util/configparser.y

   1 /*
   2  * configparser.y -- yacc grammar for unbound configuration files
   3  *
   4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
   5  *
   6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
   7  *
   8  * This software is open source.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  *
  14  * Redistributions of source code must retain the above copyright notice,
  15  * this list of conditions and the following disclaimer.
  16  *
  17  * Redistributions in binary form must reproduce the above copyright notice,
  18  * this list of conditions and the following disclaimer in the documentation
  19  * and/or other materials provided with the distribution.
  20  *
  21  * Neither the name of the NLNET LABS nor the names of its contributors may
  22  * be used to endorse or promote products derived from this software without
  23  * specific prior written permission.
  24  *
  25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
  31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36  */
  37
  38 %{
  39 #include "config.h"
  40
  41 #include <stdarg.h>
  42 #include <stdio.h>
  43 #include <string.h>
  44 #include <stdlib.h>
  45 #include <assert.h>
  46
  47 #include "util/configyyrename.h"
  48 #include "util/config_file.h"
  49 #include "util/net_help.h"
  50
  51 int ub_c_lex(void);
  52 void ub_c_error(const char *message);
  53
  54 static void validate_respip_action(const char* action);
  55
  56 /* these need to be global, otherwise they cannot be used inside yacc */
  57 extern struct config_parser_state* cfg_parser;
  58
  59 #if 0
  60 #define OUTYY(s)  printf s /* used ONLY when debugging */
  61 #else
  62 #define OUTYY(s)
  63 #endif
  64
  65 %}
  66 %union {
  67         char*   str;
  68 };
  69
  70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
  71 %token <str> STRING_ARG
  72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
  73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
  74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
  75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
  76 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
  77 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
  78 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
  79 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
  80 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
  81 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
  82 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
  83 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
  84 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
  85 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
  86 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
  87 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
  88 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
  89 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
  90 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
  91 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
  92 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
  93 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
  94 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
  95 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
  96 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
  97 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
  98 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
  99 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
 100 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
 101 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
 102 %token VAR_CONTROL_USE_CERT
 103 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
 104 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
 105 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
 106 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
 107 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
 108 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
 109 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
 110 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
 111 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
 112 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
 113 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
 114 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
 115 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
 116 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
 117 %token VAR_INFRA_CACHE_MIN_RTT
 118 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
 119 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
 120 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
 121 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
 122 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
 123 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
 124 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
 125 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
 126 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
 127 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
 128 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
 129 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
 130 %token VAR_DISABLE_DNSSEC_LAME_CHECK
 131 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
 132 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
 133 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
 134 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
 135 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
 136 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
 137 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
 138 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
 139 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
 140 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
 141 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
 142 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
 143 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
 144 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_FAKE_DSA VAR_FAKE_SHA1
 145 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
 146 %token VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
 147 %token VAR_ROOT_KEY_SENTINEL
 148 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
 149 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
 150 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
 151 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
 152 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
 153 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
 154 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
 155 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
 156 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
 157 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
 158 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
 159 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
 160 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
 161 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
 162 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
 163 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL
 164
 165 %%
 166 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
 167 toplevelvar: serverstart contents_server | stubstart contents_stub |
 168         forwardstart contents_forward | pythonstart contents_py |
 169         rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
 170         dnscstart contents_dnsc | cachedbstart contents_cachedb |
 171         authstart contents_auth
 172         ;
 173
 174 /* server: declaration */
 175 serverstart: VAR_SERVER
 176         {
 177                 OUTYY(("\nP(server:)\n"));
 178         }
 179         ;
 180 contents_server: contents_server content_server
 181         | ;
 182 content_server: server_num_threads | server_verbosity | server_port |
 183         server_outgoing_range | server_do_ip4 |
 184         server_do_ip6 | server_prefer_ip6 |
 185         server_do_udp | server_do_tcp |
 186         server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
 187         server_tcp_keepalive | server_tcp_keepalive_timeout |
 188         server_interface | server_chroot | server_username |
 189         server_directory | server_logfile | server_pidfile |
 190         server_msg_cache_size | server_msg_cache_slabs |
 191         server_num_queries_per_thread | server_rrset_cache_size |
 192         server_rrset_cache_slabs | server_outgoing_num_tcp |
 193         server_infra_host_ttl | server_infra_lame_ttl |
 194         server_infra_cache_slabs | server_infra_cache_numhosts |
 195         server_infra_cache_lame_size | server_target_fetch_policy |
 196         server_harden_short_bufsize | server_harden_large_queries |
 197         server_do_not_query_address | server_hide_identity |
 198         server_hide_version | server_identity | server_version |
 199         server_harden_glue | server_module_conf | server_trust_anchor_file |
 200         server_trust_anchor | server_val_override_date | server_bogus_ttl |
 201         server_val_clean_additional | server_val_permissive_mode |
 202         server_incoming_num_tcp | server_msg_buffer_size |
 203         server_key_cache_size | server_key_cache_slabs |
 204         server_trusted_keys_file | server_val_nsec3_keysize_iterations |
 205         server_use_syslog | server_outgoing_interface | server_root_hints |
 206         server_do_not_query_localhost | server_cache_max_ttl |
 207         server_harden_dnssec_stripped | server_access_control |
 208         server_local_zone | server_local_data | server_interface_automatic |
 209         server_statistics_interval | server_do_daemonize |
 210         server_use_caps_for_id | server_statistics_cumulative |
 211         server_outgoing_port_permit | server_outgoing_port_avoid |
 212         server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
 213         server_harden_referral_path | server_private_address |
 214         server_private_domain | server_extended_statistics |
 215         server_local_data_ptr | server_jostle_timeout |
 216         server_unwanted_reply_threshold | server_log_time_ascii |
 217         server_domain_insecure | server_val_sig_skew_min |
 218         server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
 219         server_auto_trust_anchor_file | server_add_holddown |
 220         server_del_holddown | server_keep_missing | server_so_rcvbuf |
 221         server_edns_buffer_size | server_prefetch | server_prefetch_key |
 222         server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
 223         server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
 224         server_log_local_actions |
 225         server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
 226         server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
 227         server_so_reuseport | server_delay_close |
 228         server_unblock_lan_zones | server_insecure_lan_zones |
 229         server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
 230         server_infra_cache_min_rtt | server_harden_algo_downgrade |
 231         server_ip_transparent | server_ip_ratelimit | server_ratelimit |
 232         server_ip_ratelimit_slabs | server_ratelimit_slabs |
 233         server_ip_ratelimit_size | server_ratelimit_size |
 234         server_ratelimit_for_domain |
 235         server_ratelimit_below_domain | server_ratelimit_factor |
 236         server_ip_ratelimit_factor | server_send_client_subnet |
 237         server_client_subnet_zone | server_client_subnet_always_forward |
 238         server_client_subnet_opcode |
 239         server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
 240         server_caps_whitelist | server_cache_max_negative_ttl |
 241         server_permit_small_holddown | server_qname_minimisation |
 242         server_ip_freebind | server_define_tag | server_local_zone_tag |
 243         server_disable_dnssec_lame_check | server_access_control_tag |
 244         server_local_zone_override | server_access_control_tag_action |
 245         server_access_control_tag_data | server_access_control_view |
 246         server_qname_minimisation_strict | server_serve_expired |
 247         server_serve_expired_ttl | server_serve_expired_ttl_reset |
 248         server_fake_dsa | server_log_identity | server_use_systemd |
 249         server_response_ip_tag | server_response_ip | server_response_ip_data |
 250         server_shm_enable | server_shm_key | server_fake_sha1 |
 251         server_hide_trustanchor | server_trust_anchor_signaling |
 252         server_root_key_sentinel |
 253         server_ipsecmod_enabled | server_ipsecmod_hook |
 254         server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
 255         server_ipsecmod_whitelist | server_ipsecmod_strict |
 256         server_udp_upstream_without_downstream | server_aggressive_nsec |
 257         server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
 258         server_low_rtt_permil | server_tls_win_cert |
 259         server_tcp_connection_limit | server_log_servfail
 260         ;
 261 stubstart: VAR_STUB_ZONE
 262         {
 263                 struct config_stub* s;
 264                 OUTYY(("\nP(stub_zone:)\n"));
 265                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
 266                 if(s) {
 267                         s->next = cfg_parser->cfg->stubs;
 268                         cfg_parser->cfg->stubs = s;
 269                 } else
 270                         yyerror("out of memory");
 271         }
 272         ;
 273 contents_stub: contents_stub content_stub
 274         | ;
 275 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
 276         stub_no_cache | stub_ssl_upstream
 277         ;
 278 forwardstart: VAR_FORWARD_ZONE
 279         {
 280                 struct config_stub* s;
 281                 OUTYY(("\nP(forward_zone:)\n"));
 282                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
 283                 if(s) {
 284                         s->next = cfg_parser->cfg->forwards;
 285                         cfg_parser->cfg->forwards = s;
 286                 } else
 287                         yyerror("out of memory");
 288         }
 289         ;
 290 contents_forward: contents_forward content_forward
 291         | ;
 292 content_forward: forward_name | forward_host | forward_addr | forward_first |
 293         forward_no_cache | forward_ssl_upstream
 294         ;
 295 viewstart: VAR_VIEW
 296         {
 297                 struct config_view* s;
 298                 OUTYY(("\nP(view:)\n"));
 299                 s = (struct config_view*)calloc(1, sizeof(struct config_view));
 300                 if(s) {
 301                         s->next = cfg_parser->cfg->views;
 302                         if(s->next && !s->next->name)
 303                                 yyerror("view without name");
 304                         cfg_parser->cfg->views = s;
 305                 } else
 306                         yyerror("out of memory");
 307         }
 308         ;
 309 contents_view: contents_view content_view
 310         | ;
 311 content_view: view_name | view_local_zone | view_local_data | view_first |
 312                 view_response_ip | view_response_ip_data | view_local_data_ptr
 313         ;
 314 authstart: VAR_AUTH_ZONE
 315         {
 316                 struct config_auth* s;
 317                 OUTYY(("\nP(auth_zone:)\n"));
 318                 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
 319                 if(s) {
 320                         s->next = cfg_parser->cfg->auths;
 321                         cfg_parser->cfg->auths = s;
 322                         /* defaults for auth zone */
 323                         s->for_downstream = 1;
 324                         s->for_upstream = 1;
 325                         s->fallback_enabled = 0;
 326                 } else
 327                         yyerror("out of memory");
 328         }
 329         ;
 330 contents_auth: contents_auth content_auth
 331         | ;
 332 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
 333         auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
 334         auth_allow_notify
 335         ;
 336 server_num_threads: VAR_NUM_THREADS STRING_ARG
 337         {
 338                 OUTYY(("P(server_num_threads:%s)\n", $2));
 339                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 340                         yyerror("number expected");
 341                 else cfg_parser->cfg->num_threads = atoi($2);
 342                 free($2);
 343         }
 344         ;
 345 server_verbosity: VAR_VERBOSITY STRING_ARG
 346         {
 347                 OUTYY(("P(server_verbosity:%s)\n", $2));
 348                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 349                         yyerror("number expected");
 350                 else cfg_parser->cfg->verbosity = atoi($2);
 351                 free($2);
 352         }
 353         ;
 354 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
 355         {
 356                 OUTYY(("P(server_statistics_interval:%s)\n", $2));
 357                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
 358                         cfg_parser->cfg->stat_interval = 0;
 359                 else if(atoi($2) == 0)
 360                         yyerror("number expected");
 361                 else cfg_parser->cfg->stat_interval = atoi($2);
 362                 free($2);
 363         }
 364         ;
 365 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
 366         {
 367                 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
 368                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 369                         yyerror("expected yes or no.");
 370                 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
 371                 free($2);
 372         }
 373         ;
 374 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
 375         {
 376                 OUTYY(("P(server_extended_statistics:%s)\n", $2));
 377                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 378                         yyerror("expected yes or no.");
 379                 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
 380                 free($2);
 381         }
 382         ;
 383 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
 384         {
 385                 OUTYY(("P(server_shm_enable:%s)\n", $2));
 386                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 387                         yyerror("expected yes or no.");
 388                 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
 389                 free($2);
 390         }
 391         ;
 392 server_shm_key: VAR_SHM_KEY STRING_ARG
 393         {
 394                 OUTYY(("P(server_shm_key:%s)\n", $2));
 395                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
 396                         cfg_parser->cfg->shm_key = 0;
 397                 else if(atoi($2) == 0)
 398                         yyerror("number expected");
 399                 else cfg_parser->cfg->shm_key = atoi($2);
 400                 free($2);
 401         }
 402         ;
 403 server_port: VAR_PORT STRING_ARG
 404         {
 405                 OUTYY(("P(server_port:%s)\n", $2));
 406                 if(atoi($2) == 0)
 407                         yyerror("port number expected");
 408                 else cfg_parser->cfg->port = atoi($2);
 409                 free($2);
 410         }
 411         ;
 412 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
 413         {
 414         #ifdef CLIENT_SUBNET
 415                 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
 416                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
 417                         fatal_exit("out of memory adding client-subnet");
 418         #else
 419                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 420         #endif
 421         }
 422         ;
 423 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
 424         {
 425         #ifdef CLIENT_SUBNET
 426                 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
 427                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
 428                         $2))
 429                         fatal_exit("out of memory adding client-subnet-zone");
 430         #else
 431                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 432         #endif
 433         }
 434         ;
 435 server_client_subnet_always_forward:
 436         VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
 437         {
 438         #ifdef CLIENT_SUBNET
 439                 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
 440                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 441                         yyerror("expected yes or no.");
 442                 else
 443                         cfg_parser->cfg->client_subnet_always_forward =
 444                                 (strcmp($2, "yes")==0);
 445         #else
 446                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 447         #endif
 448                 free($2);
 449         }
 450         ;
 451 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
 452         {
 453         #ifdef CLIENT_SUBNET
 454                 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
 455                 OUTYY(("P(Deprecated option, ignoring)\n"));
 456         #else
 457                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 458         #endif
 459                 free($2);
 460         }
 461         ;
 462 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
 463         {
 464         #ifdef CLIENT_SUBNET
 465                 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
 466                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 467                         yyerror("IPv4 subnet length expected");
 468                 else if (atoi($2) > 32)
 469                         cfg_parser->cfg->max_client_subnet_ipv4 = 32;
 470                 else if (atoi($2) < 0)
 471                         cfg_parser->cfg->max_client_subnet_ipv4 = 0;
 472                 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
 473         #else
 474                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 475         #endif
 476                 free($2);
 477         }
 478         ;
 479 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
 480         {
 481         #ifdef CLIENT_SUBNET
 482                 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
 483                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 484                         yyerror("Ipv6 subnet length expected");
 485                 else if (atoi($2) > 128)
 486                         cfg_parser->cfg->max_client_subnet_ipv6 = 128;
 487                 else if (atoi($2) < 0)
 488                         cfg_parser->cfg->max_client_subnet_ipv6 = 0;
 489                 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
 490         #else
 491                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 492         #endif
 493                 free($2);
 494         }
 495         ;
 496 server_interface: VAR_INTERFACE STRING_ARG
 497         {
 498                 OUTYY(("P(server_interface:%s)\n", $2));
 499                 if(cfg_parser->cfg->num_ifs == 0)
 500                         cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
 501                 else    cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
 502                                 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
 503                 if(!cfg_parser->cfg->ifs)
 504                         yyerror("out of memory");
 505                 else
 506                         cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
 507         }
 508         ;
 509 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
 510         {
 511                 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
 512                 if(cfg_parser->cfg->num_out_ifs == 0)
 513                         cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
 514                 else    cfg_parser->cfg->out_ifs = realloc(
 515                         cfg_parser->cfg->out_ifs,
 516                         (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
 517                 if(!cfg_parser->cfg->out_ifs)
 518                         yyerror("out of memory");
 519                 else
 520                         cfg_parser->cfg->out_ifs[
 521                                 cfg_parser->cfg->num_out_ifs++] = $2;
 522         }
 523         ;
 524 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
 525         {
 526                 OUTYY(("P(server_outgoing_range:%s)\n", $2));
 527                 if(atoi($2) == 0)
 528                         yyerror("number expected");
 529                 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
 530                 free($2);
 531         }
 532         ;
 533 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
 534         {
 535                 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
 536                 if(!cfg_mark_ports($2, 1,
 537                         cfg_parser->cfg->outgoing_avail_ports, 65536))
 538                         yyerror("port number or range (\"low-high\") expected");
 539                 free($2);
 540         }
 541         ;
 542 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
 543         {
 544                 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
 545                 if(!cfg_mark_ports($2, 0,
 546                         cfg_parser->cfg->outgoing_avail_ports, 65536))
 547                         yyerror("port number or range (\"low-high\") expected");
 548                 free($2);
 549         }
 550         ;
 551 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
 552         {
 553                 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
 554                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 555                         yyerror("number expected");
 556                 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
 557                 free($2);
 558         }
 559         ;
 560 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
 561         {
 562                 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
 563                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 564                         yyerror("number expected");
 565                 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
 566                 free($2);
 567         }
 568         ;
 569 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
 570         {
 571                 OUTYY(("P(server_interface_automatic:%s)\n", $2));
 572                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 573                         yyerror("expected yes or no.");
 574                 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
 575                 free($2);
 576         }
 577         ;
 578 server_do_ip4: VAR_DO_IP4 STRING_ARG
 579         {
 580                 OUTYY(("P(server_do_ip4:%s)\n", $2));
 581                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 582                         yyerror("expected yes or no.");
 583                 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
 584                 free($2);
 585         }
 586         ;
 587 server_do_ip6: VAR_DO_IP6 STRING_ARG
 588         {
 589                 OUTYY(("P(server_do_ip6:%s)\n", $2));
 590                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 591                         yyerror("expected yes or no.");
 592                 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
 593                 free($2);
 594         }
 595         ;
 596 server_do_udp: VAR_DO_UDP STRING_ARG
 597         {
 598                 OUTYY(("P(server_do_udp:%s)\n", $2));
 599                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 600                         yyerror("expected yes or no.");
 601                 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
 602                 free($2);
 603         }
 604         ;
 605 server_do_tcp: VAR_DO_TCP STRING_ARG
 606         {
 607                 OUTYY(("P(server_do_tcp:%s)\n", $2));
 608                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 609                         yyerror("expected yes or no.");
 610                 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
 611                 free($2);
 612         }
 613         ;
 614 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
 615         {
 616                 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
 617                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 618                         yyerror("expected yes or no.");
 619                 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
 620                 free($2);
 621         }
 622         ;
 623 server_tcp_mss: VAR_TCP_MSS STRING_ARG
 624         {
 625                 OUTYY(("P(server_tcp_mss:%s)\n", $2));
 626                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 627                         yyerror("number expected");
 628                 else cfg_parser->cfg->tcp_mss = atoi($2);
 629                 free($2);
 630         }
 631         ;
 632 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
 633         {
 634                 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
 635                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 636                         yyerror("number expected");
 637                 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
 638                 free($2);
 639         }
 640         ;
 641 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
 642         {
 643                 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
 644                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 645                         yyerror("number expected");
 646                 else if (atoi($2) > 120000)
 647                         cfg_parser->cfg->tcp_idle_timeout = 120000;
 648                 else if (atoi($2) < 1)
 649                         cfg_parser->cfg->tcp_idle_timeout = 1;
 650                 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
 651                 free($2);
 652         }
 653         ;
 654 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
 655         {
 656                 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
 657                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 658                         yyerror("expected yes or no.");
 659                 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
 660                 free($2);
 661         }
 662         ;
 663 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
 664         {
 665                 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
 666                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 667                         yyerror("number expected");
 668                 else if (atoi($2) > 6553500)
 669                         cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
 670                 else if (atoi($2) < 1)
 671                         cfg_parser->cfg->tcp_keepalive_timeout = 0;
 672                 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
 673                 free($2);
 674         }
 675         ;
 676 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
 677         {
 678                 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
 679                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 680                         yyerror("expected yes or no.");
 681                 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
 682                 free($2);
 683         }
 684         ;
 685 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
 686         {
 687                 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
 688                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 689                         yyerror("expected yes or no.");
 690                 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
 691                 free($2);
 692         }
 693         ;
 694 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
 695         {
 696                 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
 697                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 698                         yyerror("expected yes or no.");
 699                 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
 700                 free($2);
 701         }
 702         ;
 703 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
 704         {
 705                 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
 706                 free(cfg_parser->cfg->ssl_service_key);
 707                 cfg_parser->cfg->ssl_service_key = $2;
 708         }
 709         ;
 710 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
 711         {
 712                 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
 713                 free(cfg_parser->cfg->ssl_service_pem);
 714                 cfg_parser->cfg->ssl_service_pem = $2;
 715         }
 716         ;
 717 server_ssl_port: VAR_SSL_PORT STRING_ARG
 718         {
 719                 OUTYY(("P(server_ssl_port:%s)\n", $2));
 720                 if(atoi($2) == 0)
 721                         yyerror("port number expected");
 722                 else cfg_parser->cfg->ssl_port = atoi($2);
 723                 free($2);
 724         }
 725         ;
 726 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
 727         {
 728                 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
 729                 free(cfg_parser->cfg->tls_cert_bundle);
 730                 cfg_parser->cfg->tls_cert_bundle = $2;
 731         }
 732         ;
 733 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
 734         {
 735                 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
 736                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 737                         yyerror("expected yes or no.");
 738                 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
 739                 free($2);
 740         }
 741         ;
 742 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
 743         {
 744                 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
 745                 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
 746                         $2))
 747                         yyerror("out of memory");
 748         }
 749         ;
 750 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
 751         {
 752                 OUTYY(("P(server_use_systemd:%s)\n", $2));
 753                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 754                         yyerror("expected yes or no.");
 755                 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
 756                 free($2);
 757         }
 758         ;
 759 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
 760         {
 761                 OUTYY(("P(server_do_daemonize:%s)\n", $2));
 762                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 763                         yyerror("expected yes or no.");
 764                 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
 765                 free($2);
 766         }
 767         ;
 768 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
 769         {
 770                 OUTYY(("P(server_use_syslog:%s)\n", $2));
 771                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 772                         yyerror("expected yes or no.");
 773                 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
 774 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
 775                 if(strcmp($2, "yes") == 0)
 776                         yyerror("no syslog services are available. "
 777                                 "(reconfigure and compile to add)");
 778 #endif
 779                 free($2);
 780         }
 781         ;
 782 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
 783         {
 784                 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
 785                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 786                         yyerror("expected yes or no.");
 787                 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
 788                 free($2);
 789         }
 790         ;
 791 server_log_queries: VAR_LOG_QUERIES STRING_ARG
 792         {
 793                 OUTYY(("P(server_log_queries:%s)\n", $2));
 794                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 795                         yyerror("expected yes or no.");
 796                 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
 797                 free($2);
 798         }
 799         ;
 800 server_log_replies: VAR_LOG_REPLIES STRING_ARG
 801   {
 802         OUTYY(("P(server_log_replies:%s)\n", $2));
 803         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 804                 yyerror("expected yes or no.");
 805         else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
 806         free($2);
 807   }
 808   ;
 809 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
 810         {
 811                 OUTYY(("P(server_log_servfail:%s)\n", $2));
 812                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 813                         yyerror("expected yes or no.");
 814                 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
 815                 free($2);
 816         }
 817         ;
 818 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
 819   {
 820         OUTYY(("P(server_log_local_actions:%s)\n", $2));
 821         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 822                 yyerror("expected yes or no.");
 823         else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
 824         free($2);
 825   }
 826   ;
 827 server_chroot: VAR_CHROOT STRING_ARG
 828         {
 829                 OUTYY(("P(server_chroot:%s)\n", $2));
 830                 free(cfg_parser->cfg->chrootdir);
 831                 cfg_parser->cfg->chrootdir = $2;
 832         }
 833         ;
 834 server_username: VAR_USERNAME STRING_ARG
 835         {
 836                 OUTYY(("P(server_username:%s)\n", $2));
 837                 free(cfg_parser->cfg->username);
 838                 cfg_parser->cfg->username = $2;
 839         }
 840         ;
 841 server_directory: VAR_DIRECTORY STRING_ARG
 842         {
 843                 OUTYY(("P(server_directory:%s)\n", $2));
 844                 free(cfg_parser->cfg->directory);
 845                 cfg_parser->cfg->directory = $2;
 846                 /* change there right away for includes relative to this */
 847                 if($2[0]) {
 848                         char* d;
 849 #ifdef UB_ON_WINDOWS
 850                         w_config_adjust_directory(cfg_parser->cfg);
 851 #endif
 852                         d = cfg_parser->cfg->directory;
 853                         /* adjust directory if we have already chroot,
 854                          * like, we reread after sighup */
 855                         if(cfg_parser->chroot && cfg_parser->chroot[0] &&
 856                                 strncmp(d, cfg_parser->chroot, strlen(
 857                                 cfg_parser->chroot)) == 0)
 858                                 d += strlen(cfg_parser->chroot);
 859                         if(d[0]) {
 860                             if(chdir(d))
 861                                 log_err("cannot chdir to directory: %s (%s)",
 862                                         d, strerror(errno));
 863                         }
 864                 }
 865         }
 866         ;
 867 server_logfile: VAR_LOGFILE STRING_ARG
 868         {
 869                 OUTYY(("P(server_logfile:%s)\n", $2));
 870                 free(cfg_parser->cfg->logfile);
 871                 cfg_parser->cfg->logfile = $2;
 872                 cfg_parser->cfg->use_syslog = 0;
 873         }
 874         ;
 875 server_pidfile: VAR_PIDFILE STRING_ARG
 876         {
 877                 OUTYY(("P(server_pidfile:%s)\n", $2));
 878                 free(cfg_parser->cfg->pidfile);
 879                 cfg_parser->cfg->pidfile = $2;
 880         }
 881         ;
 882 server_root_hints: VAR_ROOT_HINTS STRING_ARG
 883         {
 884                 OUTYY(("P(server_root_hints:%s)\n", $2));
 885                 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
 886                         yyerror("out of memory");
 887         }
 888         ;
 889 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
 890         {
 891                 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
 892                 free(cfg_parser->cfg->dlv_anchor_file);
 893                 cfg_parser->cfg->dlv_anchor_file = $2;
 894         }
 895         ;
 896 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
 897         {
 898                 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
 899                 if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
 900                         yyerror("out of memory");
 901         }
 902         ;
 903 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
 904         {
 905                 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
 906                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 907                         auto_trust_anchor_file_list, $2))
 908                         yyerror("out of memory");
 909         }
 910         ;
 911 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
 912         {
 913                 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
 914                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 915                         trust_anchor_file_list, $2))
 916                         yyerror("out of memory");
 917         }
 918         ;
 919 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
 920         {
 921                 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
 922                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 923                         trusted_keys_file_list, $2))
 924                         yyerror("out of memory");
 925         }
 926         ;
 927 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
 928         {
 929                 OUTYY(("P(server_trust_anchor:%s)\n", $2));
 930                 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
 931                         yyerror("out of memory");
 932         }
 933         ;
 934 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
 935         {
 936                 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
 937                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 938                         yyerror("expected yes or no.");
 939                 else
 940                         cfg_parser->cfg->trust_anchor_signaling =
 941                                 (strcmp($2, "yes")==0);
 942                 free($2);
 943         }
 944         ;
 945 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
 946         {
 947                 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
 948                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 949                         yyerror("expected yes or no.");
 950                 else
 951                         cfg_parser->cfg->root_key_sentinel =
 952                                 (strcmp($2, "yes")==0);
 953                 free($2);
 954         }
 955         ;
 956 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
 957         {
 958                 OUTYY(("P(server_domain_insecure:%s)\n", $2));
 959                 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
 960                         yyerror("out of memory");
 961         }
 962         ;
 963 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
 964         {
 965                 OUTYY(("P(server_hide_identity:%s)\n", $2));
 966                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 967                         yyerror("expected yes or no.");
 968                 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
 969                 free($2);
 970         }
 971         ;
 972 server_hide_version: VAR_HIDE_VERSION STRING_ARG
 973         {
 974                 OUTYY(("P(server_hide_version:%s)\n", $2));
 975                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 976                         yyerror("expected yes or no.");
 977                 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
 978                 free($2);
 979         }
 980         ;
 981 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
 982         {
 983                 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
 984                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 985                         yyerror("expected yes or no.");
 986                 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
 987                 free($2);
 988         }
 989         ;
 990 server_identity: VAR_IDENTITY STRING_ARG
 991         {
 992                 OUTYY(("P(server_identity:%s)\n", $2));
 993                 free(cfg_parser->cfg->identity);
 994                 cfg_parser->cfg->identity = $2;
 995         }
 996         ;
 997 server_version: VAR_VERSION STRING_ARG
 998         {
 999                 OUTYY(("P(server_version:%s)\n", $2));
1000                 free(cfg_parser->cfg->version);
1001                 cfg_parser->cfg->version = $2;
1002         }
1003         ;
1004 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1005         {
1006                 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1007                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1008                         yyerror("buffer size expected");
1009                 free($2);
1010         }
1011         ;
1012 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1013         {
1014                 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1015                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1016                         yyerror("buffer size expected");
1017                 free($2);
1018         }
1019         ;
1020 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1021     {
1022         OUTYY(("P(server_so_reuseport:%s)\n", $2));
1023         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1024             yyerror("expected yes or no.");
1025         else cfg_parser->cfg->so_reuseport =
1026             (strcmp($2, "yes")==0);
1027         free($2);
1028     }
1029     ;
1030 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1031     {
1032         OUTYY(("P(server_ip_transparent:%s)\n", $2));
1033         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1034             yyerror("expected yes or no.");
1035         else cfg_parser->cfg->ip_transparent =
1036             (strcmp($2, "yes")==0);
1037         free($2);
1038     }
1039     ;
1040 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1041     {
1042         OUTYY(("P(server_ip_freebind:%s)\n", $2));
1043         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1044             yyerror("expected yes or no.");
1045         else cfg_parser->cfg->ip_freebind =
1046             (strcmp($2, "yes")==0);
1047         free($2);
1048     }
1049     ;
1050 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1051         {
1052                 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1053                 if(atoi($2) == 0)
1054                         yyerror("number expected");
1055                 else if (atoi($2) < 12)
1056                         yyerror("edns buffer size too small");
1057                 else if (atoi($2) > 65535)
1058                         cfg_parser->cfg->edns_buffer_size = 65535;
1059                 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1060                 free($2);
1061         }
1062         ;
1063 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1064         {
1065                 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1066                 if(atoi($2) == 0)
1067                         yyerror("number expected");
1068                 else if (atoi($2) < 4096)
1069                         yyerror("message buffer size too small (use 4096)");
1070                 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1071                 free($2);
1072         }
1073         ;
1074 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1075         {
1076                 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1077                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1078                         yyerror("memory size expected");
1079                 free($2);
1080         }
1081         ;
1082 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1083         {
1084                 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1085                 if(atoi($2) == 0)
1086                         yyerror("number expected");
1087                 else {
1088                         cfg_parser->cfg->msg_cache_slabs = atoi($2);
1089                         if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1090                                 yyerror("must be a power of 2");
1091                 }
1092                 free($2);
1093         }
1094         ;
1095 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1096         {
1097                 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1098                 if(atoi($2) == 0)
1099                         yyerror("number expected");
1100                 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1101                 free($2);
1102         }
1103         ;
1104 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1105         {
1106                 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1107                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1108                         yyerror("number expected");
1109                 else cfg_parser->cfg->jostle_time = atoi($2);
1110                 free($2);
1111         }
1112         ;
1113 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1114         {
1115                 OUTYY(("P(server_delay_close:%s)\n", $2));
1116                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1117                         yyerror("number expected");
1118                 else cfg_parser->cfg->delay_close = atoi($2);
1119                 free($2);
1120         }
1121         ;
1122 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1123         {
1124                 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1125                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1126                         yyerror("expected yes or no.");
1127                 else cfg_parser->cfg->unblock_lan_zones =
1128                         (strcmp($2, "yes")==0);
1129                 free($2);
1130         }
1131         ;
1132 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1133         {
1134                 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1135                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1136                         yyerror("expected yes or no.");
1137                 else cfg_parser->cfg->insecure_lan_zones =
1138                         (strcmp($2, "yes")==0);
1139                 free($2);
1140         }
1141         ;
1142 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1143         {
1144                 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1145                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1146                         yyerror("memory size expected");
1147                 free($2);
1148         }
1149         ;
1150 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1151         {
1152                 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1153                 if(atoi($2) == 0)
1154                         yyerror("number expected");
1155                 else {
1156                         cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1157                         if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1158                                 yyerror("must be a power of 2");
1159                 }
1160                 free($2);
1161         }
1162         ;
1163 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1164         {
1165                 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1166                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1167                         yyerror("number expected");
1168                 else cfg_parser->cfg->host_ttl = atoi($2);
1169                 free($2);
1170         }
1171         ;
1172 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1173         {
1174                 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1175                 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1176                         "removed, use infra-host-ttl)", $2);
1177                 free($2);
1178         }
1179         ;
1180 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1181         {
1182                 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1183                 if(atoi($2) == 0)
1184                         yyerror("number expected");
1185                 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1186                 free($2);
1187         }
1188         ;
1189 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1190         {
1191                 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1192                 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1193                         "(option removed, use infra-cache-numhosts)", $2);
1194                 free($2);
1195         }
1196         ;
1197 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1198         {
1199                 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1200                 if(atoi($2) == 0)
1201                         yyerror("number expected");
1202                 else {
1203                         cfg_parser->cfg->infra_cache_slabs = atoi($2);
1204                         if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1205                                 yyerror("must be a power of 2");
1206                 }
1207                 free($2);
1208         }
1209         ;
1210 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1211         {
1212                 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1213                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1214                         yyerror("number expected");
1215                 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1216                 free($2);
1217         }
1218         ;
1219 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1220         {
1221                 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1222                 free(cfg_parser->cfg->target_fetch_policy);
1223                 cfg_parser->cfg->target_fetch_policy = $2;
1224         }
1225         ;
1226 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1227         {
1228                 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1229                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1230                         yyerror("expected yes or no.");
1231                 else cfg_parser->cfg->harden_short_bufsize =
1232                         (strcmp($2, "yes")==0);
1233                 free($2);
1234         }
1235         ;
1236 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1237         {
1238                 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1239                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1240                         yyerror("expected yes or no.");
1241                 else cfg_parser->cfg->harden_large_queries =
1242                         (strcmp($2, "yes")==0);
1243                 free($2);
1244         }
1245         ;
1246 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1247         {
1248                 OUTYY(("P(server_harden_glue:%s)\n", $2));
1249                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1250                         yyerror("expected yes or no.");
1251                 else cfg_parser->cfg->harden_glue =
1252                         (strcmp($2, "yes")==0);
1253                 free($2);
1254         }
1255         ;
1256 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1257         {
1258                 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1259                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1260                         yyerror("expected yes or no.");
1261                 else cfg_parser->cfg->harden_dnssec_stripped =
1262                         (strcmp($2, "yes")==0);
1263                 free($2);
1264         }
1265         ;
1266 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1267         {
1268                 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1269                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1270                         yyerror("expected yes or no.");
1271                 else cfg_parser->cfg->harden_below_nxdomain =
1272                         (strcmp($2, "yes")==0);
1273                 free($2);
1274         }
1275         ;
1276 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1277         {
1278                 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1279                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1280                         yyerror("expected yes or no.");
1281                 else cfg_parser->cfg->harden_referral_path =
1282                         (strcmp($2, "yes")==0);
1283                 free($2);
1284         }
1285         ;
1286 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1287         {
1288                 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1289                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1290                         yyerror("expected yes or no.");
1291                 else cfg_parser->cfg->harden_algo_downgrade =
1292                         (strcmp($2, "yes")==0);
1293                 free($2);
1294         }
1295         ;
1296 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1297         {
1298                 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1299                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1300                         yyerror("expected yes or no.");
1301                 else cfg_parser->cfg->use_caps_bits_for_id =
1302                         (strcmp($2, "yes")==0);
1303                 free($2);
1304         }
1305         ;
1306 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1307         {
1308                 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1309                 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1310                         yyerror("out of memory");
1311         }
1312         ;
1313 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1314         {
1315                 OUTYY(("P(server_private_address:%s)\n", $2));
1316                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1317                         yyerror("out of memory");
1318         }
1319         ;
1320 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1321         {
1322                 OUTYY(("P(server_private_domain:%s)\n", $2));
1323                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1324                         yyerror("out of memory");
1325         }
1326         ;
1327 server_prefetch: VAR_PREFETCH STRING_ARG
1328         {
1329                 OUTYY(("P(server_prefetch:%s)\n", $2));
1330                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1331                         yyerror("expected yes or no.");
1332                 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1333                 free($2);
1334         }
1335         ;
1336 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1337         {
1338                 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1339                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1340                         yyerror("expected yes or no.");
1341                 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1342                 free($2);
1343         }
1344         ;
1345 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1346         {
1347                 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1348                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1349                         yyerror("number expected");
1350                 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1351                 free($2);
1352         }
1353         ;
1354 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1355         {
1356                 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1357                 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1358                         yyerror("out of memory");
1359         }
1360         ;
1361 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1362         {
1363                 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1364                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1365                         yyerror("expected yes or no.");
1366                 else cfg_parser->cfg->donotquery_localhost =
1367                         (strcmp($2, "yes")==0);
1368                 free($2);
1369         }
1370         ;
1371 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1372         {
1373                 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1374                 if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1375                         strcmp($3, "deny_non_local")!=0 &&
1376                         strcmp($3, "refuse_non_local")!=0 &&
1377                         strcmp($3, "allow_setrd")!=0 &&
1378                         strcmp($3, "allow")!=0 &&
1379                         strcmp($3, "allow_snoop")!=0) {
1380                         yyerror("expected deny, refuse, deny_non_local, "
1381                                 "refuse_non_local, allow, allow_setrd or "
1382                                 "allow_snoop in access control action");
1383                 } else {
1384                         if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1385                                 fatal_exit("out of memory adding acl");
1386                 }
1387         }
1388         ;
1389 server_module_conf: VAR_MODULE_CONF STRING_ARG
1390         {
1391                 OUTYY(("P(server_module_conf:%s)\n", $2));
1392                 free(cfg_parser->cfg->module_conf);
1393                 cfg_parser->cfg->module_conf = $2;
1394         }
1395         ;
1396 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1397         {
1398                 OUTYY(("P(server_val_override_date:%s)\n", $2));
1399                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1400                         cfg_parser->cfg->val_date_override = 0;
1401                 } else if(strlen($2) == 14) {
1402                         cfg_parser->cfg->val_date_override =
1403                                 cfg_convert_timeval($2);
1404                         if(!cfg_parser->cfg->val_date_override)
1405                                 yyerror("bad date/time specification");
1406                 } else {
1407                         if(atoi($2) == 0)
1408                                 yyerror("number expected");
1409                         cfg_parser->cfg->val_date_override = atoi($2);
1410                 }
1411                 free($2);
1412         }
1413         ;
1414 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1415         {
1416                 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1417                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1418                         cfg_parser->cfg->val_sig_skew_min = 0;
1419                 } else {
1420                         cfg_parser->cfg->val_sig_skew_min = atoi($2);
1421                         if(!cfg_parser->cfg->val_sig_skew_min)
1422                                 yyerror("number expected");
1423                 }
1424                 free($2);
1425         }
1426         ;
1427 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1428         {
1429                 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1430                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1431                         cfg_parser->cfg->val_sig_skew_max = 0;
1432                 } else {
1433                         cfg_parser->cfg->val_sig_skew_max = atoi($2);
1434                         if(!cfg_parser->cfg->val_sig_skew_max)
1435                                 yyerror("number expected");
1436                 }
1437                 free($2);
1438         }
1439         ;
1440 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1441         {
1442                 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1443                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1444                         yyerror("number expected");
1445                 else cfg_parser->cfg->max_ttl = atoi($2);
1446                 free($2);
1447         }
1448         ;
1449 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1450         {
1451                 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1452                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1453                         yyerror("number expected");
1454                 else cfg_parser->cfg->max_negative_ttl = atoi($2);
1455                 free($2);
1456         }
1457         ;
1458 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1459         {
1460                 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1461                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1462                         yyerror("number expected");
1463                 else cfg_parser->cfg->min_ttl = atoi($2);
1464                 free($2);
1465         }
1466         ;
1467 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1468         {
1469                 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1470                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1471                         yyerror("number expected");
1472                 else cfg_parser->cfg->bogus_ttl = atoi($2);
1473                 free($2);
1474         }
1475         ;
1476 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1477         {
1478                 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1479                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1480                         yyerror("expected yes or no.");
1481                 else cfg_parser->cfg->val_clean_additional =
1482                         (strcmp($2, "yes")==0);
1483                 free($2);
1484         }
1485         ;
1486 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1487         {
1488                 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1489                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1490                         yyerror("expected yes or no.");
1491                 else cfg_parser->cfg->val_permissive_mode =
1492                         (strcmp($2, "yes")==0);
1493                 free($2);
1494         }
1495         ;
1496 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1497         {
1498                 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1499                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1500                         yyerror("expected yes or no.");
1501                 else
1502                         cfg_parser->cfg->aggressive_nsec =
1503                                 (strcmp($2, "yes")==0);
1504                 free($2);
1505         }
1506         ;
1507 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1508         {
1509                 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1510                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1511                         yyerror("expected yes or no.");
1512                 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1513                 free($2);
1514         }
1515         ;
1516 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1517         {
1518                 OUTYY(("P(server_serve_expired:%s)\n", $2));
1519                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1520                         yyerror("expected yes or no.");
1521                 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1522                 free($2);
1523         }
1524         ;
1525 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1526         {
1527                 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1528                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1529                         yyerror("number expected");
1530                 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1531                 free($2);
1532         }
1533         ;
1534 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1535         {
1536                 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1537                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1538                         yyerror("expected yes or no.");
1539                 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1540                 free($2);
1541         }
1542         ;
1543 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1544         {
1545                 OUTYY(("P(server_fake_dsa:%s)\n", $2));
1546                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1547                         yyerror("expected yes or no.");
1548 #ifdef HAVE_SSL
1549                 else fake_dsa = (strcmp($2, "yes")==0);
1550                 if(fake_dsa)
1551                         log_warn("test option fake_dsa is enabled");
1552 #endif
1553                 free($2);
1554         }
1555         ;
1556 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1557         {
1558                 OUTYY(("P(server_fake_sha1:%s)\n", $2));
1559                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1560                         yyerror("expected yes or no.");
1561 #ifdef HAVE_SSL
1562                 else fake_sha1 = (strcmp($2, "yes")==0);
1563                 if(fake_sha1)
1564                         log_warn("test option fake_sha1 is enabled");
1565 #endif
1566                 free($2);
1567         }
1568         ;
1569 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1570         {
1571                 OUTYY(("P(server_val_log_level:%s)\n", $2));
1572                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1573                         yyerror("number expected");
1574                 else cfg_parser->cfg->val_log_level = atoi($2);
1575                 free($2);
1576         }
1577         ;
1578 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1579         {
1580                 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1581                 free(cfg_parser->cfg->val_nsec3_key_iterations);
1582                 cfg_parser->cfg->val_nsec3_key_iterations = $2;
1583         }
1584         ;
1585 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1586         {
1587                 OUTYY(("P(server_add_holddown:%s)\n", $2));
1588                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1589                         yyerror("number expected");
1590                 else cfg_parser->cfg->add_holddown = atoi($2);
1591                 free($2);
1592         }
1593         ;
1594 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1595         {
1596                 OUTYY(("P(server_del_holddown:%s)\n", $2));
1597                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1598                         yyerror("number expected");
1599                 else cfg_parser->cfg->del_holddown = atoi($2);
1600                 free($2);
1601         }
1602         ;
1603 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1604         {
1605                 OUTYY(("P(server_keep_missing:%s)\n", $2));
1606                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1607                         yyerror("number expected");
1608                 else cfg_parser->cfg->keep_missing = atoi($2);
1609                 free($2);
1610         }
1611         ;
1612 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1613         {
1614                 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1615                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1616                         yyerror("expected yes or no.");
1617                 else cfg_parser->cfg->permit_small_holddown =
1618                         (strcmp($2, "yes")==0);
1619                 free($2);
1620         }
1621 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1622         {
1623                 OUTYY(("P(server_key_cache_size:%s)\n", $2));
1624                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1625                         yyerror("memory size expected");
1626                 free($2);
1627         }
1628         ;
1629 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1630         {
1631                 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1632                 if(atoi($2) == 0)
1633                         yyerror("number expected");
1634                 else {
1635                         cfg_parser->cfg->key_cache_slabs = atoi($2);
1636                         if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1637                                 yyerror("must be a power of 2");
1638                 }
1639                 free($2);
1640         }
1641         ;
1642 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1643         {
1644                 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1645                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1646                         yyerror("memory size expected");
1647                 free($2);
1648         }
1649         ;
1650 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1651         {
1652                 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1653                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1654                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1655                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1656                    && strcmp($3, "typetransparent")!=0
1657                    && strcmp($3, "always_transparent")!=0
1658                    && strcmp($3, "always_refuse")!=0
1659                    && strcmp($3, "always_nxdomain")!=0
1660                    && strcmp($3, "noview")!=0
1661                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
1662                         yyerror("local-zone type: expected static, deny, "
1663                                 "refuse, redirect, transparent, "
1664                                 "typetransparent, inform, inform_deny, "
1665                                 "always_transparent, always_refuse, "
1666                                 "always_nxdomain, noview or nodefault");
1667                 else if(strcmp($3, "nodefault")==0) {
1668                         if(!cfg_strlist_insert(&cfg_parser->cfg->
1669                                 local_zones_nodefault, $2))
1670                                 fatal_exit("out of memory adding local-zone");
1671                         free($3);
1672                 } else {
1673                         if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1674                                 $2, $3))
1675                                 fatal_exit("out of memory adding local-zone");
1676                 }
1677         }
1678         ;
1679 server_local_data: VAR_LOCAL_DATA STRING_ARG
1680         {
1681                 OUTYY(("P(server_local_data:%s)\n", $2));
1682                 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1683                         fatal_exit("out of memory adding local-data");
1684         }
1685         ;
1686 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1687         {
1688                 char* ptr;
1689                 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1690                 ptr = cfg_ptr_reverse($2);
1691                 free($2);
1692                 if(ptr) {
1693                         if(!cfg_strlist_insert(&cfg_parser->cfg->
1694                                 local_data, ptr))
1695                                 fatal_exit("out of memory adding local-data");
1696                 } else {
1697                         yyerror("local-data-ptr could not be reversed");
1698                 }
1699         }
1700         ;
1701 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1702         {
1703                 OUTYY(("P(server_minimal_responses:%s)\n", $2));
1704                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1705                         yyerror("expected yes or no.");
1706                 else cfg_parser->cfg->minimal_responses =
1707                         (strcmp($2, "yes")==0);
1708                 free($2);
1709         }
1710         ;
1711 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1712         {
1713                 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1714                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1715                         yyerror("expected yes or no.");
1716                 else cfg_parser->cfg->rrset_roundrobin =
1717                         (strcmp($2, "yes")==0);
1718                 free($2);
1719         }
1720         ;
1721 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1722         {
1723                 OUTYY(("P(server_max_udp_size:%s)\n", $2));
1724                 cfg_parser->cfg->max_udp_size = atoi($2);
1725                 free($2);
1726         }
1727         ;
1728 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1729         {
1730                 OUTYY(("P(dns64_prefix:%s)\n", $2));
1731                 free(cfg_parser->cfg->dns64_prefix);
1732                 cfg_parser->cfg->dns64_prefix = $2;
1733         }
1734         ;
1735 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1736         {
1737                 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1738                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1739                         yyerror("expected yes or no.");
1740                 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1741                 free($2);
1742         }
1743         ;
1744 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
1745         {
1746                 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
1747                 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
1748                         $2))
1749                         fatal_exit("out of memory adding dns64-ignore-aaaa");
1750         }
1751         ;
1752 server_define_tag: VAR_DEFINE_TAG STRING_ARG
1753         {
1754                 char* p, *s = $2;
1755                 OUTYY(("P(server_define_tag:%s)\n", $2));
1756                 while((p=strsep(&s, " \t\n")) != NULL) {
1757                         if(*p) {
1758                                 if(!config_add_tag(cfg_parser->cfg, p))
1759                                         yyerror("could not define-tag, "
1760                                                 "out of memory");
1761                         }
1762                 }
1763                 free($2);
1764         }
1765         ;
1766 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
1767         {
1768                 size_t len = 0;
1769                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1770                         &len);
1771                 free($3);
1772                 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
1773                 if(!bitlist)
1774                         yyerror("could not parse tags, (define-tag them first)");
1775                 if(bitlist) {
1776                         if(!cfg_strbytelist_insert(
1777                                 &cfg_parser->cfg->local_zone_tags,
1778                                 $2, bitlist, len)) {
1779                                 yyerror("out of memory");
1780                                 free($2);
1781                         }
1782                 }
1783         }
1784         ;
1785 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
1786         {
1787                 size_t len = 0;
1788                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1789                         &len);
1790                 free($3);
1791                 OUTYY(("P(server_access_control_tag:%s)\n", $2));
1792                 if(!bitlist)
1793                         yyerror("could not parse tags, (define-tag them first)");
1794                 if(bitlist) {
1795                         if(!cfg_strbytelist_insert(
1796                                 &cfg_parser->cfg->acl_tags,
1797                                 $2, bitlist, len)) {
1798                                 yyerror("out of memory");
1799                                 free($2);
1800                         }
1801                 }
1802         }
1803         ;
1804 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
1805         {
1806                 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
1807                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
1808                         $2, $3, $4)) {
1809                         yyerror("out of memory");
1810                         free($2);
1811                         free($3);
1812                         free($4);
1813                 }
1814         }
1815         ;
1816 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
1817         {
1818                 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
1819                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
1820                         $2, $3, $4)) {
1821                         yyerror("out of memory");
1822                         free($2);
1823                         free($3);
1824                         free($4);
1825                 }
1826         }
1827         ;
1828 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
1829         {
1830                 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
1831                 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
1832                         $2, $3, $4)) {
1833                         yyerror("out of memory");
1834                         free($2);
1835                         free($3);
1836                         free($4);
1837                 }
1838         }
1839         ;
1840 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
1841         {
1842                 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
1843                 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
1844                         $2, $3)) {
1845                         yyerror("out of memory");
1846                         free($2);
1847                         free($3);
1848                 }
1849         }
1850         ;
1851 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
1852         {
1853                 size_t len = 0;
1854                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1855                         &len);
1856                 free($3);
1857                 OUTYY(("P(response_ip_tag:%s)\n", $2));
1858                 if(!bitlist)
1859                         yyerror("could not parse tags, (define-tag them first)");
1860                 if(bitlist) {
1861                         if(!cfg_strbytelist_insert(
1862                                 &cfg_parser->cfg->respip_tags,
1863                                 $2, bitlist, len)) {
1864                                 yyerror("out of memory");
1865                                 free($2);
1866                         }
1867                 }
1868         }
1869         ;
1870 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
1871         {
1872                 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
1873                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1874                         yyerror("number expected");
1875                 else cfg_parser->cfg->ip_ratelimit = atoi($2);
1876                 free($2);
1877         }
1878         ;
1879
1880 server_ratelimit: VAR_RATELIMIT STRING_ARG
1881         {
1882                 OUTYY(("P(server_ratelimit:%s)\n", $2));
1883                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1884                         yyerror("number expected");
1885                 else cfg_parser->cfg->ratelimit = atoi($2);
1886                 free($2);
1887         }
1888         ;
1889 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
1890   {
1891         OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
1892         if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
1893                 yyerror("memory size expected");
1894         free($2);
1895   }
1896   ;
1897 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
1898         {
1899                 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
1900                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
1901                         yyerror("memory size expected");
1902                 free($2);
1903         }
1904         ;
1905 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
1906   {
1907         OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
1908         if(atoi($2) == 0)
1909                 yyerror("number expected");
1910         else {
1911                 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
1912                 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
1913                         yyerror("must be a power of 2");
1914         }
1915         free($2);
1916   }
1917   ;
1918 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
1919         {
1920                 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
1921                 if(atoi($2) == 0)
1922                         yyerror("number expected");
1923                 else {
1924                         cfg_parser->cfg->ratelimit_slabs = atoi($2);
1925                         if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
1926                                 yyerror("must be a power of 2");
1927                 }
1928                 free($2);
1929         }
1930         ;
1931 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
1932         {
1933                 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
1934                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1935                         yyerror("number expected");
1936                 } else {
1937                         if(!cfg_str2list_insert(&cfg_parser->cfg->
1938                                 ratelimit_for_domain, $2, $3))
1939                                 fatal_exit("out of memory adding "
1940                                         "ratelimit-for-domain");
1941                 }
1942         }
1943         ;
1944 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
1945         {
1946                 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
1947                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1948                         yyerror("number expected");
1949                 } else {
1950                         if(!cfg_str2list_insert(&cfg_parser->cfg->
1951                                 ratelimit_below_domain, $2, $3))
1952                                 fatal_exit("out of memory adding "
1953                                         "ratelimit-below-domain");
1954                 }
1955         }
1956         ;
1957 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
1958   {
1959         OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
1960         if(atoi($2) == 0 && strcmp($2, "0") != 0)
1961                 yyerror("number expected");
1962         else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
1963         free($2);
1964         }
1965         ;
1966 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
1967         {
1968                 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
1969                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1970                         yyerror("number expected");
1971                 else cfg_parser->cfg->ratelimit_factor = atoi($2);
1972                 free($2);
1973         }
1974         ;
1975 server_low_rtt: VAR_LOW_RTT STRING_ARG
1976         {
1977                 OUTYY(("P(server_low_rtt:%s)\n", $2));
1978                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1979                         yyerror("number expected");
1980                 else cfg_parser->cfg->low_rtt = atoi($2);
1981                 free($2);
1982         }
1983         ;
1984 server_low_rtt_permil: VAR_LOW_RTT_PERMIL STRING_ARG
1985         {
1986                 OUTYY(("P(server_low_rtt_permil:%s)\n", $2));
1987                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1988                         yyerror("number expected");
1989                 else cfg_parser->cfg->low_rtt_permil = atoi($2);
1990                 free($2);
1991         }
1992         ;
1993 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
1994         {
1995                 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
1996                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1997                         yyerror("expected yes or no.");
1998                 else cfg_parser->cfg->qname_minimisation =
1999                         (strcmp($2, "yes")==0);
2000                 free($2);
2001         }
2002         ;
2003 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2004         {
2005                 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2006                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2007                         yyerror("expected yes or no.");
2008                 else cfg_parser->cfg->qname_minimisation_strict =
2009                         (strcmp($2, "yes")==0);
2010                 free($2);
2011         }
2012         ;
2013 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2014         {
2015         #ifdef USE_IPSECMOD
2016                 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2017                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2018                         yyerror("expected yes or no.");
2019                 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2020                 free($2);
2021         #else
2022                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2023         #endif
2024         }
2025         ;
2026 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2027         {
2028         #ifdef USE_IPSECMOD
2029                 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2030                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2031                         yyerror("expected yes or no.");
2032                 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2033                 free($2);
2034         #else
2035                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2036         #endif
2037         }
2038         ;
2039 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2040         {
2041         #ifdef USE_IPSECMOD
2042                 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2043                 free(cfg_parser->cfg->ipsecmod_hook);
2044                 cfg_parser->cfg->ipsecmod_hook = $2;
2045         #else
2046                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2047         #endif
2048         }
2049         ;
2050 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2051         {
2052         #ifdef USE_IPSECMOD
2053                 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2054                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2055                         yyerror("number expected");
2056                 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2057                 free($2);
2058         #else
2059                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2060         #endif
2061         }
2062         ;
2063 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2064         {
2065         #ifdef USE_IPSECMOD
2066                 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2067                 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2068                         yyerror("out of memory");
2069         #else
2070                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2071         #endif
2072         }
2073         ;
2074 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2075         {
2076         #ifdef USE_IPSECMOD
2077                 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2078                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2079                         yyerror("expected yes or no.");
2080                 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2081                 free($2);
2082         #else
2083                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2084         #endif
2085         }
2086         ;
2087 stub_name: VAR_NAME STRING_ARG
2088         {
2089                 OUTYY(("P(name:%s)\n", $2));
2090                 if(cfg_parser->cfg->stubs->name)
2091                         yyerror("stub name override, there must be one name "
2092                                 "for one stub-zone");
2093                 free(cfg_parser->cfg->stubs->name);
2094                 cfg_parser->cfg->stubs->name = $2;
2095         }
2096         ;
2097 stub_host: VAR_STUB_HOST STRING_ARG
2098         {
2099                 OUTYY(("P(stub-host:%s)\n", $2));
2100                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2101                         yyerror("out of memory");
2102         }
2103         ;
2104 stub_addr: VAR_STUB_ADDR STRING_ARG
2105         {
2106                 OUTYY(("P(stub-addr:%s)\n", $2));
2107                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2108                         yyerror("out of memory");
2109         }
2110         ;
2111 stub_first: VAR_STUB_FIRST STRING_ARG
2112         {
2113                 OUTYY(("P(stub-first:%s)\n", $2));
2114                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2115                         yyerror("expected yes or no.");
2116                 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2117                 free($2);
2118         }
2119         ;
2120 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2121         {
2122                 OUTYY(("P(stub-no-cache:%s)\n", $2));
2123                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2124                         yyerror("expected yes or no.");
2125                 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2126                 free($2);
2127         }
2128         ;
2129 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2130         {
2131                 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2132                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2133                         yyerror("expected yes or no.");
2134                 else cfg_parser->cfg->stubs->ssl_upstream =
2135                         (strcmp($2, "yes")==0);
2136                 free($2);
2137         }
2138         ;
2139 stub_prime: VAR_STUB_PRIME STRING_ARG
2140         {
2141                 OUTYY(("P(stub-prime:%s)\n", $2));
2142                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2143                         yyerror("expected yes or no.");
2144                 else cfg_parser->cfg->stubs->isprime =
2145                         (strcmp($2, "yes")==0);
2146                 free($2);
2147         }
2148         ;
2149 forward_name: VAR_NAME STRING_ARG
2150         {
2151                 OUTYY(("P(name:%s)\n", $2));
2152                 if(cfg_parser->cfg->forwards->name)
2153                         yyerror("forward name override, there must be one "
2154                                 "name for one forward-zone");
2155                 free(cfg_parser->cfg->forwards->name);
2156                 cfg_parser->cfg->forwards->name = $2;
2157         }
2158         ;
2159 forward_host: VAR_FORWARD_HOST STRING_ARG
2160         {
2161                 OUTYY(("P(forward-host:%s)\n", $2));
2162                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2163                         yyerror("out of memory");
2164         }
2165         ;
2166 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2167         {
2168                 OUTYY(("P(forward-addr:%s)\n", $2));
2169                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2170                         yyerror("out of memory");
2171         }
2172         ;
2173 forward_first: VAR_FORWARD_FIRST STRING_ARG
2174         {
2175                 OUTYY(("P(forward-first:%s)\n", $2));
2176                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2177                         yyerror("expected yes or no.");
2178                 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2179                 free($2);
2180         }
2181         ;
2182 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2183         {
2184                 OUTYY(("P(forward-no-cache:%s)\n", $2));
2185                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2186                         yyerror("expected yes or no.");
2187                 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2188                 free($2);
2189         }
2190         ;
2191 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2192         {
2193                 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2194                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2195                         yyerror("expected yes or no.");
2196                 else cfg_parser->cfg->forwards->ssl_upstream =
2197                         (strcmp($2, "yes")==0);
2198                 free($2);
2199         }
2200         ;
2201 auth_name: VAR_NAME STRING_ARG
2202         {
2203                 OUTYY(("P(name:%s)\n", $2));
2204                 if(cfg_parser->cfg->auths->name)
2205                         yyerror("auth name override, there must be one name "
2206                                 "for one auth-zone");
2207                 free(cfg_parser->cfg->auths->name);
2208                 cfg_parser->cfg->auths->name = $2;
2209         }
2210         ;
2211 auth_zonefile: VAR_ZONEFILE STRING_ARG
2212         {
2213                 OUTYY(("P(zonefile:%s)\n", $2));
2214                 free(cfg_parser->cfg->auths->zonefile);
2215                 cfg_parser->cfg->auths->zonefile = $2;
2216         }
2217         ;
2218 auth_master: VAR_MASTER STRING_ARG
2219         {
2220                 OUTYY(("P(master:%s)\n", $2));
2221                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2222                         yyerror("out of memory");
2223         }
2224         ;
2225 auth_url: VAR_URL STRING_ARG
2226         {
2227                 OUTYY(("P(url:%s)\n", $2));
2228                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2229                         yyerror("out of memory");
2230         }
2231         ;
2232 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2233         {
2234                 OUTYY(("P(allow-notify:%s)\n", $2));
2235                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2236                         $2))
2237                         yyerror("out of memory");
2238         }
2239         ;
2240 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2241         {
2242                 OUTYY(("P(for-downstream:%s)\n", $2));
2243                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2244                         yyerror("expected yes or no.");
2245                 else cfg_parser->cfg->auths->for_downstream =
2246                         (strcmp($2, "yes")==0);
2247                 free($2);
2248         }
2249         ;
2250 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2251         {
2252                 OUTYY(("P(for-upstream:%s)\n", $2));
2253                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2254                         yyerror("expected yes or no.");
2255                 else cfg_parser->cfg->auths->for_upstream =
2256                         (strcmp($2, "yes")==0);
2257                 free($2);
2258         }
2259         ;
2260 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2261         {
2262                 OUTYY(("P(fallback-enabled:%s)\n", $2));
2263                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2264                         yyerror("expected yes or no.");
2265                 else cfg_parser->cfg->auths->fallback_enabled =
2266                         (strcmp($2, "yes")==0);
2267                 free($2);
2268         }
2269         ;
2270 view_name: VAR_NAME STRING_ARG
2271         {
2272                 OUTYY(("P(name:%s)\n", $2));
2273                 if(cfg_parser->cfg->views->name)
2274                         yyerror("view name override, there must be one "
2275                                 "name for one view");
2276                 free(cfg_parser->cfg->views->name);
2277                 cfg_parser->cfg->views->name = $2;
2278         }
2279         ;
2280 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2281         {
2282                 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2283                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2284                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2285                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2286                    && strcmp($3, "typetransparent")!=0
2287                    && strcmp($3, "always_transparent")!=0
2288                    && strcmp($3, "always_refuse")!=0
2289                    && strcmp($3, "always_nxdomain")!=0
2290                    && strcmp($3, "noview")!=0
2291                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
2292                         yyerror("local-zone type: expected static, deny, "
2293                                 "refuse, redirect, transparent, "
2294                                 "typetransparent, inform, inform_deny, "
2295                                 "always_transparent, always_refuse, "
2296                                 "always_nxdomain, noview or nodefault");
2297                 else if(strcmp($3, "nodefault")==0) {
2298                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2299                                 local_zones_nodefault, $2))
2300                                 fatal_exit("out of memory adding local-zone");
2301                         free($3);
2302                 } else {
2303                         if(!cfg_str2list_insert(
2304                                 &cfg_parser->cfg->views->local_zones,
2305                                 $2, $3))
2306                                 fatal_exit("out of memory adding local-zone");
2307                 }
2308         }
2309         ;
2310 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2311         {
2312                 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2313                 validate_respip_action($3);
2314                 if(!cfg_str2list_insert(
2315                         &cfg_parser->cfg->views->respip_actions, $2, $3))
2316                         fatal_exit("out of memory adding per-view "
2317                                 "response-ip action");
2318         }
2319         ;
2320 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2321         {
2322                 OUTYY(("P(view_response_ip_data:%s)\n", $2));
2323                 if(!cfg_str2list_insert(
2324                         &cfg_parser->cfg->views->respip_data, $2, $3))
2325                         fatal_exit("out of memory adding response-ip-data");
2326         }
2327         ;
2328 view_local_data: VAR_LOCAL_DATA STRING_ARG
2329         {
2330                 OUTYY(("P(view_local_data:%s)\n", $2));
2331                 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2332                         fatal_exit("out of memory adding local-data");
2333                         free($2);
2334                 }
2335         }
2336         ;
2337 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2338         {
2339                 char* ptr;
2340                 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2341                 ptr = cfg_ptr_reverse($2);
2342                 free($2);
2343                 if(ptr) {
2344                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2345                                 local_data, ptr))
2346                                 fatal_exit("out of memory adding local-data");
2347                 } else {
2348                         yyerror("local-data-ptr could not be reversed");
2349                 }
2350         }
2351         ;
2352 view_first: VAR_VIEW_FIRST STRING_ARG
2353         {
2354                 OUTYY(("P(view-first:%s)\n", $2));
2355                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2356                         yyerror("expected yes or no.");
2357                 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2358                 free($2);
2359         }
2360         ;
2361 rcstart: VAR_REMOTE_CONTROL
2362         {
2363                 OUTYY(("\nP(remote-control:)\n"));
2364         }
2365         ;
2366 contents_rc: contents_rc content_rc
2367         | ;
2368 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2369         rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2370         rc_control_cert_file | rc_control_use_cert
2371         ;
2372 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2373         {
2374                 OUTYY(("P(control_enable:%s)\n", $2));
2375                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2376                         yyerror("expected yes or no.");
2377                 else cfg_parser->cfg->remote_control_enable =
2378                         (strcmp($2, "yes")==0);
2379                 free($2);
2380         }
2381         ;
2382 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2383         {
2384                 OUTYY(("P(control_port:%s)\n", $2));
2385                 if(atoi($2) == 0)
2386                         yyerror("control port number expected");
2387                 else cfg_parser->cfg->control_port = atoi($2);
2388                 free($2);
2389         }
2390         ;
2391 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2392         {
2393                 OUTYY(("P(control_interface:%s)\n", $2));
2394                 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2395                         yyerror("out of memory");
2396         }
2397         ;
2398 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2399         {
2400                 OUTYY(("P(control_use_cert:%s)\n", $2));
2401                 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2402                 free($2);
2403         }
2404         ;
2405 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2406         {
2407                 OUTYY(("P(rc_server_key_file:%s)\n", $2));
2408                 free(cfg_parser->cfg->server_key_file);
2409                 cfg_parser->cfg->server_key_file = $2;
2410         }
2411         ;
2412 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2413         {
2414                 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2415                 free(cfg_parser->cfg->server_cert_file);
2416                 cfg_parser->cfg->server_cert_file = $2;
2417         }
2418         ;
2419 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2420         {
2421                 OUTYY(("P(rc_control_key_file:%s)\n", $2));
2422                 free(cfg_parser->cfg->control_key_file);
2423                 cfg_parser->cfg->control_key_file = $2;
2424         }
2425         ;
2426 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2427         {
2428                 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2429                 free(cfg_parser->cfg->control_cert_file);
2430                 cfg_parser->cfg->control_cert_file = $2;
2431         }
2432         ;
2433 dtstart: VAR_DNSTAP
2434         {
2435                 OUTYY(("\nP(dnstap:)\n"));
2436         }
2437         ;
2438 contents_dt: contents_dt content_dt
2439         | ;
2440 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2441         dt_dnstap_send_identity | dt_dnstap_send_version |
2442         dt_dnstap_identity | dt_dnstap_version |
2443         dt_dnstap_log_resolver_query_messages |
2444         dt_dnstap_log_resolver_response_messages |
2445         dt_dnstap_log_client_query_messages |
2446         dt_dnstap_log_client_response_messages |
2447         dt_dnstap_log_forwarder_query_messages |
2448         dt_dnstap_log_forwarder_response_messages
2449         ;
2450 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2451         {
2452                 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2453                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2454                         yyerror("expected yes or no.");
2455                 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2456         }
2457         ;
2458 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2459         {
2460                 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2461                 free(cfg_parser->cfg->dnstap_socket_path);
2462                 cfg_parser->cfg->dnstap_socket_path = $2;
2463         }
2464         ;
2465 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2466         {
2467                 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2468                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2469                         yyerror("expected yes or no.");
2470                 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2471         }
2472         ;
2473 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2474         {
2475                 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2476                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2477                         yyerror("expected yes or no.");
2478                 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2479         }
2480         ;
2481 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2482         {
2483                 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2484                 free(cfg_parser->cfg->dnstap_identity);
2485                 cfg_parser->cfg->dnstap_identity = $2;
2486         }
2487         ;
2488 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2489         {
2490                 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2491                 free(cfg_parser->cfg->dnstap_version);
2492                 cfg_parser->cfg->dnstap_version = $2;
2493         }
2494         ;
2495 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2496         {
2497                 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2498                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2499                         yyerror("expected yes or no.");
2500                 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2501                         (strcmp($2, "yes")==0);
2502         }
2503         ;
2504 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2505         {
2506                 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2507                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2508                         yyerror("expected yes or no.");
2509                 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2510                         (strcmp($2, "yes")==0);
2511         }
2512         ;
2513 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2514         {
2515                 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2516                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2517                         yyerror("expected yes or no.");
2518                 else cfg_parser->cfg->dnstap_log_client_query_messages =
2519                         (strcmp($2, "yes")==0);
2520         }
2521         ;
2522 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2523         {
2524                 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2525                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2526                         yyerror("expected yes or no.");
2527                 else cfg_parser->cfg->dnstap_log_client_response_messages =
2528                         (strcmp($2, "yes")==0);
2529         }
2530         ;
2531 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2532         {
2533                 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2534                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2535                         yyerror("expected yes or no.");
2536                 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2537                         (strcmp($2, "yes")==0);
2538         }
2539         ;
2540 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2541         {
2542                 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2543                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2544                         yyerror("expected yes or no.");
2545                 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2546                         (strcmp($2, "yes")==0);
2547         }
2548         ;
2549 pythonstart: VAR_PYTHON
2550         {
2551                 OUTYY(("\nP(python:)\n"));
2552         }
2553         ;
2554 contents_py: contents_py content_py
2555         | ;
2556 content_py: py_script
2557         ;
2558 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2559         {
2560                 OUTYY(("P(python-script:%s)\n", $2));
2561                 free(cfg_parser->cfg->python_script);
2562                 cfg_parser->cfg->python_script = $2;
2563         }
2564 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2565         {
2566                 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2567                 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2568                         yyerror("expected yes or no.");
2569                 else cfg_parser->cfg->disable_dnssec_lame_check =
2570                         (strcmp($2, "yes")==0);
2571                 free($2);
2572         }
2573         ;
2574 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2575         {
2576                 OUTYY(("P(server_log_identity:%s)\n", $2));
2577                 free(cfg_parser->cfg->log_identity);
2578                 cfg_parser->cfg->log_identity = $2;
2579         }
2580         ;
2581 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2582         {
2583                 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2584                 validate_respip_action($3);
2585                 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2586                         $2, $3))
2587                         fatal_exit("out of memory adding response-ip");
2588         }
2589         ;
2590 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2591         {
2592                 OUTYY(("P(server_response_ip_data:%s)\n", $2));
2593                         if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2594                                 $2, $3))
2595                                 fatal_exit("out of memory adding response-ip-data");
2596         }
2597         ;
2598 dnscstart: VAR_DNSCRYPT
2599         {
2600                 OUTYY(("\nP(dnscrypt:)\n"));
2601                 OUTYY(("\nP(dnscrypt:)\n"));
2602         }
2603         ;
2604 contents_dnsc: contents_dnsc content_dnsc
2605         | ;
2606 content_dnsc:
2607         dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2608         dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2609         dnsc_dnscrypt_provider_cert_rotated |
2610         dnsc_dnscrypt_shared_secret_cache_size |
2611         dnsc_dnscrypt_shared_secret_cache_slabs |
2612         dnsc_dnscrypt_nonce_cache_size |
2613         dnsc_dnscrypt_nonce_cache_slabs
2614         ;
2615 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2616         {
2617                 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2618                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2619                         yyerror("expected yes or no.");
2620                 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2621                 free($2);
2622         }
2623         ;
2624
2625 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2626         {
2627                 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2628
2629                 if(atoi($2) == 0)
2630                         yyerror("port number expected");
2631                 else cfg_parser->cfg->dnscrypt_port = atoi($2);
2632                 free($2);
2633         }
2634         ;
2635 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2636         {
2637                 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2638                 free(cfg_parser->cfg->dnscrypt_provider);
2639                 cfg_parser->cfg->dnscrypt_provider = $2;
2640         }
2641         ;
2642 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2643         {
2644                 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2645                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2646                         log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2647                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2648                         fatal_exit("out of memory adding dnscrypt-provider-cert");
2649         }
2650         ;
2651 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2652         {
2653                 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2654                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2655                         fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2656         }
2657         ;
2658 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2659         {
2660                 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2661                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2662                         log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2663                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2664                         fatal_exit("out of memory adding dnscrypt-secret-key");
2665         }
2666         ;
2667 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2668   {
2669         OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2670         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2671                 yyerror("memory size expected");
2672         free($2);
2673   }
2674   ;
2675 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2676   {
2677         OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2678         if(atoi($2) == 0)
2679                 yyerror("number expected");
2680         else {
2681                 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2682                 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2683                         yyerror("must be a power of 2");
2684         }
2685         free($2);
2686   }
2687   ;
2688 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2689   {
2690         OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2691         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2692                 yyerror("memory size expected");
2693         free($2);
2694   }
2695   ;
2696 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2697   {
2698         OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2699         if(atoi($2) == 0)
2700                 yyerror("number expected");
2701         else {
2702                 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2703                 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2704                         yyerror("must be a power of 2");
2705         }
2706         free($2);
2707   }
2708   ;
2709 cachedbstart: VAR_CACHEDB
2710         {
2711                 OUTYY(("\nP(cachedb:)\n"));
2712         }
2713         ;
2714 contents_cachedb: contents_cachedb content_cachedb
2715         | ;
2716 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
2717         redis_server_host | redis_server_port | redis_timeout
2718         ;
2719 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
2720         {
2721         #ifdef USE_CACHEDB
2722                 OUTYY(("P(backend:%s)\n", $2));
2723                 if(cfg_parser->cfg->cachedb_backend)
2724                         yyerror("cachedb backend override, there must be one "
2725                                 "backend");
2726                 free(cfg_parser->cfg->cachedb_backend);
2727                 cfg_parser->cfg->cachedb_backend = $2;
2728         #else
2729                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2730         #endif
2731         }
2732         ;
2733 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
2734         {
2735         #ifdef USE_CACHEDB
2736                 OUTYY(("P(secret-seed:%s)\n", $2));
2737                 if(cfg_parser->cfg->cachedb_secret)
2738                         yyerror("cachedb secret-seed override, there must be "
2739                                 "only one secret");
2740                 free(cfg_parser->cfg->cachedb_secret);
2741                 cfg_parser->cfg->cachedb_secret = $2;
2742         #else
2743                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2744                 free($2);
2745         #endif
2746         }
2747         ;
2748 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
2749         {
2750         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2751                 OUTYY(("P(redis_server_host:%s)\n", $2));
2752                 free(cfg_parser->cfg->redis_server_host);
2753                 cfg_parser->cfg->redis_server_host = $2;
2754         #else
2755                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2756                 free($2);
2757         #endif
2758         }
2759         ;
2760 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
2761         {
2762         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2763                 int port;
2764                 OUTYY(("P(redis_server_port:%s)\n", $2));
2765                 port = atoi($2);
2766                 if(port == 0 || port < 0 || port > 65535)
2767                         yyerror("valid redis server port number expected");
2768                 else cfg_parser->cfg->redis_server_port = port;
2769         #else
2770                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2771         #endif
2772                 free($2);
2773         }
2774         ;
2775 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
2776         {
2777         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2778                 OUTYY(("P(redis_timeout:%s)\n", $2));
2779                 if(atoi($2) == 0)
2780                         yyerror("redis timeout value expected");
2781                 else cfg_parser->cfg->redis_timeout = atoi($2);
2782         #else
2783                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2784         #endif
2785                 free($2);
2786         }
2787         ;
2788 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
2789         {
2790                 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
2791                 if (atoi($3) < 0)
2792                         yyerror("positive number expected");
2793                 else {
2794                         if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
2795                                 fatal_exit("out of memory adding tcp connection limit");
2796                 }
2797         }
2798         ;
2799 %%
2800
2801 /* parse helper routines could be here */
2802 static void
2803 validate_respip_action(const char* action)
2804 {
2805         if(strcmp(action, "deny")!=0 &&
2806                 strcmp(action, "redirect")!=0 &&
2807                 strcmp(action, "inform")!=0 &&
2808                 strcmp(action, "inform_deny")!=0 &&
2809                 strcmp(action, "always_transparent")!=0 &&
2810                 strcmp(action, "always_refuse")!=0 &&
2811                 strcmp(action, "always_nxdomain")!=0)
2812         {
2813                 yyerror("response-ip action: expected deny, redirect, "
2814                         "inform, inform_deny, always_transparent, "
2815                         "always_refuse or always_nxdomain");
2816         }
2817 }