_udp: VAR_DO_UDP STRING_ARG
780 OUTYY(("P(server_do_udp:%s)\n", $2));
781 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
782 yyerror("expected yes or no.");
783 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
787 server_do_tcp: VAR_DO_TCP STRING_ARG
789 OUTYY(("P(server_do_tcp:%s)\n", $2));
790 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
791 yyerror("expected yes or no.");
792 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
796 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
798 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
799 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
800 yyerror("expected yes or no.");
801 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
805 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
807 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
808 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
809 yyerror("expected yes or no.");
810 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
814 server_tcp_mss: VAR_TCP_MSS STRING_ARG
816 OUTYY(("P(server_tcp_mss:%s)\n", $2));
817 if(atoi($2) == 0 && strcmp($2, "0") != 0)
818 yyerror("number expected");
819 else cfg_parser->cfg->tcp_mss = atoi($2);
823 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
825 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
826 if(atoi($2) == 0 && strcmp($2, "0") != 0)
827 yyerror("number expected");
828 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
832 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
834 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
835 if(atoi($2) == 0 && strcmp($2, "0") != 0)
836 yyerror("number expected");
837 else if (atoi($2) > 120000)
838 cfg_parser->cfg->tcp_idle_timeout = 120000;
839 else if (atoi($2) < 1)
840 cfg_parser->cfg->tcp_idle_timeout = 1;
841 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
845 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
847 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
848 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849 yyerror("expected yes or no.");
850 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
854 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
856 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
857 if(atoi($2) == 0 && strcmp($2, "0") != 0)
858 yyerror("number expected");
859 else if (atoi($2) > 6553500)
860 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
861 else if (atoi($2) < 1)
862 cfg_parser->cfg->tcp_keepalive_timeout = 0;
863 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
867 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
869 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
870 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
871 yyerror("expected yes or no.");
872 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
876 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
878 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
879 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
880 yyerror("expected yes or no.");
881 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
885 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
887 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
888 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
889 yyerror("expected yes or no.");
890 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
894 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
896 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
897 free(cfg_parser->cfg->ssl_service_key);
898 cfg_parser->cfg->ssl_service_key = $2;
901 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
903 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
904 free(cfg_parser->cfg->ssl_service_pem);
905 cfg_parser->cfg->ssl_service_pem = $2;
908 server_ssl_port: VAR_SSL_PORT STRING_ARG
910 OUTYY(("P(server_ssl_port:%s)\n", $2));
912 yyerror("port number expected");
913 else cfg_parser->cfg->ssl_port = atoi($2);
917 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
919 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
920 free(cfg_parser->cfg->tls_cert_bundle);
921 cfg_parser->cfg->tls_cert_bundle = $2;
924 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
926 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
927 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
928 yyerror("expected yes or no.");
929 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
933 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
935 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
936 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
938 yyerror("out of memory");
941 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
943 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
944 free(cfg_parser->cfg->tls_ciphers);
945 cfg_parser->cfg->tls_ciphers = $2;
948 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
950 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
951 free(cfg_parser->cfg->tls_ciphersuites);
952 cfg_parser->cfg->tls_ciphersuites = $2;
955 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
957 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
958 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
960 yyerror("out of memory");
963 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
965 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
966 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
967 yyerror("expected yes or no.");
968 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
972 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
974 OUTYY(("P(server_use_systemd:%s)\n", $2));
975 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
976 yyerror("expected yes or no.");
977 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
981 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
983 OUTYY(("P(server_do_daemonize:%s)\n", $2));
984 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
985 yyerror("expected yes or no.");
986 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
990 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
992 OUTYY(("P(server_use_syslog:%s)\n", $2));
993 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
994 yyerror("expected yes or no.");
995 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
996 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
997 if(strcmp($2, "yes") == 0)
998 yyerror("no syslog services are available. "
999 "(reconfigure and compile to add)");
1004 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1006 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1007 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1008 yyerror("expected yes or no.");
1009 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1013 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1015 OUTYY(("P(server_log_queries:%s)\n", $2));
1016 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1017 yyerror("expected yes or no.");
1018 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1022 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1024 OUTYY(("P(server_log_replies:%s)\n", $2));
1025 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1026 yyerror("expected yes or no.");
1027 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1031 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1033 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1034 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1035 yyerror("expected yes or no.");
1036 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1040 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1042 OUTYY(("P(server_log_servfail:%s)\n", $2));
1043 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1044 yyerror("expected yes or no.");
1045 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1049 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1051 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1052 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1053 yyerror("expected yes or no.");
1054 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1058 server_chroot: VAR_CHROOT STRING_ARG
1060 OUTYY(("P(server_chroot:%s)\n", $2));
1061 free(cfg_parser->cfg->chrootdir);
1062 cfg_parser->cfg->chrootdir = $2;
1065 server_username: VAR_USERNAME STRING_ARG
1067 OUTYY(("P(server_username:%s)\n", $2));
1068 free(cfg_parser->cfg->username);
1069 cfg_parser->cfg->username = $2;
1072 server_directory: VAR_DIRECTORY STRING_ARG
1074 OUTYY(("P(server_directory:%s)\n", $2));
1075 free(cfg_parser->cfg->directory);
1076 cfg_parser->cfg->directory = $2;
1077 /* change there right away for includes relative to this */
1080 #ifdef UB_ON_WINDOWS
1081 w_config_adjust_directory(cfg_parser->cfg);
1083 d = cfg_parser->cfg->directory;
1084 /* adjust directory if we have already chroot,
1085 * like, we reread after sighup */
1086 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1087 strncmp(d, cfg_parser->chroot, strlen(
1088 cfg_parser->chroot)) == 0)
1089 d += strlen(cfg_parser->chroot);
1092 log_err("cannot chdir to directory: %s (%s)",
1093 d, strerror(errno));
1098 server_logfile: VAR_LOGFILE STRING_ARG
1100 OUTYY(("P(server_logfile:%s)\n", $2));
1101 free(cfg_parser->cfg->logfile);
1102 cfg_parser->cfg->logfile = $2;
1103 cfg_parser->cfg->use_syslog = 0;
1106 server_pidfile: VAR_PIDFILE STRING_ARG
1108 OUTYY(("P(server_pidfile:%s)\n", $2));
1109 free(cfg_parser->cfg->pidfile);
1110 cfg_parser->cfg->pidfile = $2;
1113 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1115 OUTYY(("P(server_root_hints:%s)\n", $2));
1116 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1117 yyerror("out of memory");
1120 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1122 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1123 free(cfg_parser->cfg->dlv_anchor_file);
1124 cfg_parser->cfg->dlv_anchor_file = $2;
1127 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1129 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1130 if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
1131 yyerror("out of memory");
1134 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1136 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1137 if(!cfg_strlist_insert(&cfg_parser->cfg->
1138 auto_trust_anchor_file_list, $2))
1139 yyerror("out of memory");
1142 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1144 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1145 if(!cfg_strlist_insert(&cfg_parser->cfg->
1146 trust_anchor_file_list, $2))
1147 yyerror("out of memory");
1150 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1152 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1153 if(!cfg_strlist_insert(&cfg_parser->cfg->
1154 trusted_keys_file_list, $2))
1155 yyerror("out of memory");
1158 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1160 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1161 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1162 yyerror("out of memory");
1165 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1167 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1168 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1169 yyerror("expected yes or no.");
1171 cfg_parser->cfg->trust_anchor_signaling =
1172 (strcmp($2, "yes")==0);
1176 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1178 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1179 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180 yyerror("expected yes or no.");
1182 cfg_parser->cfg->root_key_sentinel =
1183 (strcmp($2, "yes")==0);
1187 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1189 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1190 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1191 yyerror("out of memory");
1194 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1196 OUTYY(("P(server_hide_identity:%s)\n", $2));
1197 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1198 yyerror("expected yes or no.");
1199 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1203 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1205 OUTYY(("P(server_hide_version:%s)\n", $2));
1206 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1207 yyerror("expected yes or no.");
1208 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1212 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1214 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1215 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1216 yyerror("expected yes or no.");
1217 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1221 server_identity: VAR_IDENTITY STRING_ARG
1223 OUTYY(("P(server_identity:%s)\n", $2));
1224 free(cfg_parser->cfg->identity);
1225 cfg_parser->cfg->identity = $2;
1228 server_version: VAR_VERSION STRING_ARG
1230 OUTYY(("P(server_version:%s)\n", $2));
1231 free(cfg_parser->cfg->version);
1232 cfg_parser->cfg->version = $2;
1235 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1237 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1238 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1239 yyerror("buffer size expected");
1243 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1245 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1246 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1247 yyerror("buffer size expected");
1251 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1253 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1254 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1255 yyerror("expected yes or no.");
1256 else cfg_parser->cfg->so_reuseport =
1257 (strcmp($2, "yes")==0);
1261 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1263 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1264 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1265 yyerror("expected yes or no.");
1266 else cfg_parser->cfg->ip_transparent =
1267 (strcmp($2, "yes")==0);
1271 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1273 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1274 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1275 yyerror("expected yes or no.");
1276 else cfg_parser->cfg->ip_freebind =
1277 (strcmp($2, "yes")==0);
1281 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1283 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1284 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1285 yyerror("number expected");
1286 else if (atoi($2) > 63)
1287 yyerror("value too large (max 63)");
1288 else if (atoi($2) < 0)
1289 yyerror("value too small (min 0)");
1291 cfg_parser->cfg->ip_dscp = atoi($2);
1295 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1297 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1298 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1299 yyerror("memory size expected");
1303 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1305 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1307 yyerror("number expected");
1308 else if (atoi($2) < 12)
1309 yyerror("edns buffer size too small");
1310 else if (atoi($2) > 65535)
1311 cfg_parser->cfg->edns_buffer_size = 65535;
1312 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1316 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1318 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1320 yyerror("number expected");
1321 else if (atoi($2) < 4096)
1322 yyerror("message buffer size too small (use 4096)");
1323 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1327 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1329 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1330 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1331 yyerror("memory size expected");
1335 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1337 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1339 yyerror("number expected");
1341 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1342 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1343 yyerror("must be a power of 2");
1348 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1350 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1352 yyerror("number expected");
1353 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1357 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1359 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1360 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1361 yyerror("number expected");
1362 else cfg_parser->cfg->jostle_time = atoi($2);
1366 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1368 OUTYY(("P(server_delay_close:%s)\n", $2));
1369 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1370 yyerror("number expected");
1371 else cfg_parser->cfg->delay_close = atoi($2);
1375 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1377 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1378 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1379 yyerror("expected yes or no.");
1380 else cfg_parser->cfg->unblock_lan_zones =
1381 (strcmp($2, "yes")==0);
1385 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1387 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1388 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1389 yyerror("expected yes or no.");
1390 else cfg_parser->cfg->insecure_lan_zones =
1391 (strcmp($2, "yes")==0);
1395 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1397 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1398 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1399 yyerror("memory size expected");
1403 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1405 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1407 yyerror("number expected");
1409 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1410 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1411 yyerror("must be a power of 2");
1416 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1418 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1419 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1420 yyerror("number expected");
1421 else cfg_parser->cfg->host_ttl = atoi($2);
1425 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1427 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1428 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1429 "removed, use infra-host-ttl)", $2);
1433 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1435 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1437 yyerror("number expected");
1438 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1442 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1444 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1445 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1446 "(option removed, use infra-cache-numhosts)", $2);
1450 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1452 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1454 yyerror("number expected");
1456 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1457 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1458 yyerror("must be a power of 2");
1463 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1465 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1466 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1467 yyerror("number expected");
1468 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1472 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1474 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1475 free(cfg_parser->cfg->target_fetch_policy);
1476 cfg_parser->cfg->target_fetch_policy = $2;
1479 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1481 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1482 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1483 yyerror("expected yes or no.");
1484 else cfg_parser->cfg->harden_short_bufsize =
1485 (strcmp($2, "yes")==0);
1489 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1491 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1492 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1493 yyerror("expected yes or no.");
1494 else cfg_parser->cfg->harden_large_queries =
1495 (strcmp($2, "yes")==0);
1499 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1501 OUTYY(("P(server_harden_glue:%s)\n", $2));
1502 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1503 yyerror("expected yes or no.");
1504 else cfg_parser->cfg->harden_glue =
1505 (strcmp($2, "yes")==0);
1509 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1511 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1512 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1513 yyerror("expected yes or no.");
1514 else cfg_parser->cfg->harden_dnssec_stripped =
1515 (strcmp($2, "yes")==0);
1519 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1521 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1522 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1523 yyerror("expected yes or no.");
1524 else cfg_parser->cfg->harden_below_nxdomain =
1525 (strcmp($2, "yes")==0);
1529 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1531 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1532 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1533 yyerror("expected yes or no.");
1534 else cfg_parser->cfg->harden_referral_path =
1535 (strcmp($2, "yes")==0);
1539 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1541 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1542 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1543 yyerror("expected yes or no.");
1544 else cfg_parser->cfg->harden_algo_downgrade =
1545 (strcmp($2, "yes")==0);
1549 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1551 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1552 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1553 yyerror("expected yes or no.");
1554 else cfg_parser->cfg->use_caps_bits_for_id =
1555 (strcmp($2, "yes")==0);
1559 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1561 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1562 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1563 yyerror("out of memory");
1566 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1568 OUTYY(("P(server_private_address:%s)\n", $2));
1569 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1570 yyerror("out of memory");
1573 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1575 OUTYY(("P(server_private_domain:%s)\n", $2));
1576 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1577 yyerror("out of memory");
1580 server_prefetch: VAR_PREFETCH STRING_ARG
1582 OUTYY(("P(server_prefetch:%s)\n", $2));
1583 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1584 yyerror("expected yes or no.");
1585 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1589 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1591 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1592 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1593 yyerror("expected yes or no.");
1594 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1598 server_deny_any: VAR_DENY_ANY STRING_ARG
1600 OUTYY(("P(server_deny_any:%s)\n", $2));
1601 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1602 yyerror("expected yes or no.");
1603 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1607 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1609 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1610 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1611 yyerror("number expected");
1612 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1616 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1618 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1619 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1620 yyerror("out of memory");
1623 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1625 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1626 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1627 yyerror("expected yes or no.");
1628 else cfg_parser->cfg->donotquery_localhost =
1629 (strcmp($2, "yes")==0);
1633 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1635 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1636 if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1637 strcmp($3, "deny_non_local")!=0 &&
1638 strcmp($3, "refuse_non_local")!=0 &&
1639 strcmp($3, "allow_setrd")!=0 &&
1640 strcmp($3, "allow")!=0 &&
1641 strcmp($3, "allow_snoop")!=0) {
1642 yyerror("expected deny, refuse, deny_non_local, "
1643 "refuse_non_local, allow, allow_setrd or "
1644 "allow_snoop in access control action");
1648 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1649 fatal_exit("out of memory adding acl");
1653 server_module_conf: VAR_MODULE_CONF STRING_ARG
1655 OUTYY(("P(server_module_conf:%s)\n", $2));
1656 free(cfg_parser->cfg->module_conf);
1657 cfg_parser->cfg->module_conf = $2;
1660 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1662 OUTYY(("P(server_val_override_date:%s)\n", $2));
1663 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1664 cfg_parser->cfg->val_date_override = 0;
1665 } else if(strlen($2) == 14) {
1666 cfg_parser->cfg->val_date_override =
1667 cfg_convert_timeval($2);
1668 if(!cfg_parser->cfg->val_date_override)
1669 yyerror("bad date/time specification");
1672 yyerror("number expected");
1673 cfg_parser->cfg->val_date_override = atoi($2);
1678 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1680 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1681 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1682 cfg_parser->cfg->val_sig_skew_min = 0;
1684 cfg_parser->cfg->val_sig_skew_min = atoi($2);
1685 if(!cfg_parser->cfg->val_sig_skew_min)
1686 yyerror("number expected");
1691 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1693 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1694 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1695 cfg_parser->cfg->val_sig_skew_max = 0;
1697 cfg_parser->cfg->val_sig_skew_max = atoi($2);
1698 if(!cfg_parser->cfg->val_sig_skew_max)
1699 yyerror("number expected");
1704 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1706 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1707 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1708 yyerror("number expected");
1709 else cfg_parser->cfg->max_ttl = atoi($2);
1713 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1715 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1716 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1717 yyerror("number expected");
1718 else cfg_parser->cfg->max_negative_ttl = atoi($2);
1722 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1724 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1725 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1726 yyerror("number expected");
1727 else cfg_parser->cfg->min_ttl = atoi($2);
1731 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1733 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1734 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1735 yyerror("number expected");
1736 else cfg_parser->cfg->bogus_ttl = atoi($2);
1740 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1742 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1743 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1744 yyerror("expected yes or no.");
1745 else cfg_parser->cfg->val_clean_additional =
1746 (strcmp($2, "yes")==0);
1750 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1752 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1753 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1754 yyerror("expected yes or no.");
1755 else cfg_parser->cfg->val_permissive_mode =
1756 (strcmp($2, "yes")==0);
1760 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1762 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1763 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1764 yyerror("expected yes or no.");
1766 cfg_parser->cfg->aggressive_nsec =
1767 (strcmp($2, "yes")==0);
1771 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1773 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1774 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1775 yyerror("expected yes or no.");
1776 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1780 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1782 OUTYY(("P(server_serve_expired:%s)\n", $2));
1783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1784 yyerror("expected yes or no.");
1785 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1789 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1791 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1792 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1793 yyerror("number expected");
1794 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1798 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1800 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1801 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1802 yyerror("expected yes or no.");
1803 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1807 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
1809 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
1810 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1811 yyerror("number expected");
1812 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
1816 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
1818 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
1819 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1820 yyerror("number expected");
1821 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
1825 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1827 OUTYY(("P(server_fake_dsa:%s)\n", $2));
1828 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1829 yyerror("expected yes or no.");
1830 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1831 else fake_dsa = (strcmp($2, "yes")==0);
1833 log_warn("test option fake_dsa is enabled");
1838 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1840 OUTYY(("P(server_fake_sha1:%s)\n", $2));
1841 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1842 yyerror("expected yes or no.");
1843 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1844 else fake_sha1 = (strcmp($2, "yes")==0);
1846 log_warn("test option fake_sha1 is enabled");
1851 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1853 OUTYY(("P(server_val_log_level:%s)\n", $2));
1854 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1855 yyerror("number expected");
1856 else cfg_parser->cfg->val_log_level = atoi($2);
1860 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1862 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1863 free(cfg_parser->cfg->val_nsec3_key_iterations);
1864 cfg_parser->cfg->val_nsec3_key_iterations = $2;
1867 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1869 OUTYY(("P(server_add_holddown:%s)\n", $2));
1870 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1871 yyerror("number expected");
1872 else cfg_parser->cfg->add_holddown = atoi($2);
1876 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1878 OUTYY(("P(server_del_holddown:%s)\n", $2));
1879 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1880 yyerror("number expected");
1881 else cfg_parser->cfg->del_holddown = atoi($2);
1885 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1887 OUTYY(("P(server_keep_missing:%s)\n", $2));
1888 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1889 yyerror("number expected");
1890 else cfg_parser->cfg->keep_missing = atoi($2);
1894 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1896 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1897 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1898 yyerror("expected yes or no.");
1899 else cfg_parser->cfg->permit_small_holddown =
1900 (strcmp($2, "yes")==0);
1903 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1905 OUTYY(("P(server_key_cache_size:%s)\n", $2));
1906 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1907 yyerror("memory size expected");
1911 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1913 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1915 yyerror("number expected");
1917 cfg_parser->cfg->key_cache_slabs = atoi($2);
1918 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1919 yyerror("must be a power of 2");
1924 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1926 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1927 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1928 yyerror("memory size expected");
1932 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1934 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1935 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1936 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1937 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1938 && strcmp($3, "typetransparent")!=0
1939 && strcmp($3, "always_transparent")!=0
1940 && strcmp($3, "always_refuse")!=0
1941 && strcmp($3, "always_nxdomain")!=0
1942 && strcmp($3, "noview")!=0
1943 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
1944 && strcmp($3, "inform_redirect") != 0
1945 && strcmp($3, "ipset") != 0) {
1946 yyerror("local-zone type: expected static, deny, "
1947 "refuse, redirect, transparent, "
1948 "typetransparent, inform, inform_deny, "
1949 "inform_redirect, always_transparent, "
1950 "always_refuse, always_nxdomain, noview "
1951 ", nodefault or ipset");
1954 } else if(strcmp($3, "nodefault")==0) {
1955 if(!cfg_strlist_insert(&cfg_parser->cfg->
1956 local_zones_nodefault, $2))
1957 fatal_exit("out of memory adding local-zone");
1960 } else if(strcmp($3, "ipset")==0) {
1961 if(!cfg_strlist_insert(&cfg_parser->cfg->
1962 local_zones_ipset, $2))
1963 fatal_exit("out of memory adding local-zone");
1967 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1969 fatal_exit("out of memory adding local-zone");
1973 server_local_data: VAR_LOCAL_DATA STRING_ARG
1975 OUTYY(("P(server_local_data:%s)\n", $2));
1976 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1977 fatal_exit("out of memory adding local-data");
1980 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1983 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1984 ptr = cfg_ptr_reverse($2);
1987 if(!cfg_strlist_insert(&cfg_parser->cfg->
1989 fatal_exit("out of memory adding local-data");
1991 yyerror("local-data-ptr could not be reversed");
1995 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1997 OUTYY(("P(server_minimal_responses:%s)\n", $2));
1998 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1999 yyerror("expected yes or no.");
2000 else cfg_parser->cfg->minimal_responses =
2001 (strcmp($2, "yes")==0);
2005 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2007 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2008 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2009 yyerror("expected yes or no.");
2010 else cfg_parser->cfg->rrset_roundrobin =
2011 (strcmp($2, "yes")==0);
2015 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2017 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2018 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2022 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2024 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2025 cfg_parser->cfg->max_udp_size = atoi($2);
2029 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2031 OUTYY(("P(dns64_prefix:%s)\n", $2));
2032 free(cfg_parser->cfg->dns64_prefix);
2033 cfg_parser->cfg->dns64_prefix = $2;
2036 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2038 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2039 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2040 yyerror("expected yes or no.");
2041 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2045 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2047 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2048 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2050 fatal_exit("out of memory adding dns64-ignore-aaaa");
2053 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2056 OUTYY(("P(server_define_tag:%s)\n", $2));
2057 while((p=strsep(&s, " \t\n")) != NULL) {
2059 if(!config_add_tag(cfg_parser->cfg, p))
2060 yyerror("could not define-tag, "
2067 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2070 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2073 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2075 yyerror("could not parse tags, (define-tag them first)");
2079 if(!cfg_strbytelist_insert(
2080 &cfg_parser->cfg->local_zone_tags,
2081 $2, bitlist, len)) {
2082 yyerror("out of memory");
2088 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2091 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2094 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2096 yyerror("could not parse tags, (define-tag them first)");
2100 if(!cfg_strbytelist_insert(
2101 &cfg_parser->cfg->acl_tags,
2102 $2, bitlist, len)) {
2103 yyerror("out of memory");
2109 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2111 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2112 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2114 yyerror("out of memory");
2121 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2123 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2124 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2126 yyerror("out of memory");
2133 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2135 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2136 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2138 yyerror("out of memory");
2145 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2147 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2148 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2150 yyerror("out of memory");
2154 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2157 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2160 OUTYY(("P(response_ip_tag:%s)\n", $2));
2162 yyerror("could not parse tags, (define-tag them first)");
2166 if(!cfg_strbytelist_insert(
2167 &cfg_parser->cfg->respip_tags,
2168 $2, bitlist, len)) {
2169 yyerror("out of memory");
2175 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2177 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2178 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2179 yyerror("number expected");
2180 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2185 server_ratelimit: VAR_RATELIMIT STRING_ARG
2187 OUTYY(("P(server_ratelimit:%s)\n", $2));
2188 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2189 yyerror("number expected");
2190 else cfg_parser->cfg->ratelimit = atoi($2);
2194 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2196 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2197 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2198 yyerror("memory size expected");
2202 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2204 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2205 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2206 yyerror("memory size expected");
2210 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2212 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2214 yyerror("number expected");
2216 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2217 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2218 yyerror("must be a power of 2");
2223 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2225 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2227 yyerror("number expected");
2229 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2230 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2231 yyerror("must be a power of 2");
2236 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2238 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2239 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2240 yyerror("number expected");
2244 if(!cfg_str2list_insert(&cfg_parser->cfg->
2245 ratelimit_for_domain, $2, $3))
2246 fatal_exit("out of memory adding "
2247 "ratelimit-for-domain");
2251 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2253 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2254 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2255 yyerror("number expected");
2259 if(!cfg_str2list_insert(&cfg_parser->cfg->
2260 ratelimit_below_domain, $2, $3))
2261 fatal_exit("out of memory adding "
2262 "ratelimit-below-domain");
2266 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2268 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2269 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2270 yyerror("number expected");
2271 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2275 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2277 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2278 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2279 yyerror("number expected");
2280 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2284 server_low_rtt: VAR_LOW_RTT STRING_ARG
2286 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2290 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2292 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2294 yyerror("number expected");
2295 else cfg_parser->cfg->fast_server_num = atoi($2);
2299 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2301 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2302 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2303 yyerror("number expected");
2304 else cfg_parser->cfg->fast_server_permil = atoi($2);
2308 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2310 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2311 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2312 yyerror("expected yes or no.");
2313 else cfg_parser->cfg->qname_minimisation =
2314 (strcmp($2, "yes")==0);
2318 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2320 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2321 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2322 yyerror("expected yes or no.");
2323 else cfg_parser->cfg->qname_minimisation_strict =
2324 (strcmp($2, "yes")==0);
2328 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2331 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2332 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2333 yyerror("expected yes or no.");
2334 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2336 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2341 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2344 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2345 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2346 yyerror("expected yes or no.");
2347 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2349 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2354 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2357 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2358 free(cfg_parser->cfg->ipsecmod_hook);
2359 cfg_parser->cfg->ipsecmod_hook = $2;
2361 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2366 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2369 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2370 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2371 yyerror("number expected");
2372 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2375 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2380 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2383 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2384 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2385 yyerror("out of memory");
2387 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2392 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2395 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2396 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2397 yyerror("expected yes or no.");
2398 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2401 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2406 stub_name: VAR_NAME STRING_ARG
2408 OUTYY(("P(name:%s)\n", $2));
2409 if(cfg_parser->cfg->stubs->name)
2410 yyerror("stub name override, there must be one name "
2411 "for one stub-zone");
2412 free(cfg_parser->cfg->stubs->name);
2413 cfg_parser->cfg->stubs->name = $2;
2416 stub_host: VAR_STUB_HOST STRING_ARG
2418 OUTYY(("P(stub-host:%s)\n", $2));
2419 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2420 yyerror("out of memory");
2423 stub_addr: VAR_STUB_ADDR STRING_ARG
2425 OUTYY(("P(stub-addr:%s)\n", $2));
2426 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2427 yyerror("out of memory");
2430 stub_first: VAR_STUB_FIRST STRING_ARG
2432 OUTYY(("P(stub-first:%s)\n", $2));
2433 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2434 yyerror("expected yes or no.");
2435 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2439 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2441 OUTYY(("P(stub-no-cache:%s)\n", $2));
2442 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2443 yyerror("expected yes or no.");
2444 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2448 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2450 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2451 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2452 yyerror("expected yes or no.");
2453 else cfg_parser->cfg->stubs->ssl_upstream =
2454 (strcmp($2, "yes")==0);
2458 stub_prime: VAR_STUB_PRIME STRING_ARG
2460 OUTYY(("P(stub-prime:%s)\n", $2));
2461 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2462 yyerror("expected yes or no.");
2463 else cfg_parser->cfg->stubs->isprime =
2464 (strcmp($2, "yes")==0);
2468 forward_name: VAR_NAME STRING_ARG
2470 OUTYY(("P(name:%s)\n", $2));
2471 if(cfg_parser->cfg->forwards->name)
2472 yyerror("forward name override, there must be one "
2473 "name for one forward-zone");
2474 free(cfg_parser->cfg->forwards->name);
2475 cfg_parser->cfg->forwards->name = $2;
2478 forward_host: VAR_FORWARD_HOST STRING_ARG
2480 OUTYY(("P(forward-host:%s)\n", $2));
2481 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2482 yyerror("out of memory");
2485 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2487 OUTYY(("P(forward-addr:%s)\n", $2));
2488 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2489 yyerror("out of memory");
2492 forward_first: VAR_FORWARD_FIRST STRING_ARG
2494 OUTYY(("P(forward-first:%s)\n", $2));
2495 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2496 yyerror("expected yes or no.");
2497 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2501 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2503 OUTYY(("P(forward-no-cache:%s)\n", $2));
2504 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2505 yyerror("expected yes or no.");
2506 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2510 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2512 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2513 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2514 yyerror("expected yes or no.");
2515 else cfg_parser->cfg->forwards->ssl_upstream =
2516 (strcmp($2, "yes")==0);
2520 auth_name: VAR_NAME STRING_ARG
2522 OUTYY(("P(name:%s)\n", $2));
2523 if(cfg_parser->cfg->auths->name)
2524 yyerror("auth name override, there must be one name "
2525 "for one auth-zone");
2526 free(cfg_parser->cfg->auths->name);
2527 cfg_parser->cfg->auths->name = $2;
2530 auth_zonefile: VAR_ZONEFILE STRING_ARG
2532 OUTYY(("P(zonefile:%s)\n", $2));
2533 free(cfg_parser->cfg->auths->zonefile);
2534 cfg_parser->cfg->auths->zonefile = $2;
2537 auth_master: VAR_MASTER STRING_ARG
2539 OUTYY(("P(master:%s)\n", $2));
2540 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2541 yyerror("out of memory");
2544 auth_url: VAR_URL STRING_ARG
2546 OUTYY(("P(url:%s)\n", $2));
2547 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2548 yyerror("out of memory");
2551 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2553 OUTYY(("P(allow-notify:%s)\n", $2));
2554 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2556 yyerror("out of memory");
2559 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2561 OUTYY(("P(for-downstream:%s)\n", $2));
2562 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2563 yyerror("expected yes or no.");
2564 else cfg_parser->cfg->auths->for_downstream =
2565 (strcmp($2, "yes")==0);
2569 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2571 OUTYY(("P(for-upstream:%s)\n", $2));
2572 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2573 yyerror("expected yes or no.");
2574 else cfg_parser->cfg->auths->for_upstream =
2575 (strcmp($2, "yes")==0);
2579 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2581 OUTYY(("P(fallback-enabled:%s)\n", $2));
2582 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2583 yyerror("expected yes or no.");
2584 else cfg_parser->cfg->auths->fallback_enabled =
2585 (strcmp($2, "yes")==0);
2589 view_name: VAR_NAME STRING_ARG
2591 OUTYY(("P(name:%s)\n", $2));
2592 if(cfg_parser->cfg->views->name)
2593 yyerror("view name override, there must be one "
2594 "name for one view");
2595 free(cfg_parser->cfg->views->name);
2596 cfg_parser->cfg->views->name = $2;
2599 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2601 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2602 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2603 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2604 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2605 && strcmp($3, "typetransparent")!=0
2606 && strcmp($3, "always_transparent")!=0
2607 && strcmp($3, "always_refuse")!=0
2608 && strcmp($3, "always_nxdomain")!=0
2609 && strcmp($3, "noview")!=0
2610 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2611 yyerror("local-zone type: expected static, deny, "
2612 "refuse, redirect, transparent, "
2613 "typetransparent, inform, inform_deny, "
2614 "always_transparent, always_refuse, "
2615 "always_nxdomain, noview or nodefault");
2618 } else if(strcmp($3, "nodefault")==0) {
2619 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2620 local_zones_nodefault, $2))
2621 fatal_exit("out of memory adding local-zone");
2624 } else if(strcmp($3, "ipset")==0) {
2625 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2626 local_zones_ipset, $2))
2627 fatal_exit("out of memory adding local-zone");
2631 if(!cfg_str2list_insert(
2632 &cfg_parser->cfg->views->local_zones,
2634 fatal_exit("out of memory adding local-zone");
2638 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2640 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2641 validate_respip_action($3);
2642 if(!cfg_str2list_insert(
2643 &cfg_parser->cfg->views->respip_actions, $2, $3))
2644 fatal_exit("out of memory adding per-view "
2645 "response-ip action");
2648 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2650 OUTYY(("P(view_response_ip_data:%s)\n", $2));
2651 if(!cfg_str2list_insert(
2652 &cfg_parser->cfg->views->respip_data, $2, $3))
2653 fatal_exit("out of memory adding response-ip-data");
2656 view_local_data: VAR_LOCAL_DATA STRING_ARG
2658 OUTYY(("P(view_local_data:%s)\n", $2));
2659 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2660 fatal_exit("out of memory adding local-data");
2664 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2667 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2668 ptr = cfg_ptr_reverse($2);
2671 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2673 fatal_exit("out of memory adding local-data");
2675 yyerror("local-data-ptr could not be reversed");
2679 view_first: VAR_VIEW_FIRST STRING_ARG
2681 OUTYY(("P(view-first:%s)\n", $2));
2682 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2683 yyerror("expected yes or no.");
2684 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2688 rcstart: VAR_REMOTE_CONTROL
2690 OUTYY(("\nP(remote-control:)\n"));
2693 contents_rc: contents_rc content_rc
2695 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2696 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2697 rc_control_cert_file | rc_control_use_cert
2699 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2701 OUTYY(("P(control_enable:%s)\n", $2));
2702 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2703 yyerror("expected yes or no.");
2704 else cfg_parser->cfg->remote_control_enable =
2705 (strcmp($2, "yes")==0);
2709 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2711 OUTYY(("P(control_port:%s)\n", $2));
2713 yyerror("control port number expected");
2714 else cfg_parser->cfg->control_port = atoi($2);
2718 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2720 OUTYY(("P(control_interface:%s)\n", $2));
2721 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2722 yyerror("out of memory");
2725 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2727 OUTYY(("P(control_use_cert:%s)\n", $2));
2728 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2732 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2734 OUTYY(("P(rc_server_key_file:%s)\n", $2));
2735 free(cfg_parser->cfg->server_key_file);
2736 cfg_parser->cfg->server_key_file = $2;
2739 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2741 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2742 free(cfg_parser->cfg->server_cert_file);
2743 cfg_parser->cfg->server_cert_file = $2;
2746 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2748 OUTYY(("P(rc_control_key_file:%s)\n", $2));
2749 free(cfg_parser->cfg->control_key_file);
2750 cfg_parser->cfg->control_key_file = $2;
2753 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2755 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2756 free(cfg_parser->cfg->control_cert_file);
2757 cfg_parser->cfg->control_cert_file = $2;
2762 OUTYY(("\nP(dnstap:)\n"));
2765 contents_dt: contents_dt content_dt
2767 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
2768 dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
2769 dt_dnstap_tls_cert_bundle |
2770 dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
2771 dt_dnstap_send_identity | dt_dnstap_send_version |
2772 dt_dnstap_identity | dt_dnstap_version |
2773 dt_dnstap_log_resolver_query_messages |
2774 dt_dnstap_log_resolver_response_messages |
2775 dt_dnstap_log_client_query_messages |
2776 dt_dnstap_log_client_response_messages |
2777 dt_dnstap_log_forwarder_query_messages |
2778 dt_dnstap_log_forwarder_response_messages
2780 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2782 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784 yyerror("expected yes or no.");
2785 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2789 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
2791 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
2792 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2793 yyerror("expected yes or no.");
2794 else cfg_parser->cfg->dnstap_bidirectional =
2795 (strcmp($2, "yes")==0);
2799 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2801 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2802 free(cfg_parser->cfg->dnstap_socket_path);
2803 cfg_parser->cfg->dnstap_socket_path = $2;
2806 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
2808 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
2809 free(cfg_parser->cfg->dnstap_ip);
2810 cfg_parser->cfg->dnstap_ip = $2;
2813 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
2815 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
2816 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2817 yyerror("expected yes or no.");
2818 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
2822 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
2824 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
2825 free(cfg_parser->cfg->dnstap_tls_server_name);
2826 cfg_parser->cfg->dnstap_tls_server_name = $2;
2829 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
2831 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
2832 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
2833 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
2836 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
2838 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
2839 free(cfg_parser->cfg->dnstap_tls_client_key_file);
2840 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
2843 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
2845 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
2846 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
2847 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
2850 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2852 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2853 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2854 yyerror("expected yes or no.");
2855 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2859 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2861 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2862 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2863 yyerror("expected yes or no.");
2864 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2868 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2870 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2871 free(cfg_parser->cfg->dnstap_identity);
2872 cfg_parser->cfg->dnstap_identity = $2;
2875 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2877 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2878 free(cfg_parser->cfg->dnstap_version);
2879 cfg_parser->cfg->dnstap_version = $2;
2882 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2884 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2885 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2886 yyerror("expected yes or no.");
2887 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2888 (strcmp($2, "yes")==0);
2892 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2894 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2895 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2896 yyerror("expected yes or no.");
2897 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2898 (strcmp($2, "yes")==0);
2902 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2904 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2905 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2906 yyerror("expected yes or no.");
2907 else cfg_parser->cfg->dnstap_log_client_query_messages =
2908 (strcmp($2, "yes")==0);
2912 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2914 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2915 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2916 yyerror("expected yes or no.");
2917 else cfg_parser->cfg->dnstap_log_client_response_messages =
2918 (strcmp($2, "yes")==0);
2922 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2924 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2925 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2926 yyerror("expected yes or no.");
2927 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2928 (strcmp($2, "yes")==0);
2932 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2934 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2935 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2936 yyerror("expected yes or no.");
2937 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2938 (strcmp($2, "yes")==0);
2942 pythonstart: VAR_PYTHON
2944 OUTYY(("\nP(python:)\n"));
2947 contents_py: contents_py content_py
2949 content_py: py_script
2951 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2953 OUTYY(("P(python-script:%s)\n", $2));
2954 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
2955 yyerror("out of memory");
2957 dynlibstart: VAR_DYNLIB
2959 OUTYY(("\nP(dynlib:)\n"));
2962 contents_dl: contents_dl content_dl
2966 dl_file: VAR_DYNLIB_FILE STRING_ARG
2968 OUTYY(("P(dynlib-file:%s)\n", $2));
2969 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
2970 yyerror("out of memory");
2972 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2974 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2975 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2976 yyerror("expected yes or no.");
2977 else cfg_parser->cfg->disable_dnssec_lame_check =
2978 (strcmp($2, "yes")==0);
2982 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2984 OUTYY(("P(server_log_identity:%s)\n", $2));
2985 free(cfg_parser->cfg->log_identity);
2986 cfg_parser->cfg->log_identity = $2;
2989 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2991 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2992 validate_respip_action($3);
2993 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2995 fatal_exit("out of memory adding response-ip");
2998 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3000 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3001 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3003 fatal_exit("out of memory adding response-ip-data");
3006 dnscstart: VAR_DNSCRYPT
3008 OUTYY(("\nP(dnscrypt:)\n"));
3011 contents_dnsc: contents_dnsc content_dnsc
3014 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3015 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3016 dnsc_dnscrypt_provider_cert_rotated |
3017 dnsc_dnscrypt_shared_secret_cache_size |
3018 dnsc_dnscrypt_shared_secret_cache_slabs |
3019 dnsc_dnscrypt_nonce_cache_size |
3020 dnsc_dnscrypt_nonce_cache_slabs
3022 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3024 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3025 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3026 yyerror("expected yes or no.");
3027 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3032 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3034 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3036 yyerror("port number expected");
3037 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3041 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3043 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3044 free(cfg_parser->cfg->dnscrypt_provider);
3045 cfg_parser->cfg->dnscrypt_provider = $2;
3048 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3050 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3051 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3052 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3053 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3054 fatal_exit("out of memory adding dnscrypt-provider-cert");
3057 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3059 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3060 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3061 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3064 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3066 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3067 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3068 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3069 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3070 fatal_exit("out of memory adding dnscrypt-secret-key");
3073 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3075 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3076 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3077 yyerror("memory size expected");
3081 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3083 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3085 yyerror("number expected");
3087 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3088 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3089 yyerror("must be a power of 2");
3094 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3096 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3097 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3098 yyerror("memory size expected");
3102 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3104 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3106 yyerror("number expected");
3108 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3109 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3110 yyerror("must be a power of 2");
3115 cachedbstart: VAR_CACHEDB
3117 OUTYY(("\nP(cachedb:)\n"));
3120 contents_cachedb: contents_cachedb content_cachedb
3122 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3123 redis_server_host | redis_server_port | redis_timeout |
3124 redis_expire_records
3126 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3129 OUTYY(("P(backend:%s)\n", $2));
3130 free(cfg_parser->cfg->cachedb_backend);
3131 cfg_parser->cfg->cachedb_backend = $2;
3133 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3138 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3141 OUTYY(("P(secret-seed:%s)\n", $2));
3142 free(cfg_parser->cfg->cachedb_secret);
3143 cfg_parser->cfg->cachedb_secret = $2;
3145 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3150 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3152 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3153 OUTYY(("P(redis_server_host:%s)\n", $2));
3154 free(cfg_parser->cfg->redis_server_host);
3155 cfg_parser->cfg->redis_server_host = $2;
3157 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3162 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3164 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3166 OUTYY(("P(redis_server_port:%s)\n", $2));
3168 if(port == 0 || port < 0 || port > 65535)
3169 yyerror("valid redis server port number expected");
3170 else cfg_parser->cfg->redis_server_port = port;
3172 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3177 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3179 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3180 OUTYY(("P(redis_timeout:%s)\n", $2));
3182 yyerror("redis timeout value expected");
3183 else cfg_parser->cfg->redis_timeout = atoi($2);
3185 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3190 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3192 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3193 OUTYY(("P(redis_expire_records:%s)\n", $2));
3194 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3195 yyerror("expected yes or no.");
3196 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3198 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3203 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3205 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3207 yyerror("positive number expected");
3209 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3210 fatal_exit("out of memory adding tcp connection limit");
3214 ipsetstart: VAR_IPSET
3216 OUTYY(("\nP(ipset:)\n"));
3219 contents_ipset: contents_ipset content_ipset
3221 content_ipset: ipset_name_v4 | ipset_name_v6
3223 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3226 OUTYY(("P(name-v4:%s)\n", $2));
3227 if(cfg_parser->cfg->ipset_name_v4)
3228 yyerror("ipset name v4 override, there must be one "
3230 free(cfg_parser->cfg->ipset_name_v4);
3231 cfg_parser->cfg->ipset_name_v4 = $2;
3233 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3238 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3241 OUTYY(("P(name-v6:%s)\n", $2));
3242 if(cfg_parser->cfg->ipset_name_v6)
3243 yyerror("ipset name v6 override, there must be one "
3245 free(cfg_parser->cfg->ipset_name_v6);
3246 cfg_parser->cfg->ipset_name_v6 = $2;
3248 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3255 /* parse helper routines could be here */
3257 validate_respip_action(const char* action)
3259 if(strcmp(action, "deny")!=0 &&
3260 strcmp(action, "redirect")!=0 &&
3261 strcmp(action, "inform")!=0 &&
3262 strcmp(action, "inform_deny")!=0 &&
3263 strcmp(action, "always_transparent")!=0 &&
3264 strcmp(action, "always_refuse")!=0 &&
3265 strcmp(action, "always_nxdomain")!=0)
3267 yyerror("response-ip action: expected deny, redirect, "
3268 "inform, inform_deny, always_transparent, "
3269 "always_refuse or always_nxdomain");