contrib/unbound/util/configparser.y

   1 /*
   2  * configparser.y -- yacc grammar for unbound configuration files
   3  *
   4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
   5  *
   6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
   7  *
   8  * This software is open source.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  *
  14  * Redistributions of source code must retain the above copyright notice,
  15  * this list of conditions and the following disclaimer.
  16  *
  17  * Redistributions in binary form must reproduce the above copyright notice,
  18  * this list of conditions and the following disclaimer in the documentation
  19  * and/or other materials provided with the distribution.
  20  *
  21  * Neither the name of the NLNET LABS nor the names of its contributors may
  22  * be used to endorse or promote products derived from this software without
  23  * specific prior written permission.
  24  *
  25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
  31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36  */
  37
  38 %{
  39 #include "config.h"
  40
  41 #include <stdarg.h>
  42 #include <stdio.h>
  43 #include <string.h>
  44 #include <stdlib.h>
  45 #include <assert.h>
  46
  47 #include "util/configyyrename.h"
  48 #include "util/config_file.h"
  49 #include "util/net_help.h"
  50
  51 int ub_c_lex(void);
  52 void ub_c_error(const char *message);
  53
  54 static void validate_respip_action(const char* action);
  55
  56 /* these need to be global, otherwise they cannot be used inside yacc */
  57 extern struct config_parser_state* cfg_parser;
  58
  59 #if 0
  60 #define OUTYY(s)  printf s /* used ONLY when debugging */
  61 #else
  62 #define OUTYY(s)
  63 #endif
  64
  65 %}
  66 %union {
  67         char*   str;
  68 };
  69
  70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
  71 %token <str> STRING_ARG
  72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
  73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
  74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
  75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS
  76 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
  77 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
  78 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
  79 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
  80 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
  81 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
  82 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
  83 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
  84 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
  85 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
  86 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
  87 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
  88 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
  89 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
  90 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
  91 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
  92 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
  93 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
  94 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
  95 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
  96 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
  97 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
  98 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
  99 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
 100 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
 101 %token VAR_CONTROL_USE_CERT
 102 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
 103 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
 104 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
 105 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
 106 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
 107 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
 108 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
 109 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES
 110 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
 111 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
 112 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
 113 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
 114 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
 115 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
 116 %token VAR_INFRA_CACHE_MIN_RTT
 117 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
 118 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
 119 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
 120 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
 121 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
 122 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
 123 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
 124 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
 125 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
 126 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
 127 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
 128 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
 129 %token VAR_DISABLE_DNSSEC_LAME_CHECK
 130 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
 131 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
 132 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
 133 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
 134 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
 135 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
 136 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
 137 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
 138 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
 139 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
 140 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
 141 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
 142 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
 143 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
 144 %token VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
 145 %token VAR_ROOT_KEY_SENTINEL
 146 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
 147 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
 148 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
 149 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
 150 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
 151 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
 152 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
 153 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
 154 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
 155 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
 156 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
 157 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
 158 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
 159 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
 160 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT
 161
 162 %%
 163 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
 164 toplevelvar: serverstart contents_server | stubstart contents_stub |
 165         forwardstart contents_forward | pythonstart contents_py |
 166         rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
 167         dnscstart contents_dnsc | cachedbstart contents_cachedb |
 168         authstart contents_auth
 169         ;
 170
 171 /* server: declaration */
 172 serverstart: VAR_SERVER
 173         {
 174                 OUTYY(("\nP(server:)\n"));
 175         }
 176         ;
 177 contents_server: contents_server content_server
 178         | ;
 179 content_server: server_num_threads | server_verbosity | server_port |
 180         server_outgoing_range | server_do_ip4 |
 181         server_do_ip6 | server_prefer_ip6 |
 182         server_do_udp | server_do_tcp |
 183         server_tcp_mss | server_outgoing_tcp_mss |
 184         server_interface | server_chroot | server_username |
 185         server_directory | server_logfile | server_pidfile |
 186         server_msg_cache_size | server_msg_cache_slabs |
 187         server_num_queries_per_thread | server_rrset_cache_size |
 188         server_rrset_cache_slabs | server_outgoing_num_tcp |
 189         server_infra_host_ttl | server_infra_lame_ttl |
 190         server_infra_cache_slabs | server_infra_cache_numhosts |
 191         server_infra_cache_lame_size | server_target_fetch_policy |
 192         server_harden_short_bufsize | server_harden_large_queries |
 193         server_do_not_query_address | server_hide_identity |
 194         server_hide_version | server_identity | server_version |
 195         server_harden_glue | server_module_conf | server_trust_anchor_file |
 196         server_trust_anchor | server_val_override_date | server_bogus_ttl |
 197         server_val_clean_additional | server_val_permissive_mode |
 198         server_incoming_num_tcp | server_msg_buffer_size |
 199         server_key_cache_size | server_key_cache_slabs |
 200         server_trusted_keys_file | server_val_nsec3_keysize_iterations |
 201         server_use_syslog | server_outgoing_interface | server_root_hints |
 202         server_do_not_query_localhost | server_cache_max_ttl |
 203         server_harden_dnssec_stripped | server_access_control |
 204         server_local_zone | server_local_data | server_interface_automatic |
 205         server_statistics_interval | server_do_daemonize |
 206         server_use_caps_for_id | server_statistics_cumulative |
 207         server_outgoing_port_permit | server_outgoing_port_avoid |
 208         server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
 209         server_harden_referral_path | server_private_address |
 210         server_private_domain | server_extended_statistics |
 211         server_local_data_ptr | server_jostle_timeout |
 212         server_unwanted_reply_threshold | server_log_time_ascii |
 213         server_domain_insecure | server_val_sig_skew_min |
 214         server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
 215         server_auto_trust_anchor_file | server_add_holddown |
 216         server_del_holddown | server_keep_missing | server_so_rcvbuf |
 217         server_edns_buffer_size | server_prefetch | server_prefetch_key |
 218         server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
 219         server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
 220         server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
 221         server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
 222         server_so_reuseport | server_delay_close |
 223         server_unblock_lan_zones | server_insecure_lan_zones |
 224         server_dns64_prefix | server_dns64_synthall |
 225         server_infra_cache_min_rtt | server_harden_algo_downgrade |
 226         server_ip_transparent | server_ip_ratelimit | server_ratelimit |
 227         server_ip_ratelimit_slabs | server_ratelimit_slabs |
 228         server_ip_ratelimit_size | server_ratelimit_size |
 229         server_ratelimit_for_domain |
 230         server_ratelimit_below_domain | server_ratelimit_factor |
 231         server_ip_ratelimit_factor | server_send_client_subnet |
 232         server_client_subnet_zone | server_client_subnet_always_forward |
 233         server_client_subnet_opcode |
 234         server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
 235         server_caps_whitelist | server_cache_max_negative_ttl |
 236         server_permit_small_holddown | server_qname_minimisation |
 237         server_ip_freebind | server_define_tag | server_local_zone_tag |
 238         server_disable_dnssec_lame_check | server_access_control_tag |
 239         server_local_zone_override | server_access_control_tag_action |
 240         server_access_control_tag_data | server_access_control_view |
 241         server_qname_minimisation_strict | server_serve_expired |
 242         server_fake_dsa | server_log_identity | server_use_systemd |
 243         server_response_ip_tag | server_response_ip | server_response_ip_data |
 244         server_shm_enable | server_shm_key | server_fake_sha1 |
 245         server_hide_trustanchor | server_trust_anchor_signaling |
 246         server_root_key_sentinel |
 247         server_ipsecmod_enabled | server_ipsecmod_hook |
 248         server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
 249         server_ipsecmod_whitelist | server_ipsecmod_strict |
 250         server_udp_upstream_without_downstream | server_aggressive_nsec |
 251         server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
 252         server_low_rtt_permil | server_tls_win_cert
 253         ;
 254 stubstart: VAR_STUB_ZONE
 255         {
 256                 struct config_stub* s;
 257                 OUTYY(("\nP(stub_zone:)\n"));
 258                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
 259                 if(s) {
 260                         s->next = cfg_parser->cfg->stubs;
 261                         cfg_parser->cfg->stubs = s;
 262                 } else
 263                         yyerror("out of memory");
 264         }
 265         ;
 266 contents_stub: contents_stub content_stub
 267         | ;
 268 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
 269         stub_ssl_upstream
 270         ;
 271 forwardstart: VAR_FORWARD_ZONE
 272         {
 273                 struct config_stub* s;
 274                 OUTYY(("\nP(forward_zone:)\n"));
 275                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
 276                 if(s) {
 277                         s->next = cfg_parser->cfg->forwards;
 278                         cfg_parser->cfg->forwards = s;
 279                 } else
 280                         yyerror("out of memory");
 281         }
 282         ;
 283 contents_forward: contents_forward content_forward
 284         | ;
 285 content_forward: forward_name | forward_host | forward_addr | forward_first |
 286         forward_ssl_upstream
 287         ;
 288 viewstart: VAR_VIEW
 289         {
 290                 struct config_view* s;
 291                 OUTYY(("\nP(view:)\n"));
 292                 s = (struct config_view*)calloc(1, sizeof(struct config_view));
 293                 if(s) {
 294                         s->next = cfg_parser->cfg->views;
 295                         if(s->next && !s->next->name)
 296                                 yyerror("view without name");
 297                         cfg_parser->cfg->views = s;
 298                 } else
 299                         yyerror("out of memory");
 300         }
 301         ;
 302 contents_view: contents_view content_view
 303         | ;
 304 content_view: view_name | view_local_zone | view_local_data | view_first |
 305                 view_response_ip | view_response_ip_data | view_local_data_ptr
 306         ;
 307 authstart: VAR_AUTH_ZONE
 308         {
 309                 struct config_auth* s;
 310                 OUTYY(("\nP(auth_zone:)\n"));
 311                 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
 312                 if(s) {
 313                         s->next = cfg_parser->cfg->auths;
 314                         cfg_parser->cfg->auths = s;
 315                         /* defaults for auth zone */
 316                         s->for_downstream = 1;
 317                         s->for_upstream = 1;
 318                         s->fallback_enabled = 0;
 319                 } else
 320                         yyerror("out of memory");
 321         }
 322         ;
 323 contents_auth: contents_auth content_auth
 324         | ;
 325 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
 326         auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
 327         auth_allow_notify
 328         ;
 329 server_num_threads: VAR_NUM_THREADS STRING_ARG
 330         {
 331                 OUTYY(("P(server_num_threads:%s)\n", $2));
 332                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 333                         yyerror("number expected");
 334                 else cfg_parser->cfg->num_threads = atoi($2);
 335                 free($2);
 336         }
 337         ;
 338 server_verbosity: VAR_VERBOSITY STRING_ARG
 339         {
 340                 OUTYY(("P(server_verbosity:%s)\n", $2));
 341                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 342                         yyerror("number expected");
 343                 else cfg_parser->cfg->verbosity = atoi($2);
 344                 free($2);
 345         }
 346         ;
 347 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
 348         {
 349                 OUTYY(("P(server_statistics_interval:%s)\n", $2));
 350                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
 351                         cfg_parser->cfg->stat_interval = 0;
 352                 else if(atoi($2) == 0)
 353                         yyerror("number expected");
 354                 else cfg_parser->cfg->stat_interval = atoi($2);
 355                 free($2);
 356         }
 357         ;
 358 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
 359         {
 360                 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
 361                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 362                         yyerror("expected yes or no.");
 363                 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
 364                 free($2);
 365         }
 366         ;
 367 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
 368         {
 369                 OUTYY(("P(server_extended_statistics:%s)\n", $2));
 370                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 371                         yyerror("expected yes or no.");
 372                 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
 373                 free($2);
 374         }
 375         ;
 376 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
 377         {
 378                 OUTYY(("P(server_shm_enable:%s)\n", $2));
 379                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 380                         yyerror("expected yes or no.");
 381                 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
 382                 free($2);
 383         }
 384         ;
 385 server_shm_key: VAR_SHM_KEY STRING_ARG
 386         {
 387                 OUTYY(("P(server_shm_key:%s)\n", $2));
 388                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
 389                         cfg_parser->cfg->shm_key = 0;
 390                 else if(atoi($2) == 0)
 391                         yyerror("number expected");
 392                 else cfg_parser->cfg->shm_key = atoi($2);
 393                 free($2);
 394         }
 395         ;
 396 server_port: VAR_PORT STRING_ARG
 397         {
 398                 OUTYY(("P(server_port:%s)\n", $2));
 399                 if(atoi($2) == 0)
 400                         yyerror("port number expected");
 401                 else cfg_parser->cfg->port = atoi($2);
 402                 free($2);
 403         }
 404         ;
 405 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
 406         {
 407         #ifdef CLIENT_SUBNET
 408                 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
 409                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
 410                         fatal_exit("out of memory adding client-subnet");
 411         #else
 412                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 413         #endif
 414         }
 415         ;
 416 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
 417         {
 418         #ifdef CLIENT_SUBNET
 419                 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
 420                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
 421                         $2))
 422                         fatal_exit("out of memory adding client-subnet-zone");
 423         #else
 424                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 425         #endif
 426         }
 427         ;
 428 server_client_subnet_always_forward:
 429         VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
 430         {
 431         #ifdef CLIENT_SUBNET
 432                 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
 433                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 434                         yyerror("expected yes or no.");
 435                 else
 436                         cfg_parser->cfg->client_subnet_always_forward =
 437                                 (strcmp($2, "yes")==0);
 438         #else
 439                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 440         #endif
 441                 free($2);
 442         }
 443         ;
 444 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
 445         {
 446         #ifdef CLIENT_SUBNET
 447                 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
 448                 OUTYY(("P(Deprecated option, ignoring)\n"));
 449         #else
 450                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 451         #endif
 452                 free($2);
 453         }
 454         ;
 455 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
 456         {
 457         #ifdef CLIENT_SUBNET
 458                 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
 459                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 460                         yyerror("IPv4 subnet length expected");
 461                 else if (atoi($2) > 32)
 462                         cfg_parser->cfg->max_client_subnet_ipv4 = 32;
 463                 else if (atoi($2) < 0)
 464                         cfg_parser->cfg->max_client_subnet_ipv4 = 0;
 465                 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
 466         #else
 467                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 468         #endif
 469                 free($2);
 470         }
 471         ;
 472 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
 473         {
 474         #ifdef CLIENT_SUBNET
 475                 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
 476                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 477                         yyerror("Ipv6 subnet length expected");
 478                 else if (atoi($2) > 128)
 479                         cfg_parser->cfg->max_client_subnet_ipv6 = 128;
 480                 else if (atoi($2) < 0)
 481                         cfg_parser->cfg->max_client_subnet_ipv6 = 0;
 482                 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
 483         #else
 484                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 485         #endif
 486                 free($2);
 487         }
 488         ;
 489 server_interface: VAR_INTERFACE STRING_ARG
 490         {
 491                 OUTYY(("P(server_interface:%s)\n", $2));
 492                 if(cfg_parser->cfg->num_ifs == 0)
 493                         cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
 494                 else    cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
 495                                 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
 496                 if(!cfg_parser->cfg->ifs)
 497                         yyerror("out of memory");
 498                 else
 499                         cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
 500         }
 501         ;
 502 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
 503         {
 504                 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
 505                 if(cfg_parser->cfg->num_out_ifs == 0)
 506                         cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
 507                 else    cfg_parser->cfg->out_ifs = realloc(
 508                         cfg_parser->cfg->out_ifs,
 509                         (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
 510                 if(!cfg_parser->cfg->out_ifs)
 511                         yyerror("out of memory");
 512                 else
 513                         cfg_parser->cfg->out_ifs[
 514                                 cfg_parser->cfg->num_out_ifs++] = $2;
 515         }
 516         ;
 517 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
 518         {
 519                 OUTYY(("P(server_outgoing_range:%s)\n", $2));
 520                 if(atoi($2) == 0)
 521                         yyerror("number expected");
 522                 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
 523                 free($2);
 524         }
 525         ;
 526 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
 527         {
 528                 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
 529                 if(!cfg_mark_ports($2, 1,
 530                         cfg_parser->cfg->outgoing_avail_ports, 65536))
 531                         yyerror("port number or range (\"low-high\") expected");
 532                 free($2);
 533         }
 534         ;
 535 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
 536         {
 537                 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
 538                 if(!cfg_mark_ports($2, 0,
 539                         cfg_parser->cfg->outgoing_avail_ports, 65536))
 540                         yyerror("port number or range (\"low-high\") expected");
 541                 free($2);
 542         }
 543         ;
 544 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
 545         {
 546                 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
 547                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 548                         yyerror("number expected");
 549                 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
 550                 free($2);
 551         }
 552         ;
 553 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
 554         {
 555                 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
 556                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 557                         yyerror("number expected");
 558                 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
 559                 free($2);
 560         }
 561         ;
 562 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
 563         {
 564                 OUTYY(("P(server_interface_automatic:%s)\n", $2));
 565                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 566                         yyerror("expected yes or no.");
 567                 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
 568                 free($2);
 569         }
 570         ;
 571 server_do_ip4: VAR_DO_IP4 STRING_ARG
 572         {
 573                 OUTYY(("P(server_do_ip4:%s)\n", $2));
 574                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 575                         yyerror("expected yes or no.");
 576                 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
 577                 free($2);
 578         }
 579         ;
 580 server_do_ip6: VAR_DO_IP6 STRING_ARG
 581         {
 582                 OUTYY(("P(server_do_ip6:%s)\n", $2));
 583                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 584                         yyerror("expected yes or no.");
 585                 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
 586                 free($2);
 587         }
 588         ;
 589 server_do_udp: VAR_DO_UDP STRING_ARG
 590         {
 591                 OUTYY(("P(server_do_udp:%s)\n", $2));
 592                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 593                         yyerror("expected yes or no.");
 594                 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
 595                 free($2);
 596         }
 597         ;
 598 server_do_tcp: VAR_DO_TCP STRING_ARG
 599         {
 600                 OUTYY(("P(server_do_tcp:%s)\n", $2));
 601                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 602                         yyerror("expected yes or no.");
 603                 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
 604                 free($2);
 605         }
 606         ;
 607 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
 608         {
 609                 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
 610                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 611                         yyerror("expected yes or no.");
 612                 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
 613                 free($2);
 614         }
 615         ;
 616 server_tcp_mss: VAR_TCP_MSS STRING_ARG
 617         {
 618                 OUTYY(("P(server_tcp_mss:%s)\n", $2));
 619                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 620                         yyerror("number expected");
 621                 else cfg_parser->cfg->tcp_mss = atoi($2);
 622                 free($2);
 623         }
 624         ;
 625 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
 626         {
 627                 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
 628                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 629                         yyerror("number expected");
 630                 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
 631                 free($2);
 632         }
 633         ;
 634 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
 635         {
 636                 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
 637                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 638                         yyerror("expected yes or no.");
 639                 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
 640                 free($2);
 641         }
 642         ;
 643 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
 644         {
 645                 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
 646                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 647                         yyerror("expected yes or no.");
 648                 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
 649                 free($2);
 650         }
 651         ;
 652 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
 653         {
 654                 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
 655                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 656                         yyerror("expected yes or no.");
 657                 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
 658                 free($2);
 659         }
 660         ;
 661 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
 662         {
 663                 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
 664                 free(cfg_parser->cfg->ssl_service_key);
 665                 cfg_parser->cfg->ssl_service_key = $2;
 666         }
 667         ;
 668 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
 669         {
 670                 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
 671                 free(cfg_parser->cfg->ssl_service_pem);
 672                 cfg_parser->cfg->ssl_service_pem = $2;
 673         }
 674         ;
 675 server_ssl_port: VAR_SSL_PORT STRING_ARG
 676         {
 677                 OUTYY(("P(server_ssl_port:%s)\n", $2));
 678                 if(atoi($2) == 0)
 679                         yyerror("port number expected");
 680                 else cfg_parser->cfg->ssl_port = atoi($2);
 681                 free($2);
 682         }
 683         ;
 684 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
 685         {
 686                 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
 687                 free(cfg_parser->cfg->tls_cert_bundle);
 688                 cfg_parser->cfg->tls_cert_bundle = $2;
 689         }
 690         ;
 691 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
 692         {
 693                 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
 694                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 695                         yyerror("expected yes or no.");
 696                 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
 697                 free($2);
 698         }
 699         ;
 700 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
 701         {
 702                 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
 703                 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
 704                         $2))
 705                         yyerror("out of memory");
 706         }
 707         ;
 708 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
 709         {
 710                 OUTYY(("P(server_use_systemd:%s)\n", $2));
 711                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 712                         yyerror("expected yes or no.");
 713                 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
 714                 free($2);
 715         }
 716         ;
 717 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
 718         {
 719                 OUTYY(("P(server_do_daemonize:%s)\n", $2));
 720                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 721                         yyerror("expected yes or no.");
 722                 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
 723                 free($2);
 724         }
 725         ;
 726 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
 727         {
 728                 OUTYY(("P(server_use_syslog:%s)\n", $2));
 729                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 730                         yyerror("expected yes or no.");
 731                 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
 732 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
 733                 if(strcmp($2, "yes") == 0)
 734                         yyerror("no syslog services are available. "
 735                                 "(reconfigure and compile to add)");
 736 #endif
 737                 free($2);
 738         }
 739         ;
 740 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
 741         {
 742                 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
 743                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 744                         yyerror("expected yes or no.");
 745                 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
 746                 free($2);
 747         }
 748         ;
 749 server_log_queries: VAR_LOG_QUERIES STRING_ARG
 750         {
 751                 OUTYY(("P(server_log_queries:%s)\n", $2));
 752                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 753                         yyerror("expected yes or no.");
 754                 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
 755                 free($2);
 756         }
 757         ;
 758 server_log_replies: VAR_LOG_REPLIES STRING_ARG
 759   {
 760         OUTYY(("P(server_log_replies:%s)\n", $2));
 761         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 762                 yyerror("expected yes or no.");
 763         else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
 764         free($2);
 765   }
 766   ;
 767 server_chroot: VAR_CHROOT STRING_ARG
 768         {
 769                 OUTYY(("P(server_chroot:%s)\n", $2));
 770                 free(cfg_parser->cfg->chrootdir);
 771                 cfg_parser->cfg->chrootdir = $2;
 772         }
 773         ;
 774 server_username: VAR_USERNAME STRING_ARG
 775         {
 776                 OUTYY(("P(server_username:%s)\n", $2));
 777                 free(cfg_parser->cfg->username);
 778                 cfg_parser->cfg->username = $2;
 779         }
 780         ;
 781 server_directory: VAR_DIRECTORY STRING_ARG
 782         {
 783                 OUTYY(("P(server_directory:%s)\n", $2));
 784                 free(cfg_parser->cfg->directory);
 785                 cfg_parser->cfg->directory = $2;
 786                 /* change there right away for includes relative to this */
 787                 if($2[0]) {
 788                         char* d;
 789 #ifdef UB_ON_WINDOWS
 790                         w_config_adjust_directory(cfg_parser->cfg);
 791 #endif
 792                         d = cfg_parser->cfg->directory;
 793                         /* adjust directory if we have already chroot,
 794                          * like, we reread after sighup */
 795                         if(cfg_parser->chroot && cfg_parser->chroot[0] &&
 796                                 strncmp(d, cfg_parser->chroot, strlen(
 797                                 cfg_parser->chroot)) == 0)
 798                                 d += strlen(cfg_parser->chroot);
 799                         if(d[0]) {
 800                             if(chdir(d))
 801                                 log_err("cannot chdir to directory: %s (%s)",
 802                                         d, strerror(errno));
 803                         }
 804                 }
 805         }
 806         ;
 807 server_logfile: VAR_LOGFILE STRING_ARG
 808         {
 809                 OUTYY(("P(server_logfile:%s)\n", $2));
 810                 free(cfg_parser->cfg->logfile);
 811                 cfg_parser->cfg->logfile = $2;
 812                 cfg_parser->cfg->use_syslog = 0;
 813         }
 814         ;
 815 server_pidfile: VAR_PIDFILE STRING_ARG
 816         {
 817                 OUTYY(("P(server_pidfile:%s)\n", $2));
 818                 free(cfg_parser->cfg->pidfile);
 819                 cfg_parser->cfg->pidfile = $2;
 820         }
 821         ;
 822 server_root_hints: VAR_ROOT_HINTS STRING_ARG
 823         {
 824                 OUTYY(("P(server_root_hints:%s)\n", $2));
 825                 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
 826                         yyerror("out of memory");
 827         }
 828         ;
 829 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
 830         {
 831                 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
 832                 free(cfg_parser->cfg->dlv_anchor_file);
 833                 cfg_parser->cfg->dlv_anchor_file = $2;
 834         }
 835         ;
 836 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
 837         {
 838                 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
 839                 if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
 840                         yyerror("out of memory");
 841         }
 842         ;
 843 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
 844         {
 845                 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
 846                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 847                         auto_trust_anchor_file_list, $2))
 848                         yyerror("out of memory");
 849         }
 850         ;
 851 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
 852         {
 853                 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
 854                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 855                         trust_anchor_file_list, $2))
 856                         yyerror("out of memory");
 857         }
 858         ;
 859 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
 860         {
 861                 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
 862                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 863                         trusted_keys_file_list, $2))
 864                         yyerror("out of memory");
 865         }
 866         ;
 867 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
 868         {
 869                 OUTYY(("P(server_trust_anchor:%s)\n", $2));
 870                 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
 871                         yyerror("out of memory");
 872         }
 873         ;
 874 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
 875         {
 876                 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
 877                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 878                         yyerror("expected yes or no.");
 879                 else
 880                         cfg_parser->cfg->trust_anchor_signaling =
 881                                 (strcmp($2, "yes")==0);
 882                 free($2);
 883         }
 884         ;
 885 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
 886         {
 887                 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
 888                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 889                         yyerror("expected yes or no.");
 890                 else
 891                         cfg_parser->cfg->root_key_sentinel =
 892                                 (strcmp($2, "yes")==0);
 893                 free($2);
 894         }
 895         ;
 896 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
 897         {
 898                 OUTYY(("P(server_domain_insecure:%s)\n", $2));
 899                 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
 900                         yyerror("out of memory");
 901         }
 902         ;
 903 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
 904         {
 905                 OUTYY(("P(server_hide_identity:%s)\n", $2));
 906                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 907                         yyerror("expected yes or no.");
 908                 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
 909                 free($2);
 910         }
 911         ;
 912 server_hide_version: VAR_HIDE_VERSION STRING_ARG
 913         {
 914                 OUTYY(("P(server_hide_version:%s)\n", $2));
 915                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 916                         yyerror("expected yes or no.");
 917                 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
 918                 free($2);
 919         }
 920         ;
 921 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
 922         {
 923                 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
 924                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 925                         yyerror("expected yes or no.");
 926                 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
 927                 free($2);
 928         }
 929         ;
 930 server_identity: VAR_IDENTITY STRING_ARG
 931         {
 932                 OUTYY(("P(server_identity:%s)\n", $2));
 933                 free(cfg_parser->cfg->identity);
 934                 cfg_parser->cfg->identity = $2;
 935         }
 936         ;
 937 server_version: VAR_VERSION STRING_ARG
 938         {
 939                 OUTYY(("P(server_version:%s)\n", $2));
 940                 free(cfg_parser->cfg->version);
 941                 cfg_parser->cfg->version = $2;
 942         }
 943         ;
 944 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
 945         {
 946                 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
 947                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
 948                         yyerror("buffer size expected");
 949                 free($2);
 950         }
 951         ;
 952 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
 953         {
 954                 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
 955                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
 956                         yyerror("buffer size expected");
 957                 free($2);
 958         }
 959         ;
 960 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
 961     {
 962         OUTYY(("P(server_so_reuseport:%s)\n", $2));
 963         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 964             yyerror("expected yes or no.");
 965         else cfg_parser->cfg->so_reuseport =
 966             (strcmp($2, "yes")==0);
 967         free($2);
 968     }
 969     ;
 970 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
 971     {
 972         OUTYY(("P(server_ip_transparent:%s)\n", $2));
 973         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 974             yyerror("expected yes or no.");
 975         else cfg_parser->cfg->ip_transparent =
 976             (strcmp($2, "yes")==0);
 977         free($2);
 978     }
 979     ;
 980 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
 981     {
 982         OUTYY(("P(server_ip_freebind:%s)\n", $2));
 983         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 984             yyerror("expected yes or no.");
 985         else cfg_parser->cfg->ip_freebind =
 986             (strcmp($2, "yes")==0);
 987         free($2);
 988     }
 989     ;
 990 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
 991         {
 992                 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
 993                 if(atoi($2) == 0)
 994                         yyerror("number expected");
 995                 else if (atoi($2) < 12)
 996                         yyerror("edns buffer size too small");
 997                 else if (atoi($2) > 65535)
 998                         cfg_parser->cfg->edns_buffer_size = 65535;
 999                 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1000                 free($2);
1001         }
1002         ;
1003 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1004         {
1005                 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1006                 if(atoi($2) == 0)
1007                         yyerror("number expected");
1008                 else if (atoi($2) < 4096)
1009                         yyerror("message buffer size too small (use 4096)");
1010                 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1011                 free($2);
1012         }
1013         ;
1014 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1015         {
1016                 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1017                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1018                         yyerror("memory size expected");
1019                 free($2);
1020         }
1021         ;
1022 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1023         {
1024                 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1025                 if(atoi($2) == 0)
1026                         yyerror("number expected");
1027                 else {
1028                         cfg_parser->cfg->msg_cache_slabs = atoi($2);
1029                         if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1030                                 yyerror("must be a power of 2");
1031                 }
1032                 free($2);
1033         }
1034         ;
1035 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1036         {
1037                 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1038                 if(atoi($2) == 0)
1039                         yyerror("number expected");
1040                 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1041                 free($2);
1042         }
1043         ;
1044 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1045         {
1046                 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1047                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1048                         yyerror("number expected");
1049                 else cfg_parser->cfg->jostle_time = atoi($2);
1050                 free($2);
1051         }
1052         ;
1053 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1054         {
1055                 OUTYY(("P(server_delay_close:%s)\n", $2));
1056                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1057                         yyerror("number expected");
1058                 else cfg_parser->cfg->delay_close = atoi($2);
1059                 free($2);
1060         }
1061         ;
1062 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1063         {
1064                 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1065                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1066                         yyerror("expected yes or no.");
1067                 else cfg_parser->cfg->unblock_lan_zones =
1068                         (strcmp($2, "yes")==0);
1069                 free($2);
1070         }
1071         ;
1072 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1073         {
1074                 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1075                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1076                         yyerror("expected yes or no.");
1077                 else cfg_parser->cfg->insecure_lan_zones =
1078                         (strcmp($2, "yes")==0);
1079                 free($2);
1080         }
1081         ;
1082 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1083         {
1084                 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1085                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1086                         yyerror("memory size expected");
1087                 free($2);
1088         }
1089         ;
1090 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1091         {
1092                 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1093                 if(atoi($2) == 0)
1094                         yyerror("number expected");
1095                 else {
1096                         cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1097                         if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1098                                 yyerror("must be a power of 2");
1099                 }
1100                 free($2);
1101         }
1102         ;
1103 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1104         {
1105                 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1106                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1107                         yyerror("number expected");
1108                 else cfg_parser->cfg->host_ttl = atoi($2);
1109                 free($2);
1110         }
1111         ;
1112 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1113         {
1114                 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1115                 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1116                         "removed, use infra-host-ttl)", $2);
1117                 free($2);
1118         }
1119         ;
1120 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1121         {
1122                 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1123                 if(atoi($2) == 0)
1124                         yyerror("number expected");
1125                 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1126                 free($2);
1127         }
1128         ;
1129 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1130         {
1131                 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1132                 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1133                         "(option removed, use infra-cache-numhosts)", $2);
1134                 free($2);
1135         }
1136         ;
1137 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1138         {
1139                 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1140                 if(atoi($2) == 0)
1141                         yyerror("number expected");
1142                 else {
1143                         cfg_parser->cfg->infra_cache_slabs = atoi($2);
1144                         if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1145                                 yyerror("must be a power of 2");
1146                 }
1147                 free($2);
1148         }
1149         ;
1150 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1151         {
1152                 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1153                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1154                         yyerror("number expected");
1155                 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1156                 free($2);
1157         }
1158         ;
1159 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1160         {
1161                 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1162                 free(cfg_parser->cfg->target_fetch_policy);
1163                 cfg_parser->cfg->target_fetch_policy = $2;
1164         }
1165         ;
1166 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1167         {
1168                 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1169                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1170                         yyerror("expected yes or no.");
1171                 else cfg_parser->cfg->harden_short_bufsize =
1172                         (strcmp($2, "yes")==0);
1173                 free($2);
1174         }
1175         ;
1176 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1177         {
1178                 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1179                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180                         yyerror("expected yes or no.");
1181                 else cfg_parser->cfg->harden_large_queries =
1182                         (strcmp($2, "yes")==0);
1183                 free($2);
1184         }
1185         ;
1186 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1187         {
1188                 OUTYY(("P(server_harden_glue:%s)\n", $2));
1189                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1190                         yyerror("expected yes or no.");
1191                 else cfg_parser->cfg->harden_glue =
1192                         (strcmp($2, "yes")==0);
1193                 free($2);
1194         }
1195         ;
1196 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1197         {
1198                 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1199                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1200                         yyerror("expected yes or no.");
1201                 else cfg_parser->cfg->harden_dnssec_stripped =
1202                         (strcmp($2, "yes")==0);
1203                 free($2);
1204         }
1205         ;
1206 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1207         {
1208                 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1209                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1210                         yyerror("expected yes or no.");
1211                 else cfg_parser->cfg->harden_below_nxdomain =
1212                         (strcmp($2, "yes")==0);
1213                 free($2);
1214         }
1215         ;
1216 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1217         {
1218                 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1219                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1220                         yyerror("expected yes or no.");
1221                 else cfg_parser->cfg->harden_referral_path =
1222                         (strcmp($2, "yes")==0);
1223                 free($2);
1224         }
1225         ;
1226 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1227         {
1228                 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1229                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1230                         yyerror("expected yes or no.");
1231                 else cfg_parser->cfg->harden_algo_downgrade =
1232                         (strcmp($2, "yes")==0);
1233                 free($2);
1234         }
1235         ;
1236 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1237         {
1238                 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1239                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1240                         yyerror("expected yes or no.");
1241                 else cfg_parser->cfg->use_caps_bits_for_id =
1242                         (strcmp($2, "yes")==0);
1243                 free($2);
1244         }
1245         ;
1246 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1247         {
1248                 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1249                 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1250                         yyerror("out of memory");
1251         }
1252         ;
1253 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1254         {
1255                 OUTYY(("P(server_private_address:%s)\n", $2));
1256                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1257                         yyerror("out of memory");
1258         }
1259         ;
1260 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1261         {
1262                 OUTYY(("P(server_private_domain:%s)\n", $2));
1263                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1264                         yyerror("out of memory");
1265         }
1266         ;
1267 server_prefetch: VAR_PREFETCH STRING_ARG
1268         {
1269                 OUTYY(("P(server_prefetch:%s)\n", $2));
1270                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1271                         yyerror("expected yes or no.");
1272                 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1273                 free($2);
1274         }
1275         ;
1276 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1277         {
1278                 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1279                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1280                         yyerror("expected yes or no.");
1281                 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1282                 free($2);
1283         }
1284         ;
1285 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1286         {
1287                 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1288                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1289                         yyerror("number expected");
1290                 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1291                 free($2);
1292         }
1293         ;
1294 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1295         {
1296                 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1297                 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1298                         yyerror("out of memory");
1299         }
1300         ;
1301 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1302         {
1303                 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1304                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1305                         yyerror("expected yes or no.");
1306                 else cfg_parser->cfg->donotquery_localhost =
1307                         (strcmp($2, "yes")==0);
1308                 free($2);
1309         }
1310         ;
1311 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1312         {
1313                 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1314                 if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1315                         strcmp($3, "deny_non_local")!=0 &&
1316                         strcmp($3, "refuse_non_local")!=0 &&
1317                         strcmp($3, "allow_setrd")!=0 &&
1318                         strcmp($3, "allow")!=0 &&
1319                         strcmp($3, "allow_snoop")!=0) {
1320                         yyerror("expected deny, refuse, deny_non_local, "
1321                                 "refuse_non_local, allow, allow_setrd or "
1322                                 "allow_snoop in access control action");
1323                 } else {
1324                         if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1325                                 fatal_exit("out of memory adding acl");
1326                 }
1327         }
1328         ;
1329 server_module_conf: VAR_MODULE_CONF STRING_ARG
1330         {
1331                 OUTYY(("P(server_module_conf:%s)\n", $2));
1332                 free(cfg_parser->cfg->module_conf);
1333                 cfg_parser->cfg->module_conf = $2;
1334         }
1335         ;
1336 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1337         {
1338                 OUTYY(("P(server_val_override_date:%s)\n", $2));
1339                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1340                         cfg_parser->cfg->val_date_override = 0;
1341                 } else if(strlen($2) == 14) {
1342                         cfg_parser->cfg->val_date_override =
1343                                 cfg_convert_timeval($2);
1344                         if(!cfg_parser->cfg->val_date_override)
1345                                 yyerror("bad date/time specification");
1346                 } else {
1347                         if(atoi($2) == 0)
1348                                 yyerror("number expected");
1349                         cfg_parser->cfg->val_date_override = atoi($2);
1350                 }
1351                 free($2);
1352         }
1353         ;
1354 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1355         {
1356                 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1357                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1358                         cfg_parser->cfg->val_sig_skew_min = 0;
1359                 } else {
1360                         cfg_parser->cfg->val_sig_skew_min = atoi($2);
1361                         if(!cfg_parser->cfg->val_sig_skew_min)
1362                                 yyerror("number expected");
1363                 }
1364                 free($2);
1365         }
1366         ;
1367 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1368         {
1369                 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1370                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1371                         cfg_parser->cfg->val_sig_skew_max = 0;
1372                 } else {
1373                         cfg_parser->cfg->val_sig_skew_max = atoi($2);
1374                         if(!cfg_parser->cfg->val_sig_skew_max)
1375                                 yyerror("number expected");
1376                 }
1377                 free($2);
1378         }
1379         ;
1380 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1381         {
1382                 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1383                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1384                         yyerror("number expected");
1385                 else cfg_parser->cfg->max_ttl = atoi($2);
1386                 free($2);
1387         }
1388         ;
1389 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1390         {
1391                 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1392                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1393                         yyerror("number expected");
1394                 else cfg_parser->cfg->max_negative_ttl = atoi($2);
1395                 free($2);
1396         }
1397         ;
1398 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1399         {
1400                 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1401                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1402                         yyerror("number expected");
1403                 else cfg_parser->cfg->min_ttl = atoi($2);
1404                 free($2);
1405         }
1406         ;
1407 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1408         {
1409                 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1410                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1411                         yyerror("number expected");
1412                 else cfg_parser->cfg->bogus_ttl = atoi($2);
1413                 free($2);
1414         }
1415         ;
1416 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1417         {
1418                 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1419                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1420                         yyerror("expected yes or no.");
1421                 else cfg_parser->cfg->val_clean_additional =
1422                         (strcmp($2, "yes")==0);
1423                 free($2);
1424         }
1425         ;
1426 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1427         {
1428                 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1429                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1430                         yyerror("expected yes or no.");
1431                 else cfg_parser->cfg->val_permissive_mode =
1432                         (strcmp($2, "yes")==0);
1433                 free($2);
1434         }
1435         ;
1436 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1437         {
1438                 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1439                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1440                         yyerror("expected yes or no.");
1441                 else
1442                         cfg_parser->cfg->aggressive_nsec =
1443                                 (strcmp($2, "yes")==0);
1444                 free($2);
1445         }
1446         ;
1447 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1448         {
1449                 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1450                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1451                         yyerror("expected yes or no.");
1452                 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1453                 free($2);
1454         }
1455         ;
1456 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1457         {
1458                 OUTYY(("P(server_serve_expired:%s)\n", $2));
1459                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1460                         yyerror("expected yes or no.");
1461                 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1462                 free($2);
1463         }
1464         ;
1465 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1466         {
1467                 OUTYY(("P(server_fake_dsa:%s)\n", $2));
1468                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1469                         yyerror("expected yes or no.");
1470 #ifdef HAVE_SSL
1471                 else fake_dsa = (strcmp($2, "yes")==0);
1472                 if(fake_dsa)
1473                         log_warn("test option fake_dsa is enabled");
1474 #endif
1475                 free($2);
1476         }
1477         ;
1478 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1479         {
1480                 OUTYY(("P(server_fake_sha1:%s)\n", $2));
1481                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1482                         yyerror("expected yes or no.");
1483 #ifdef HAVE_SSL
1484                 else fake_sha1 = (strcmp($2, "yes")==0);
1485                 if(fake_sha1)
1486                         log_warn("test option fake_sha1 is enabled");
1487 #endif
1488                 free($2);
1489         }
1490         ;
1491 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1492         {
1493                 OUTYY(("P(server_val_log_level:%s)\n", $2));
1494                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1495                         yyerror("number expected");
1496                 else cfg_parser->cfg->val_log_level = atoi($2);
1497                 free($2);
1498         }
1499         ;
1500 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1501         {
1502                 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1503                 free(cfg_parser->cfg->val_nsec3_key_iterations);
1504                 cfg_parser->cfg->val_nsec3_key_iterations = $2;
1505         }
1506         ;
1507 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1508         {
1509                 OUTYY(("P(server_add_holddown:%s)\n", $2));
1510                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1511                         yyerror("number expected");
1512                 else cfg_parser->cfg->add_holddown = atoi($2);
1513                 free($2);
1514         }
1515         ;
1516 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1517         {
1518                 OUTYY(("P(server_del_holddown:%s)\n", $2));
1519                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1520                         yyerror("number expected");
1521                 else cfg_parser->cfg->del_holddown = atoi($2);
1522                 free($2);
1523         }
1524         ;
1525 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1526         {
1527                 OUTYY(("P(server_keep_missing:%s)\n", $2));
1528                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1529                         yyerror("number expected");
1530                 else cfg_parser->cfg->keep_missing = atoi($2);
1531                 free($2);
1532         }
1533         ;
1534 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1535         {
1536                 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1537                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1538                         yyerror("expected yes or no.");
1539                 else cfg_parser->cfg->permit_small_holddown =
1540                         (strcmp($2, "yes")==0);
1541                 free($2);
1542         }
1543 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1544         {
1545                 OUTYY(("P(server_key_cache_size:%s)\n", $2));
1546                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1547                         yyerror("memory size expected");
1548                 free($2);
1549         }
1550         ;
1551 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1552         {
1553                 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1554                 if(atoi($2) == 0)
1555                         yyerror("number expected");
1556                 else {
1557                         cfg_parser->cfg->key_cache_slabs = atoi($2);
1558                         if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1559                                 yyerror("must be a power of 2");
1560                 }
1561                 free($2);
1562         }
1563         ;
1564 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1565         {
1566                 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1567                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1568                         yyerror("memory size expected");
1569                 free($2);
1570         }
1571         ;
1572 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1573         {
1574                 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1575                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1576                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1577                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1578                    && strcmp($3, "typetransparent")!=0
1579                    && strcmp($3, "always_transparent")!=0
1580                    && strcmp($3, "always_refuse")!=0
1581                    && strcmp($3, "always_nxdomain")!=0
1582                    && strcmp($3, "noview")!=0
1583                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
1584                         yyerror("local-zone type: expected static, deny, "
1585                                 "refuse, redirect, transparent, "
1586                                 "typetransparent, inform, inform_deny, "
1587                                 "always_transparent, always_refuse, "
1588                                 "always_nxdomain, noview or nodefault");
1589                 else if(strcmp($3, "nodefault")==0) {
1590                         if(!cfg_strlist_insert(&cfg_parser->cfg->
1591                                 local_zones_nodefault, $2))
1592                                 fatal_exit("out of memory adding local-zone");
1593                         free($3);
1594                 } else {
1595                         if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1596                                 $2, $3))
1597                                 fatal_exit("out of memory adding local-zone");
1598                 }
1599         }
1600         ;
1601 server_local_data: VAR_LOCAL_DATA STRING_ARG
1602         {
1603                 OUTYY(("P(server_local_data:%s)\n", $2));
1604                 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1605                         fatal_exit("out of memory adding local-data");
1606         }
1607         ;
1608 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1609         {
1610                 char* ptr;
1611                 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1612                 ptr = cfg_ptr_reverse($2);
1613                 free($2);
1614                 if(ptr) {
1615                         if(!cfg_strlist_insert(&cfg_parser->cfg->
1616                                 local_data, ptr))
1617                                 fatal_exit("out of memory adding local-data");
1618                 } else {
1619                         yyerror("local-data-ptr could not be reversed");
1620                 }
1621         }
1622         ;
1623 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1624         {
1625                 OUTYY(("P(server_minimal_responses:%s)\n", $2));
1626                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1627                         yyerror("expected yes or no.");
1628                 else cfg_parser->cfg->minimal_responses =
1629                         (strcmp($2, "yes")==0);
1630                 free($2);
1631         }
1632         ;
1633 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1634         {
1635                 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1636                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1637                         yyerror("expected yes or no.");
1638                 else cfg_parser->cfg->rrset_roundrobin =
1639                         (strcmp($2, "yes")==0);
1640                 free($2);
1641         }
1642         ;
1643 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1644         {
1645                 OUTYY(("P(server_max_udp_size:%s)\n", $2));
1646                 cfg_parser->cfg->max_udp_size = atoi($2);
1647                 free($2);
1648         }
1649         ;
1650 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1651         {
1652                 OUTYY(("P(dns64_prefix:%s)\n", $2));
1653                 free(cfg_parser->cfg->dns64_prefix);
1654                 cfg_parser->cfg->dns64_prefix = $2;
1655         }
1656         ;
1657 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1658         {
1659                 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1660                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1661                         yyerror("expected yes or no.");
1662                 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1663                 free($2);
1664         }
1665         ;
1666 server_define_tag: VAR_DEFINE_TAG STRING_ARG
1667         {
1668                 char* p, *s = $2;
1669                 OUTYY(("P(server_define_tag:%s)\n", $2));
1670                 while((p=strsep(&s, " \t\n")) != NULL) {
1671                         if(*p) {
1672                                 if(!config_add_tag(cfg_parser->cfg, p))
1673                                         yyerror("could not define-tag, "
1674                                                 "out of memory");
1675                         }
1676                 }
1677                 free($2);
1678         }
1679         ;
1680 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
1681         {
1682                 size_t len = 0;
1683                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1684                         &len);
1685                 free($3);
1686                 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
1687                 if(!bitlist)
1688                         yyerror("could not parse tags, (define-tag them first)");
1689                 if(bitlist) {
1690                         if(!cfg_strbytelist_insert(
1691                                 &cfg_parser->cfg->local_zone_tags,
1692                                 $2, bitlist, len)) {
1693                                 yyerror("out of memory");
1694                                 free($2);
1695                         }
1696                 }
1697         }
1698         ;
1699 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
1700         {
1701                 size_t len = 0;
1702                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1703                         &len);
1704                 free($3);
1705                 OUTYY(("P(server_access_control_tag:%s)\n", $2));
1706                 if(!bitlist)
1707                         yyerror("could not parse tags, (define-tag them first)");
1708                 if(bitlist) {
1709                         if(!cfg_strbytelist_insert(
1710                                 &cfg_parser->cfg->acl_tags,
1711                                 $2, bitlist, len)) {
1712                                 yyerror("out of memory");
1713                                 free($2);
1714                         }
1715                 }
1716         }
1717         ;
1718 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
1719         {
1720                 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
1721                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
1722                         $2, $3, $4)) {
1723                         yyerror("out of memory");
1724                         free($2);
1725                         free($3);
1726                         free($4);
1727                 }
1728         }
1729         ;
1730 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
1731         {
1732                 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
1733                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
1734                         $2, $3, $4)) {
1735                         yyerror("out of memory");
1736                         free($2);
1737                         free($3);
1738                         free($4);
1739                 }
1740         }
1741         ;
1742 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
1743         {
1744                 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
1745                 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
1746                         $2, $3, $4)) {
1747                         yyerror("out of memory");
1748                         free($2);
1749                         free($3);
1750                         free($4);
1751                 }
1752         }
1753         ;
1754 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
1755         {
1756                 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
1757                 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
1758                         $2, $3)) {
1759                         yyerror("out of memory");
1760                         free($2);
1761                         free($3);
1762                 }
1763         }
1764         ;
1765 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
1766         {
1767                 size_t len = 0;
1768                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1769                         &len);
1770                 free($3);
1771                 OUTYY(("P(response_ip_tag:%s)\n", $2));
1772                 if(!bitlist)
1773                         yyerror("could not parse tags, (define-tag them first)");
1774                 if(bitlist) {
1775                         if(!cfg_strbytelist_insert(
1776                                 &cfg_parser->cfg->respip_tags,
1777                                 $2, bitlist, len)) {
1778                                 yyerror("out of memory");
1779                                 free($2);
1780                         }
1781                 }
1782         }
1783         ;
1784 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
1785         {
1786                 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
1787                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1788                         yyerror("number expected");
1789                 else cfg_parser->cfg->ip_ratelimit = atoi($2);
1790                 free($2);
1791         }
1792         ;
1793
1794 server_ratelimit: VAR_RATELIMIT STRING_ARG
1795         {
1796                 OUTYY(("P(server_ratelimit:%s)\n", $2));
1797                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1798                         yyerror("number expected");
1799                 else cfg_parser->cfg->ratelimit = atoi($2);
1800                 free($2);
1801         }
1802         ;
1803 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
1804   {
1805         OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
1806         if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
1807                 yyerror("memory size expected");
1808         free($2);
1809   }
1810   ;
1811 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
1812         {
1813                 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
1814                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
1815                         yyerror("memory size expected");
1816                 free($2);
1817         }
1818         ;
1819 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
1820   {
1821         OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
1822         if(atoi($2) == 0)
1823                 yyerror("number expected");
1824         else {
1825                 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
1826                 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
1827                         yyerror("must be a power of 2");
1828         }
1829         free($2);
1830   }
1831   ;
1832 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
1833         {
1834                 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
1835                 if(atoi($2) == 0)
1836                         yyerror("number expected");
1837                 else {
1838                         cfg_parser->cfg->ratelimit_slabs = atoi($2);
1839                         if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
1840                                 yyerror("must be a power of 2");
1841                 }
1842                 free($2);
1843         }
1844         ;
1845 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
1846         {
1847                 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
1848                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1849                         yyerror("number expected");
1850                 } else {
1851                         if(!cfg_str2list_insert(&cfg_parser->cfg->
1852                                 ratelimit_for_domain, $2, $3))
1853                                 fatal_exit("out of memory adding "
1854                                         "ratelimit-for-domain");
1855                 }
1856         }
1857         ;
1858 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
1859         {
1860                 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
1861                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1862                         yyerror("number expected");
1863                 } else {
1864                         if(!cfg_str2list_insert(&cfg_parser->cfg->
1865                                 ratelimit_below_domain, $2, $3))
1866                                 fatal_exit("out of memory adding "
1867                                         "ratelimit-below-domain");
1868                 }
1869         }
1870         ;
1871 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
1872   {
1873         OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
1874         if(atoi($2) == 0 && strcmp($2, "0") != 0)
1875                 yyerror("number expected");
1876         else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
1877         free($2);
1878         }
1879         ;
1880 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
1881         {
1882                 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
1883                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1884                         yyerror("number expected");
1885                 else cfg_parser->cfg->ratelimit_factor = atoi($2);
1886                 free($2);
1887         }
1888         ;
1889 server_low_rtt: VAR_LOW_RTT STRING_ARG
1890         {
1891                 OUTYY(("P(server_low_rtt:%s)\n", $2));
1892                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1893                         yyerror("number expected");
1894                 else cfg_parser->cfg->low_rtt = atoi($2);
1895                 free($2);
1896         }
1897         ;
1898 server_low_rtt_permil: VAR_LOW_RTT_PERMIL STRING_ARG
1899         {
1900                 OUTYY(("P(server_low_rtt_permil:%s)\n", $2));
1901                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1902                         yyerror("number expected");
1903                 else cfg_parser->cfg->low_rtt_permil = atoi($2);
1904                 free($2);
1905         }
1906         ;
1907 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
1908         {
1909                 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
1910                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1911                         yyerror("expected yes or no.");
1912                 else cfg_parser->cfg->qname_minimisation =
1913                         (strcmp($2, "yes")==0);
1914                 free($2);
1915         }
1916         ;
1917 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
1918         {
1919                 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
1920                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1921                         yyerror("expected yes or no.");
1922                 else cfg_parser->cfg->qname_minimisation_strict =
1923                         (strcmp($2, "yes")==0);
1924                 free($2);
1925         }
1926         ;
1927 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
1928         {
1929         #ifdef USE_IPSECMOD
1930                 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
1931                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1932                         yyerror("expected yes or no.");
1933                 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
1934                 free($2);
1935         #else
1936                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1937         #endif
1938         }
1939         ;
1940 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
1941         {
1942         #ifdef USE_IPSECMOD
1943                 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
1944                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1945                         yyerror("expected yes or no.");
1946                 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
1947                 free($2);
1948         #else
1949                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1950         #endif
1951         }
1952         ;
1953 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
1954         {
1955         #ifdef USE_IPSECMOD
1956                 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
1957                 free(cfg_parser->cfg->ipsecmod_hook);
1958                 cfg_parser->cfg->ipsecmod_hook = $2;
1959         #else
1960                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1961         #endif
1962         }
1963         ;
1964 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
1965         {
1966         #ifdef USE_IPSECMOD
1967                 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
1968                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1969                         yyerror("number expected");
1970                 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
1971                 free($2);
1972         #else
1973                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1974         #endif
1975         }
1976         ;
1977 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
1978         {
1979         #ifdef USE_IPSECMOD
1980                 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
1981                 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
1982                         yyerror("out of memory");
1983         #else
1984                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1985         #endif
1986         }
1987         ;
1988 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
1989         {
1990         #ifdef USE_IPSECMOD
1991                 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
1992                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1993                         yyerror("expected yes or no.");
1994                 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
1995                 free($2);
1996         #else
1997                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1998         #endif
1999         }
2000         ;
2001 stub_name: VAR_NAME STRING_ARG
2002         {
2003                 OUTYY(("P(name:%s)\n", $2));
2004                 if(cfg_parser->cfg->stubs->name)
2005                         yyerror("stub name override, there must be one name "
2006                                 "for one stub-zone");
2007                 free(cfg_parser->cfg->stubs->name);
2008                 cfg_parser->cfg->stubs->name = $2;
2009         }
2010         ;
2011 stub_host: VAR_STUB_HOST STRING_ARG
2012         {
2013                 OUTYY(("P(stub-host:%s)\n", $2));
2014                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2015                         yyerror("out of memory");
2016         }
2017         ;
2018 stub_addr: VAR_STUB_ADDR STRING_ARG
2019         {
2020                 OUTYY(("P(stub-addr:%s)\n", $2));
2021                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2022                         yyerror("out of memory");
2023         }
2024         ;
2025 stub_first: VAR_STUB_FIRST STRING_ARG
2026         {
2027                 OUTYY(("P(stub-first:%s)\n", $2));
2028                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2029                         yyerror("expected yes or no.");
2030                 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2031                 free($2);
2032         }
2033         ;
2034 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2035         {
2036                 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2037                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2038                         yyerror("expected yes or no.");
2039                 else cfg_parser->cfg->stubs->ssl_upstream =
2040                         (strcmp($2, "yes")==0);
2041                 free($2);
2042         }
2043         ;
2044 stub_prime: VAR_STUB_PRIME STRING_ARG
2045         {
2046                 OUTYY(("P(stub-prime:%s)\n", $2));
2047                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2048                         yyerror("expected yes or no.");
2049                 else cfg_parser->cfg->stubs->isprime =
2050                         (strcmp($2, "yes")==0);
2051                 free($2);
2052         }
2053         ;
2054 forward_name: VAR_NAME STRING_ARG
2055         {
2056                 OUTYY(("P(name:%s)\n", $2));
2057                 if(cfg_parser->cfg->forwards->name)
2058                         yyerror("forward name override, there must be one "
2059                                 "name for one forward-zone");
2060                 free(cfg_parser->cfg->forwards->name);
2061                 cfg_parser->cfg->forwards->name = $2;
2062         }
2063         ;
2064 forward_host: VAR_FORWARD_HOST STRING_ARG
2065         {
2066                 OUTYY(("P(forward-host:%s)\n", $2));
2067                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2068                         yyerror("out of memory");
2069         }
2070         ;
2071 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2072         {
2073                 OUTYY(("P(forward-addr:%s)\n", $2));
2074                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2075                         yyerror("out of memory");
2076         }
2077         ;
2078 forward_first: VAR_FORWARD_FIRST STRING_ARG
2079         {
2080                 OUTYY(("P(forward-first:%s)\n", $2));
2081                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2082                         yyerror("expected yes or no.");
2083                 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2084                 free($2);
2085         }
2086         ;
2087 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2088         {
2089                 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2090                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2091                         yyerror("expected yes or no.");
2092                 else cfg_parser->cfg->forwards->ssl_upstream =
2093                         (strcmp($2, "yes")==0);
2094                 free($2);
2095         }
2096         ;
2097 auth_name: VAR_NAME STRING_ARG
2098         {
2099                 OUTYY(("P(name:%s)\n", $2));
2100                 if(cfg_parser->cfg->auths->name)
2101                         yyerror("auth name override, there must be one name "
2102                                 "for one auth-zone");
2103                 free(cfg_parser->cfg->auths->name);
2104                 cfg_parser->cfg->auths->name = $2;
2105         }
2106         ;
2107 auth_zonefile: VAR_ZONEFILE STRING_ARG
2108         {
2109                 OUTYY(("P(zonefile:%s)\n", $2));
2110                 free(cfg_parser->cfg->auths->zonefile);
2111                 cfg_parser->cfg->auths->zonefile = $2;
2112         }
2113         ;
2114 auth_master: VAR_MASTER STRING_ARG
2115         {
2116                 OUTYY(("P(master:%s)\n", $2));
2117                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2118                         yyerror("out of memory");
2119         }
2120         ;
2121 auth_url: VAR_URL STRING_ARG
2122         {
2123                 OUTYY(("P(url:%s)\n", $2));
2124                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2125                         yyerror("out of memory");
2126         }
2127         ;
2128 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2129         {
2130                 OUTYY(("P(allow-notify:%s)\n", $2));
2131                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2132                         $2))
2133                         yyerror("out of memory");
2134         }
2135         ;
2136 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2137         {
2138                 OUTYY(("P(for-downstream:%s)\n", $2));
2139                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140                         yyerror("expected yes or no.");
2141                 else cfg_parser->cfg->auths->for_downstream =
2142                         (strcmp($2, "yes")==0);
2143                 free($2);
2144         }
2145         ;
2146 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2147         {
2148                 OUTYY(("P(for-upstream:%s)\n", $2));
2149                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2150                         yyerror("expected yes or no.");
2151                 else cfg_parser->cfg->auths->for_upstream =
2152                         (strcmp($2, "yes")==0);
2153                 free($2);
2154         }
2155         ;
2156 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2157         {
2158                 OUTYY(("P(fallback-enabled:%s)\n", $2));
2159                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2160                         yyerror("expected yes or no.");
2161                 else cfg_parser->cfg->auths->fallback_enabled =
2162                         (strcmp($2, "yes")==0);
2163                 free($2);
2164         }
2165         ;
2166 view_name: VAR_NAME STRING_ARG
2167         {
2168                 OUTYY(("P(name:%s)\n", $2));
2169                 if(cfg_parser->cfg->views->name)
2170                         yyerror("view name override, there must be one "
2171                                 "name for one view");
2172                 free(cfg_parser->cfg->views->name);
2173                 cfg_parser->cfg->views->name = $2;
2174         }
2175         ;
2176 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2177         {
2178                 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2179                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2180                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2181                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2182                    && strcmp($3, "typetransparent")!=0
2183                    && strcmp($3, "always_transparent")!=0
2184                    && strcmp($3, "always_refuse")!=0
2185                    && strcmp($3, "always_nxdomain")!=0
2186                    && strcmp($3, "noview")!=0
2187                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
2188                         yyerror("local-zone type: expected static, deny, "
2189                                 "refuse, redirect, transparent, "
2190                                 "typetransparent, inform, inform_deny, "
2191                                 "always_transparent, always_refuse, "
2192                                 "always_nxdomain, noview or nodefault");
2193                 else if(strcmp($3, "nodefault")==0) {
2194                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2195                                 local_zones_nodefault, $2))
2196                                 fatal_exit("out of memory adding local-zone");
2197                         free($3);
2198                 } else {
2199                         if(!cfg_str2list_insert(
2200                                 &cfg_parser->cfg->views->local_zones,
2201                                 $2, $3))
2202                                 fatal_exit("out of memory adding local-zone");
2203                 }
2204         }
2205         ;
2206 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2207         {
2208                 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2209                 validate_respip_action($3);
2210                 if(!cfg_str2list_insert(
2211                         &cfg_parser->cfg->views->respip_actions, $2, $3))
2212                         fatal_exit("out of memory adding per-view "
2213                                 "response-ip action");
2214         }
2215         ;
2216 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2217         {
2218                 OUTYY(("P(view_response_ip_data:%s)\n", $2));
2219                 if(!cfg_str2list_insert(
2220                         &cfg_parser->cfg->views->respip_data, $2, $3))
2221                         fatal_exit("out of memory adding response-ip-data");
2222         }
2223         ;
2224 view_local_data: VAR_LOCAL_DATA STRING_ARG
2225         {
2226                 OUTYY(("P(view_local_data:%s)\n", $2));
2227                 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2228                         fatal_exit("out of memory adding local-data");
2229                         free($2);
2230                 }
2231         }
2232         ;
2233 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2234         {
2235                 char* ptr;
2236                 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2237                 ptr = cfg_ptr_reverse($2);
2238                 free($2);
2239                 if(ptr) {
2240                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2241                                 local_data, ptr))
2242                                 fatal_exit("out of memory adding local-data");
2243                 } else {
2244                         yyerror("local-data-ptr could not be reversed");
2245                 }
2246         }
2247         ;
2248 view_first: VAR_VIEW_FIRST STRING_ARG
2249         {
2250                 OUTYY(("P(view-first:%s)\n", $2));
2251                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2252                         yyerror("expected yes or no.");
2253                 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2254                 free($2);
2255         }
2256         ;
2257 rcstart: VAR_REMOTE_CONTROL
2258         {
2259                 OUTYY(("\nP(remote-control:)\n"));
2260         }
2261         ;
2262 contents_rc: contents_rc content_rc
2263         | ;
2264 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2265         rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2266         rc_control_cert_file | rc_control_use_cert
2267         ;
2268 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2269         {
2270                 OUTYY(("P(control_enable:%s)\n", $2));
2271                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2272                         yyerror("expected yes or no.");
2273                 else cfg_parser->cfg->remote_control_enable =
2274                         (strcmp($2, "yes")==0);
2275                 free($2);
2276         }
2277         ;
2278 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2279         {
2280                 OUTYY(("P(control_port:%s)\n", $2));
2281                 if(atoi($2) == 0)
2282                         yyerror("control port number expected");
2283                 else cfg_parser->cfg->control_port = atoi($2);
2284                 free($2);
2285         }
2286         ;
2287 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2288         {
2289                 OUTYY(("P(control_interface:%s)\n", $2));
2290                 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2291                         yyerror("out of memory");
2292         }
2293         ;
2294 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2295         {
2296                 OUTYY(("P(control_use_cert:%s)\n", $2));
2297                 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2298                 free($2);
2299         }
2300         ;
2301 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2302         {
2303                 OUTYY(("P(rc_server_key_file:%s)\n", $2));
2304                 free(cfg_parser->cfg->server_key_file);
2305                 cfg_parser->cfg->server_key_file = $2;
2306         }
2307         ;
2308 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2309         {
2310                 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2311                 free(cfg_parser->cfg->server_cert_file);
2312                 cfg_parser->cfg->server_cert_file = $2;
2313         }
2314         ;
2315 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2316         {
2317                 OUTYY(("P(rc_control_key_file:%s)\n", $2));
2318                 free(cfg_parser->cfg->control_key_file);
2319                 cfg_parser->cfg->control_key_file = $2;
2320         }
2321         ;
2322 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2323         {
2324                 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2325                 free(cfg_parser->cfg->control_cert_file);
2326                 cfg_parser->cfg->control_cert_file = $2;
2327         }
2328         ;
2329 dtstart: VAR_DNSTAP
2330         {
2331                 OUTYY(("\nP(dnstap:)\n"));
2332         }
2333         ;
2334 contents_dt: contents_dt content_dt
2335         | ;
2336 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2337         dt_dnstap_send_identity | dt_dnstap_send_version |
2338         dt_dnstap_identity | dt_dnstap_version |
2339         dt_dnstap_log_resolver_query_messages |
2340         dt_dnstap_log_resolver_response_messages |
2341         dt_dnstap_log_client_query_messages |
2342         dt_dnstap_log_client_response_messages |
2343         dt_dnstap_log_forwarder_query_messages |
2344         dt_dnstap_log_forwarder_response_messages
2345         ;
2346 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2347         {
2348                 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2349                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2350                         yyerror("expected yes or no.");
2351                 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2352         }
2353         ;
2354 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2355         {
2356                 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2357                 free(cfg_parser->cfg->dnstap_socket_path);
2358                 cfg_parser->cfg->dnstap_socket_path = $2;
2359         }
2360         ;
2361 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2362         {
2363                 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2364                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2365                         yyerror("expected yes or no.");
2366                 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2367         }
2368         ;
2369 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2370         {
2371                 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2372                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2373                         yyerror("expected yes or no.");
2374                 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2375         }
2376         ;
2377 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2378         {
2379                 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2380                 free(cfg_parser->cfg->dnstap_identity);
2381                 cfg_parser->cfg->dnstap_identity = $2;
2382         }
2383         ;
2384 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2385         {
2386                 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2387                 free(cfg_parser->cfg->dnstap_version);
2388                 cfg_parser->cfg->dnstap_version = $2;
2389         }
2390         ;
2391 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2392         {
2393                 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2394                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2395                         yyerror("expected yes or no.");
2396                 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2397                         (strcmp($2, "yes")==0);
2398         }
2399         ;
2400 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2401         {
2402                 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2403                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2404                         yyerror("expected yes or no.");
2405                 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2406                         (strcmp($2, "yes")==0);
2407         }
2408         ;
2409 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2410         {
2411                 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2412                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2413                         yyerror("expected yes or no.");
2414                 else cfg_parser->cfg->dnstap_log_client_query_messages =
2415                         (strcmp($2, "yes")==0);
2416         }
2417         ;
2418 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2419         {
2420                 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2421                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2422                         yyerror("expected yes or no.");
2423                 else cfg_parser->cfg->dnstap_log_client_response_messages =
2424                         (strcmp($2, "yes")==0);
2425         }
2426         ;
2427 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2428         {
2429                 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2430                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2431                         yyerror("expected yes or no.");
2432                 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2433                         (strcmp($2, "yes")==0);
2434         }
2435         ;
2436 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2437         {
2438                 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2439                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2440                         yyerror("expected yes or no.");
2441                 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2442                         (strcmp($2, "yes")==0);
2443         }
2444         ;
2445 pythonstart: VAR_PYTHON
2446         {
2447                 OUTYY(("\nP(python:)\n"));
2448         }
2449         ;
2450 contents_py: contents_py content_py
2451         | ;
2452 content_py: py_script
2453         ;
2454 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2455         {
2456                 OUTYY(("P(python-script:%s)\n", $2));
2457                 free(cfg_parser->cfg->python_script);
2458                 cfg_parser->cfg->python_script = $2;
2459         }
2460 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2461         {
2462                 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2463                 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2464                         yyerror("expected yes or no.");
2465                 else cfg_parser->cfg->disable_dnssec_lame_check =
2466                         (strcmp($2, "yes")==0);
2467                 free($2);
2468         }
2469         ;
2470 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2471         {
2472                 OUTYY(("P(server_log_identity:%s)\n", $2));
2473                 free(cfg_parser->cfg->log_identity);
2474                 cfg_parser->cfg->log_identity = $2;
2475         }
2476         ;
2477 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2478         {
2479                 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2480                 validate_respip_action($3);
2481                 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2482                         $2, $3))
2483                         fatal_exit("out of memory adding response-ip");
2484         }
2485         ;
2486 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2487         {
2488                 OUTYY(("P(server_response_ip_data:%s)\n", $2));
2489                         if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2490                                 $2, $3))
2491                                 fatal_exit("out of memory adding response-ip-data");
2492         }
2493         ;
2494 dnscstart: VAR_DNSCRYPT
2495         {
2496                 OUTYY(("\nP(dnscrypt:)\n"));
2497                 OUTYY(("\nP(dnscrypt:)\n"));
2498         }
2499         ;
2500 contents_dnsc: contents_dnsc content_dnsc
2501         | ;
2502 content_dnsc:
2503         dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2504         dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2505         dnsc_dnscrypt_provider_cert_rotated |
2506         dnsc_dnscrypt_shared_secret_cache_size |
2507         dnsc_dnscrypt_shared_secret_cache_slabs |
2508         dnsc_dnscrypt_nonce_cache_size |
2509         dnsc_dnscrypt_nonce_cache_slabs
2510         ;
2511 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2512         {
2513                 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2514                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2515                         yyerror("expected yes or no.");
2516                 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2517                 free($2);
2518         }
2519         ;
2520
2521 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2522         {
2523                 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2524
2525                 if(atoi($2) == 0)
2526                         yyerror("port number expected");
2527                 else cfg_parser->cfg->dnscrypt_port = atoi($2);
2528                 free($2);
2529         }
2530         ;
2531 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2532         {
2533                 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2534                 free(cfg_parser->cfg->dnscrypt_provider);
2535                 cfg_parser->cfg->dnscrypt_provider = $2;
2536         }
2537         ;
2538 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2539         {
2540                 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2541                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2542                         log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2543                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2544                         fatal_exit("out of memory adding dnscrypt-provider-cert");
2545         }
2546         ;
2547 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2548         {
2549                 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2550                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2551                         fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2552         }
2553         ;
2554 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2555         {
2556                 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2557                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2558                         log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2559                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2560                         fatal_exit("out of memory adding dnscrypt-secret-key");
2561         }
2562         ;
2563 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2564   {
2565         OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2566         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2567                 yyerror("memory size expected");
2568         free($2);
2569   }
2570   ;
2571 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2572   {
2573         OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2574         if(atoi($2) == 0)
2575                 yyerror("number expected");
2576         else {
2577                 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2578                 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2579                         yyerror("must be a power of 2");
2580         }
2581         free($2);
2582   }
2583   ;
2584 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2585   {
2586         OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2587         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2588                 yyerror("memory size expected");
2589         free($2);
2590   }
2591   ;
2592 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2593   {
2594         OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2595         if(atoi($2) == 0)
2596                 yyerror("number expected");
2597         else {
2598                 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2599                 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2600                         yyerror("must be a power of 2");
2601         }
2602         free($2);
2603   }
2604   ;
2605 cachedbstart: VAR_CACHEDB
2606         {
2607                 OUTYY(("\nP(cachedb:)\n"));
2608         }
2609         ;
2610 contents_cachedb: contents_cachedb content_cachedb
2611         | ;
2612 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
2613         redis_server_host | redis_server_port | redis_timeout
2614         ;
2615 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
2616         {
2617         #ifdef USE_CACHEDB
2618                 OUTYY(("P(backend:%s)\n", $2));
2619                 if(cfg_parser->cfg->cachedb_backend)
2620                         yyerror("cachedb backend override, there must be one "
2621                                 "backend");
2622                 free(cfg_parser->cfg->cachedb_backend);
2623                 cfg_parser->cfg->cachedb_backend = $2;
2624         #else
2625                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2626         #endif
2627         }
2628         ;
2629 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
2630         {
2631         #ifdef USE_CACHEDB
2632                 OUTYY(("P(secret-seed:%s)\n", $2));
2633                 if(cfg_parser->cfg->cachedb_secret)
2634                         yyerror("cachedb secret-seed override, there must be "
2635                                 "only one secret");
2636                 free(cfg_parser->cfg->cachedb_secret);
2637                 cfg_parser->cfg->cachedb_secret = $2;
2638         #else
2639                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2640                 free($2);
2641         #endif
2642         }
2643         ;
2644 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
2645         {
2646         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2647                 OUTYY(("P(redis_server_host:%s)\n", $2));
2648                 free(cfg_parser->cfg->redis_server_host);
2649                 cfg_parser->cfg->redis_server_host = $2;
2650         #else
2651                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2652                 free($2);
2653         #endif
2654         }
2655         ;
2656 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
2657         {
2658         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2659                 int port;
2660                 OUTYY(("P(redis_server_port:%s)\n", $2));
2661                 port = atoi($2);
2662                 if(port == 0 || port < 0 || port > 65535)
2663                         yyerror("valid redis server port number expected");
2664                 else cfg_parser->cfg->redis_server_port = port;
2665         #else
2666                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2667         #endif
2668                 free($2);
2669         }
2670         ;
2671 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
2672         {
2673         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2674                 OUTYY(("P(redis_timeout:%s)\n", $2));
2675                 if(atoi($2) == 0)
2676                         yyerror("redis timeout value expected");
2677                 else cfg_parser->cfg->redis_timeout = atoi($2);
2678         #else
2679                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2680         #endif
2681                 free($2);
2682         }
2683         ;
2684 %%
2685
2686 /* parse helper routines could be here */
2687 static void
2688 validate_respip_action(const char* action)
2689 {
2690         if(strcmp(action, "deny")!=0 &&
2691                 strcmp(action, "redirect")!=0 &&
2692                 strcmp(action, "inform")!=0 &&
2693                 strcmp(action, "inform_deny")!=0 &&
2694                 strcmp(action, "always_transparent")!=0 &&
2695                 strcmp(action, "always_refuse")!=0 &&
2696                 strcmp(action, "always_nxdomain")!=0)
2697         {
2698                 yyerror("response-ip action: expected deny, redirect, "
2699                         "inform, inform_deny, always_transparent, "
2700                         "always_refuse or always_nxdomain");
2701         }
2702 }