]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/blob - util/configparser.y
projects / FreeBSD / FreeBSD.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
unbound: Vendor import 1.19.0
[FreeBSD/FreeBSD.git] / util / configparser.y
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37
38 %{
39 #include "config.h"
40
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60
61 #if 0
62 #define OUTYY(s)  printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66
67 %}
68 %union {
69         char*   str;
70 };
71
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
141 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
142 %token VAR_IP_DSCP
143 %token VAR_DISABLE_DNSSEC_LAME_CHECK
144 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
145 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
146 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
147 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
148 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
149 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
150 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
151 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
152 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
153 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
154 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
155 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
156 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
157 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
158 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
159 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
160 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
161 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
162 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
163 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
164 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
165 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
166 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
167 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
168 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
169 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
170 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
171 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
172 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
173 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
174 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
175 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
176 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
177 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
178 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
179 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
180 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
181 %token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
182 %token VAR_CACHEDB_REDISLOGICALDB
183 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
184 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
185 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
186 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
187 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
188 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
189 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
190 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
191 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
192 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
193 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
194 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
195 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
196 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
197 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
198 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
199 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
200 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
201 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
202 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
203
204 %%
205 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
206 toplevelvar: serverstart contents_server | stubstart contents_stub |
207         forwardstart contents_forward | pythonstart contents_py |
208         rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
209         dnscstart contents_dnsc | cachedbstart contents_cachedb |
210         ipsetstart contents_ipset | authstart contents_auth |
211         rpzstart contents_rpz | dynlibstart contents_dl |
212         force_toplevel
213         ;
214 force_toplevel: VAR_FORCE_TOPLEVEL
215         {
216                 OUTYY(("\nP(force-toplevel)\n"));
217                 cfg_parser->started_toplevel = 0;
218         }
219         ;
220 /* server: declaration */
221 serverstart: VAR_SERVER
222         {
223                 OUTYY(("\nP(server:)\n"));
224                 cfg_parser->started_toplevel = 1;
225         }
226         ;
227 contents_server: contents_server content_server
228         | ;
229 content_server: server_num_threads | server_verbosity | server_port |
230         server_outgoing_range | server_do_ip4 |
231         server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
232         server_prefer_ip6 | server_do_udp | server_do_tcp |
233         server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
234         server_tcp_keepalive | server_tcp_keepalive_timeout |
235         server_sock_queue_timeout |
236         server_interface | server_chroot | server_username |
237         server_directory | server_logfile | server_pidfile |
238         server_msg_cache_size | server_msg_cache_slabs |
239         server_num_queries_per_thread | server_rrset_cache_size |
240         server_rrset_cache_slabs | server_outgoing_num_tcp |
241         server_infra_host_ttl | server_infra_lame_ttl |
242         server_infra_cache_slabs | server_infra_cache_numhosts |
243         server_infra_cache_lame_size | server_target_fetch_policy |
244         server_harden_short_bufsize | server_harden_large_queries |
245         server_do_not_query_address | server_hide_identity |
246         server_hide_version | server_identity | server_version |
247         server_hide_http_user_agent | server_http_user_agent |
248         server_harden_glue | server_module_conf | server_trust_anchor_file |
249         server_trust_anchor | server_val_override_date | server_bogus_ttl |
250         server_val_clean_additional | server_val_permissive_mode |
251         server_incoming_num_tcp | server_msg_buffer_size |
252         server_key_cache_size | server_key_cache_slabs |
253         server_trusted_keys_file | server_val_nsec3_keysize_iterations |
254         server_use_syslog | server_outgoing_interface | server_root_hints |
255         server_do_not_query_localhost | server_cache_max_ttl |
256         server_harden_dnssec_stripped | server_access_control |
257         server_local_zone | server_local_data | server_interface_automatic |
258         server_statistics_interval | server_do_daemonize |
259         server_use_caps_for_id | server_statistics_cumulative |
260         server_outgoing_port_permit | server_outgoing_port_avoid |
261         server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
262         server_harden_referral_path | server_private_address |
263         server_private_domain | server_extended_statistics |
264         server_local_data_ptr | server_jostle_timeout |
265         server_unwanted_reply_threshold | server_log_time_ascii |
266         server_domain_insecure | server_val_sig_skew_min |
267         server_val_sig_skew_max | server_val_max_restart |
268         server_cache_min_ttl | server_val_log_level |
269         server_auto_trust_anchor_file | server_add_holddown |
270         server_del_holddown | server_keep_missing | server_so_rcvbuf |
271         server_edns_buffer_size | server_prefetch | server_prefetch_key |
272         server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
273         server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
274         server_log_local_actions |
275         server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
276         server_https_port | server_http_endpoint | server_http_max_streams |
277         server_http_query_buffer_size | server_http_response_buffer_size |
278         server_http_nodelay | server_http_notls_downstream |
279         server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
280         server_so_reuseport | server_delay_close | server_udp_connect |
281         server_unblock_lan_zones | server_insecure_lan_zones |
282         server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
283         server_nat64_prefix |
284         server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
285         server_ip_transparent | server_ip_ratelimit | server_ratelimit |
286         server_ip_dscp | server_infra_keep_probing |
287         server_ip_ratelimit_slabs | server_ratelimit_slabs |
288         server_ip_ratelimit_size | server_ratelimit_size |
289         server_ratelimit_for_domain |
290         server_ratelimit_below_domain | server_ratelimit_factor |
291         server_ip_ratelimit_factor | server_ratelimit_backoff |
292         server_ip_ratelimit_backoff | server_outbound_msg_retry |
293         server_max_sent_count | server_max_query_restarts |
294         server_send_client_subnet | server_client_subnet_zone |
295         server_client_subnet_always_forward | server_client_subnet_opcode |
296         server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
297         server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
298         server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
299         server_caps_whitelist | server_cache_max_negative_ttl |
300         server_permit_small_holddown | server_qname_minimisation |
301         server_ip_freebind | server_define_tag | server_local_zone_tag |
302         server_disable_dnssec_lame_check | server_access_control_tag |
303         server_local_zone_override | server_access_control_tag_action |
304         server_access_control_tag_data | server_access_control_view |
305         server_interface_action | server_interface_view | server_interface_tag |
306         server_interface_tag_action | server_interface_tag_data |
307         server_qname_minimisation_strict |
308         server_pad_responses | server_pad_responses_block_size |
309         server_pad_queries | server_pad_queries_block_size |
310         server_serve_expired |
311         server_serve_expired_ttl | server_serve_expired_ttl_reset |
312         server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
313         server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
314         server_log_identity | server_use_systemd |
315         server_response_ip_tag | server_response_ip | server_response_ip_data |
316         server_shm_enable | server_shm_key | server_fake_sha1 |
317         server_hide_trustanchor | server_trust_anchor_signaling |
318         server_root_key_sentinel |
319         server_ipsecmod_enabled | server_ipsecmod_hook |
320         server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
321         server_ipsecmod_whitelist | server_ipsecmod_strict |
322         server_udp_upstream_without_downstream | server_aggressive_nsec |
323         server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
324         server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
325         server_tcp_connection_limit | server_log_servfail | server_deny_any |
326         server_unknown_server_time_limit | server_log_tag_queryreply |
327         server_stream_wait_size | server_tls_ciphers |
328         server_tls_ciphersuites | server_tls_session_ticket_keys |
329         server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
330         server_tls_use_sni | server_edns_client_string |
331         server_edns_client_string_opcode | server_nsid |
332         server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
333         server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
334         server_interface_automatic_ports | server_ede |
335         server_proxy_protocol_port | server_statistics_inhibit_zero |
336         server_harden_unknown_additional | server_disable_edns_do
337         ;
338 stubstart: VAR_STUB_ZONE
339         {
340                 struct config_stub* s;
341                 OUTYY(("\nP(stub_zone:)\n"));
342                 cfg_parser->started_toplevel = 1;
343                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
344                 if(s) {
345                         s->next = cfg_parser->cfg->stubs;
346                         cfg_parser->cfg->stubs = s;
347                 } else {
348                         yyerror("out of memory");
349                 }
350         }
351         ;
352 contents_stub: contents_stub content_stub
353         | ;
354 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
355         stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
356         ;
357 forwardstart: VAR_FORWARD_ZONE
358         {
359                 struct config_stub* s;
360                 OUTYY(("\nP(forward_zone:)\n"));
361                 cfg_parser->started_toplevel = 1;
362                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
363                 if(s) {
364                         s->next = cfg_parser->cfg->forwards;
365                         cfg_parser->cfg->forwards = s;
366                 } else {
367                         yyerror("out of memory");
368                 }
369         }
370         ;
371 contents_forward: contents_forward content_forward
372         | ;
373 content_forward: forward_name | forward_host | forward_addr | forward_first |
374         forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
375         ;
376 viewstart: VAR_VIEW
377         {
378                 struct config_view* s;
379                 OUTYY(("\nP(view:)\n"));
380                 cfg_parser->started_toplevel = 1;
381                 s = (struct config_view*)calloc(1, sizeof(struct config_view));
382                 if(s) {
383                         s->next = cfg_parser->cfg->views;
384                         if(s->next && !s->next->name)
385                                 yyerror("view without name");
386                         cfg_parser->cfg->views = s;
387                 } else {
388                         yyerror("out of memory");
389                 }
390         }
391         ;
392 contents_view: contents_view content_view
393         | ;
394 content_view: view_name | view_local_zone | view_local_data | view_first |
395                 view_response_ip | view_response_ip_data | view_local_data_ptr
396         ;
397 authstart: VAR_AUTH_ZONE
398         {
399                 struct config_auth* s;
400                 OUTYY(("\nP(auth_zone:)\n"));
401                 cfg_parser->started_toplevel = 1;
402                 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
403                 if(s) {
404                         s->next = cfg_parser->cfg->auths;
405                         cfg_parser->cfg->auths = s;
406                         /* defaults for auth zone */
407                         s->for_downstream = 1;
408                         s->for_upstream = 1;
409                         s->fallback_enabled = 0;
410                         s->zonemd_check = 0;
411                         s->zonemd_reject_absence = 0;
412                         s->isrpz = 0;
413                 } else {
414                         yyerror("out of memory");
415                 }
416         }
417         ;
418 contents_auth: contents_auth content_auth
419         | ;
420 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
421         auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
422         auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
423         ;
424
425 rpz_tag: VAR_TAGS STRING_ARG
426         {
427                 uint8_t* bitlist;
428                 size_t len = 0;
429                 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
430                 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
431                         &len);
432                 free($2);
433                 if(!bitlist) {
434                         yyerror("could not parse tags, (define-tag them first)");
435                 }
436                 if(bitlist) {
437                         cfg_parser->cfg->auths->rpz_taglist = bitlist;
438                         cfg_parser->cfg->auths->rpz_taglistlen = len;
439
440                 }
441         }
442         ;
443
444 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
445         {
446                 OUTYY(("P(rpz_action_override:%s)\n", $2));
447                 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
448                    strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
449                    strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
450                         yyerror("rpz-action-override action: expected nxdomain, "
451                                 "nodata, passthru, drop, cname or disabled");
452                         free($2);
453                         cfg_parser->cfg->auths->rpz_action_override = NULL;
454                 }
455                 else {
456                         cfg_parser->cfg->auths->rpz_action_override = $2;
457                 }
458         }
459         ;
460
461 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
462         {
463                 OUTYY(("P(rpz_cname_override:%s)\n", $2));
464                 free(cfg_parser->cfg->auths->rpz_cname);
465                 cfg_parser->cfg->auths->rpz_cname = $2;
466         }
467         ;
468
469 rpz_log: VAR_RPZ_LOG STRING_ARG
470         {
471                 OUTYY(("P(rpz_log:%s)\n", $2));
472                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
473                         yyerror("expected yes or no.");
474                 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
475                 free($2);
476         }
477         ;
478
479 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
480         {
481                 OUTYY(("P(rpz_log_name:%s)\n", $2));
482                 free(cfg_parser->cfg->auths->rpz_log_name);
483                 cfg_parser->cfg->auths->rpz_log_name = $2;
484         }
485         ;
486 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
487         {
488                 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
489                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
490                         yyerror("expected yes or no.");
491                 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
492                 free($2);
493         }
494         ;
495
496 rpzstart: VAR_RPZ
497         {
498                 struct config_auth* s;
499                 OUTYY(("\nP(rpz:)\n"));
500                 cfg_parser->started_toplevel = 1;
501                 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
502                 if(s) {
503                         s->next = cfg_parser->cfg->auths;
504                         cfg_parser->cfg->auths = s;
505                         /* defaults for RPZ auth zone */
506                         s->for_downstream = 0;
507                         s->for_upstream = 0;
508                         s->fallback_enabled = 0;
509                         s->isrpz = 1;
510                 } else {
511                         yyerror("out of memory");
512                 }
513         }
514         ;
515 contents_rpz: contents_rpz content_rpz
516         | ;
517 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
518            auth_allow_notify | rpz_action_override | rpz_cname_override |
519            rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
520         ;
521 server_num_threads: VAR_NUM_THREADS STRING_ARG
522         {
523                 OUTYY(("P(server_num_threads:%s)\n", $2));
524                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
525                         yyerror("number expected");
526                 else cfg_parser->cfg->num_threads = atoi($2);
527                 free($2);
528         }
529         ;
530 server_verbosity: VAR_VERBOSITY STRING_ARG
531         {
532                 OUTYY(("P(server_verbosity:%s)\n", $2));
533                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
534                         yyerror("number expected");
535                 else cfg_parser->cfg->verbosity = atoi($2);
536                 free($2);
537         }
538         ;
539 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
540         {
541                 OUTYY(("P(server_statistics_interval:%s)\n", $2));
542                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
543                         cfg_parser->cfg->stat_interval = 0;
544                 else if(atoi($2) == 0)
545                         yyerror("number expected");
546                 else cfg_parser->cfg->stat_interval = atoi($2);
547                 free($2);
548         }
549         ;
550 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
551         {
552                 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
553                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
554                         yyerror("expected yes or no.");
555                 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
556                 free($2);
557         }
558         ;
559 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
560         {
561                 OUTYY(("P(server_extended_statistics:%s)\n", $2));
562                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
563                         yyerror("expected yes or no.");
564                 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
565                 free($2);
566         }
567         ;
568 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
569         {
570                 OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
571                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
572                         yyerror("expected yes or no.");
573                 else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
574                 free($2);
575         }
576         ;
577 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
578         {
579                 OUTYY(("P(server_shm_enable:%s)\n", $2));
580                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
581                         yyerror("expected yes or no.");
582                 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
583                 free($2);
584         }
585         ;
586 server_shm_key: VAR_SHM_KEY STRING_ARG
587         {
588                 OUTYY(("P(server_shm_key:%s)\n", $2));
589                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
590                         cfg_parser->cfg->shm_key = 0;
591                 else if(atoi($2) == 0)
592                         yyerror("number expected");
593                 else cfg_parser->cfg->shm_key = atoi($2);
594                 free($2);
595         }
596         ;
597 server_port: VAR_PORT STRING_ARG
598         {
599                 OUTYY(("P(server_port:%s)\n", $2));
600                 if(atoi($2) == 0)
601                         yyerror("port number expected");
602                 else cfg_parser->cfg->port = atoi($2);
603                 free($2);
604         }
605         ;
606 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
607         {
608         #ifdef CLIENT_SUBNET
609                 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
610                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
611                         fatal_exit("out of memory adding client-subnet");
612         #else
613                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
614                 free($2);
615         #endif
616         }
617         ;
618 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
619         {
620         #ifdef CLIENT_SUBNET
621                 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
622                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
623                         $2))
624                         fatal_exit("out of memory adding client-subnet-zone");
625         #else
626                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
627                 free($2);
628         #endif
629         }
630         ;
631 server_client_subnet_always_forward:
632         VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
633         {
634         #ifdef CLIENT_SUBNET
635                 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
636                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
637                         yyerror("expected yes or no.");
638                 else
639                         cfg_parser->cfg->client_subnet_always_forward =
640                                 (strcmp($2, "yes")==0);
641         #else
642                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
643         #endif
644                 free($2);
645         }
646         ;
647 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
648         {
649         #ifdef CLIENT_SUBNET
650                 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
651                 OUTYY(("P(Deprecated option, ignoring)\n"));
652         #else
653                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
654         #endif
655                 free($2);
656         }
657         ;
658 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
659         {
660         #ifdef CLIENT_SUBNET
661                 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
662                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
663                         yyerror("IPv4 subnet length expected");
664                 else if (atoi($2) > 32)
665                         cfg_parser->cfg->max_client_subnet_ipv4 = 32;
666                 else if (atoi($2) < 0)
667                         cfg_parser->cfg->max_client_subnet_ipv4 = 0;
668                 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
669         #else
670                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
671         #endif
672                 free($2);
673         }
674         ;
675 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
676         {
677         #ifdef CLIENT_SUBNET
678                 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
679                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
680                         yyerror("Ipv6 subnet length expected");
681                 else if (atoi($2) > 128)
682                         cfg_parser->cfg->max_client_subnet_ipv6 = 128;
683                 else if (atoi($2) < 0)
684                         cfg_parser->cfg->max_client_subnet_ipv6 = 0;
685                 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
686         #else
687                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
688         #endif
689                 free($2);
690         }
691         ;
692 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
693         {
694         #ifdef CLIENT_SUBNET
695                 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
696                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
697                         yyerror("IPv4 subnet length expected");
698                 else if (atoi($2) > 32)
699                         cfg_parser->cfg->min_client_subnet_ipv4 = 32;
700                 else if (atoi($2) < 0)
701                         cfg_parser->cfg->min_client_subnet_ipv4 = 0;
702                 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
703         #else
704                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
705         #endif
706                 free($2);
707         }
708         ;
709 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
710         {
711         #ifdef CLIENT_SUBNET
712                 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
713                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
714                         yyerror("Ipv6 subnet length expected");
715                 else if (atoi($2) > 128)
716                         cfg_parser->cfg->min_client_subnet_ipv6 = 128;
717                 else if (atoi($2) < 0)
718                         cfg_parser->cfg->min_client_subnet_ipv6 = 0;
719                 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
720         #else
721                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
722         #endif
723                 free($2);
724         }
725         ;
726 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
727         {
728         #ifdef CLIENT_SUBNET
729                 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
730                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
731                         yyerror("IPv4 ECS tree size expected");
732                 else if (atoi($2) < 0)
733                         cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
734                 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
735         #else
736                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
737         #endif
738                 free($2);
739         }
740         ;
741 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
742         {
743         #ifdef CLIENT_SUBNET
744                 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
745                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
746                         yyerror("IPv6 ECS tree size expected");
747                 else if (atoi($2) < 0)
748                         cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
749                 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
750         #else
751                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
752         #endif
753                 free($2);
754         }
755         ;
756 server_interface: VAR_INTERFACE STRING_ARG
757         {
758                 OUTYY(("P(server_interface:%s)\n", $2));
759                 if(cfg_parser->cfg->num_ifs == 0)
760                         cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
761                 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
762                                 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
763                 if(!cfg_parser->cfg->ifs)
764                         yyerror("out of memory");
765                 else
766                         cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
767         }
768         ;
769 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
770         {
771                 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
772                 if(cfg_parser->cfg->num_out_ifs == 0)
773                         cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
774                 else cfg_parser->cfg->out_ifs = realloc(
775                         cfg_parser->cfg->out_ifs,
776                         (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
777                 if(!cfg_parser->cfg->out_ifs)
778                         yyerror("out of memory");
779                 else
780                         cfg_parser->cfg->out_ifs[
781                                 cfg_parser->cfg->num_out_ifs++] = $2;
782         }
783         ;
784 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
785         {
786                 OUTYY(("P(server_outgoing_range:%s)\n", $2));
787                 if(atoi($2) == 0)
788                         yyerror("number expected");
789                 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
790                 free($2);
791         }
792         ;
793 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
794         {
795                 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
796                 if(!cfg_mark_ports($2, 1,
797                         cfg_parser->cfg->outgoing_avail_ports, 65536))
798                         yyerror("port number or range (\"low-high\") expected");
799                 free($2);
800         }
801         ;
802 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
803         {
804                 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
805                 if(!cfg_mark_ports($2, 0,
806                         cfg_parser->cfg->outgoing_avail_ports, 65536))
807                         yyerror("port number or range (\"low-high\") expected");
808                 free($2);
809         }
810         ;
811 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
812         {
813                 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
814                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
815                         yyerror("number expected");
816                 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
817                 free($2);
818         }
819         ;
820 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
821         {
822                 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
823                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
824                         yyerror("number expected");
825                 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
826                 free($2);
827         }
828         ;
829 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
830         {
831                 OUTYY(("P(server_interface_automatic:%s)\n", $2));
832                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
833                         yyerror("expected yes or no.");
834                 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
835                 free($2);
836         }
837         ;
838 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
839         {
840                 OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
841                 free(cfg_parser->cfg->if_automatic_ports);
842                 cfg_parser->cfg->if_automatic_ports = $2;
843         }
844         ;
845 server_do_ip4: VAR_DO_IP4 STRING_ARG
846         {
847                 OUTYY(("P(server_do_ip4:%s)\n", $2));
848                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849                         yyerror("expected yes or no.");
850                 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
851                 free($2);
852         }
853         ;
854 server_do_ip6: VAR_DO_IP6 STRING_ARG
855         {
856                 OUTYY(("P(server_do_ip6:%s)\n", $2));
857                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
858                         yyerror("expected yes or no.");
859                 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
860                 free($2);
861         }
862         ;
863 server_do_nat64: VAR_DO_NAT64 STRING_ARG
864         {
865                 OUTYY(("P(server_do_nat64:%s)\n", $2));
866                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
867                         yyerror("expected yes or no.");
868                 else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
869                 free($2);
870         }
871         ;
872 server_do_udp: VAR_DO_UDP STRING_ARG
873         {
874                 OUTYY(("P(server_do_udp:%s)\n", $2));
875                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
876                         yyerror("expected yes or no.");
877                 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
878                 free($2);
879         }
880         ;
881 server_do_tcp: VAR_DO_TCP STRING_ARG
882         {
883                 OUTYY(("P(server_do_tcp:%s)\n", $2));
884                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
885                         yyerror("expected yes or no.");
886                 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
887                 free($2);
888         }
889         ;
890 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
891         {
892                 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
893                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
894                         yyerror("expected yes or no.");
895                 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
896                 free($2);
897         }
898         ;
899 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
900         {
901                 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
902                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
903                         yyerror("expected yes or no.");
904                 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
905                 free($2);
906         }
907         ;
908 server_tcp_mss: VAR_TCP_MSS STRING_ARG
909         {
910                 OUTYY(("P(server_tcp_mss:%s)\n", $2));
911                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
912                                 yyerror("number expected");
913                 else cfg_parser->cfg->tcp_mss = atoi($2);
914                 free($2);
915         }
916         ;
917 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
918         {
919                 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
920                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
921                         yyerror("number expected");
922                 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
923                 free($2);
924         }
925         ;
926 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
927         {
928                 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
929                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
930                         yyerror("number expected");
931                 else if (atoi($2) > 120000)
932                         cfg_parser->cfg->tcp_idle_timeout = 120000;
933                 else if (atoi($2) < 1)
934                         cfg_parser->cfg->tcp_idle_timeout = 1;
935                 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
936                 free($2);
937         }
938         ;
939 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
940         {
941                 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
942                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
943                         yyerror("number expected");
944                 else if (atoi($2) < 1)
945                         cfg_parser->cfg->max_reuse_tcp_queries = 0;
946                 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
947                 free($2);
948         }
949         ;
950 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
951         {
952                 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
953                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
954                         yyerror("number expected");
955                 else if (atoi($2) < 1)
956                         cfg_parser->cfg->tcp_reuse_timeout = 0;
957                 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
958                 free($2);
959         }
960         ;
961 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
962         {
963                 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
964                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
965                         yyerror("number expected");
966                 else if (atoi($2) < 1)
967                         cfg_parser->cfg->tcp_auth_query_timeout = 0;
968                 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
969                 free($2);
970         }
971         ;
972 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
973         {
974                 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
975                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
976                         yyerror("expected yes or no.");
977                 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
978                 free($2);
979         }
980         ;
981 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
982         {
983                 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
984                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
985                         yyerror("number expected");
986                 else if (atoi($2) > 6553500)
987                         cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
988                 else if (atoi($2) < 1)
989                         cfg_parser->cfg->tcp_keepalive_timeout = 0;
990                 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
991                 free($2);
992         }
993         ;
994 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
995         {
996                 OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
997                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
998                         yyerror("number expected");
999                 else if (atoi($2) > 6553500)
1000                         cfg_parser->cfg->sock_queue_timeout = 6553500;
1001                 else if (atoi($2) < 1)
1002                         cfg_parser->cfg->sock_queue_timeout = 0;
1003                 else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1004                 free($2);
1005         }
1006         ;
1007 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1008         {
1009                 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1010                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1011                         yyerror("expected yes or no.");
1012                 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1013                 free($2);
1014         }
1015         ;
1016 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1017         {
1018                 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1019                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1020                         yyerror("expected yes or no.");
1021                 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1022                 free($2);
1023         }
1024         ;
1025 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1026         {
1027                 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1028                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1029                         yyerror("expected yes or no.");
1030                 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1031                 free($2);
1032         }
1033         ;
1034 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1035         {
1036                 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1037                 free(cfg_parser->cfg->ssl_service_key);
1038                 cfg_parser->cfg->ssl_service_key = $2;
1039         }
1040         ;
1041 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1042         {
1043                 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1044                 free(cfg_parser->cfg->ssl_service_pem);
1045                 cfg_parser->cfg->ssl_service_pem = $2;
1046         }
1047         ;
1048 server_ssl_port: VAR_SSL_PORT STRING_ARG
1049         {
1050                 OUTYY(("P(server_ssl_port:%s)\n", $2));
1051                 if(atoi($2) == 0)
1052                         yyerror("port number expected");
1053                 else cfg_parser->cfg->ssl_port = atoi($2);
1054                 free($2);
1055         }
1056         ;
1057 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1058         {
1059                 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1060                 free(cfg_parser->cfg->tls_cert_bundle);
1061                 cfg_parser->cfg->tls_cert_bundle = $2;
1062         }
1063         ;
1064 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1065         {
1066                 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1067                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1068                         yyerror("expected yes or no.");
1069                 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1070                 free($2);
1071         }
1072         ;
1073 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1074         {
1075                 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1076                 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1077                         $2))
1078                         yyerror("out of memory");
1079         }
1080         ;
1081 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1082         {
1083                 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1084                 free(cfg_parser->cfg->tls_ciphers);
1085                 cfg_parser->cfg->tls_ciphers = $2;
1086         }
1087         ;
1088 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1089         {
1090                 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1091                 free(cfg_parser->cfg->tls_ciphersuites);
1092                 cfg_parser->cfg->tls_ciphersuites = $2;
1093         }
1094         ;
1095 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1096         {
1097                 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1098                 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1099                         $2))
1100                         yyerror("out of memory");
1101         }
1102         ;
1103 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1104         {
1105                 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1106                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1107                         yyerror("expected yes or no.");
1108                 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1109                 free($2);
1110         }
1111         ;
1112 server_https_port: VAR_HTTPS_PORT STRING_ARG
1113         {
1114                 OUTYY(("P(server_https_port:%s)\n", $2));
1115                 if(atoi($2) == 0)
1116                         yyerror("port number expected");
1117                 else cfg_parser->cfg->https_port = atoi($2);
1118                 free($2);
1119         };
1120 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1121         {
1122                 OUTYY(("P(server_http_endpoint:%s)\n", $2));
1123                 free(cfg_parser->cfg->http_endpoint);
1124                 if($2 && $2[0] != '/') {
1125                         cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1126                         if(!cfg_parser->cfg->http_endpoint)
1127                                 yyerror("out of memory");
1128                         cfg_parser->cfg->http_endpoint[0] = '/';
1129                         memmove(cfg_parser->cfg->http_endpoint+1, $2,
1130                                 strlen($2)+1);
1131                         free($2);
1132                 } else {
1133                         cfg_parser->cfg->http_endpoint = $2;
1134                 }
1135         };
1136 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1137         {
1138                 OUTYY(("P(server_http_max_streams:%s)\n", $2));
1139                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1140                         yyerror("number expected");
1141                 else cfg_parser->cfg->http_max_streams = atoi($2);
1142                 free($2);
1143         };
1144 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1145         {
1146                 OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1147                 if(!cfg_parse_memsize($2,
1148                         &cfg_parser->cfg->http_query_buffer_size))
1149                         yyerror("memory size expected");
1150                 free($2);
1151         };
1152 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1153         {
1154                 OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1155                 if(!cfg_parse_memsize($2,
1156                         &cfg_parser->cfg->http_response_buffer_size))
1157                         yyerror("memory size expected");
1158                 free($2);
1159         };
1160 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1161         {
1162                 OUTYY(("P(server_http_nodelay:%s)\n", $2));
1163                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1164                         yyerror("expected yes or no.");
1165                 else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1166                 free($2);
1167         };
1168 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1169         {
1170                 OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1171                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1172                         yyerror("expected yes or no.");
1173                 else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1174                 free($2);
1175         };
1176 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1177         {
1178                 OUTYY(("P(server_use_systemd:%s)\n", $2));
1179                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180                         yyerror("expected yes or no.");
1181                 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1182                 free($2);
1183         }
1184         ;
1185 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1186         {
1187                 OUTYY(("P(server_do_daemonize:%s)\n", $2));
1188                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1189                         yyerror("expected yes or no.");
1190                 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1191                 free($2);
1192         }
1193         ;
1194 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1195         {
1196                 OUTYY(("P(server_use_syslog:%s)\n", $2));
1197                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1198                         yyerror("expected yes or no.");
1199                 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1200 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1201                 if(strcmp($2, "yes") == 0)
1202                         yyerror("no syslog services are available. "
1203                                 "(reconfigure and compile to add)");
1204 #endif
1205                 free($2);
1206         }
1207         ;
1208 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1209         {
1210                 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1211                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1212                         yyerror("expected yes or no.");
1213                 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1214                 free($2);
1215         }
1216         ;
1217 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1218         {
1219                 OUTYY(("P(server_log_queries:%s)\n", $2));
1220                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1221                         yyerror("expected yes or no.");
1222                 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1223                 free($2);
1224         }
1225         ;
1226 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1227         {
1228                 OUTYY(("P(server_log_replies:%s)\n", $2));
1229                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1230                         yyerror("expected yes or no.");
1231                 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1232                 free($2);
1233         }
1234         ;
1235 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1236         {
1237                 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1238                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1239                         yyerror("expected yes or no.");
1240                 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1241                 free($2);
1242         }
1243         ;
1244 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1245         {
1246                 OUTYY(("P(server_log_servfail:%s)\n", $2));
1247                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1248                         yyerror("expected yes or no.");
1249                 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1250                 free($2);
1251         }
1252         ;
1253 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1254         {
1255                 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1256                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1257                         yyerror("expected yes or no.");
1258                 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1259                 free($2);
1260         }
1261         ;
1262 server_chroot: VAR_CHROOT STRING_ARG
1263         {
1264                 OUTYY(("P(server_chroot:%s)\n", $2));
1265                 free(cfg_parser->cfg->chrootdir);
1266                 cfg_parser->cfg->chrootdir = $2;
1267         }
1268         ;
1269 server_username: VAR_USERNAME STRING_ARG
1270         {
1271                 OUTYY(("P(server_username:%s)\n", $2));
1272                 free(cfg_parser->cfg->username);
1273                 cfg_parser->cfg->username = $2;
1274         }
1275         ;
1276 server_directory: VAR_DIRECTORY STRING_ARG
1277         {
1278                 OUTYY(("P(server_directory:%s)\n", $2));
1279                 free(cfg_parser->cfg->directory);
1280                 cfg_parser->cfg->directory = $2;
1281                 /* change there right away for includes relative to this */
1282                 if($2[0]) {
1283                         char* d;
1284 #ifdef UB_ON_WINDOWS
1285                         w_config_adjust_directory(cfg_parser->cfg);
1286 #endif
1287                         d = cfg_parser->cfg->directory;
1288                         /* adjust directory if we have already chroot,
1289                          * like, we reread after sighup */
1290                         if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1291                                 strncmp(d, cfg_parser->chroot, strlen(
1292                                 cfg_parser->chroot)) == 0)
1293                                 d += strlen(cfg_parser->chroot);
1294                         if(d[0]) {
1295                                 if(chdir(d))
1296                                 log_err("cannot chdir to directory: %s (%s)",
1297                                         d, strerror(errno));
1298                         }
1299                 }
1300         }
1301         ;
1302 server_logfile: VAR_LOGFILE STRING_ARG
1303         {
1304                 OUTYY(("P(server_logfile:%s)\n", $2));
1305                 free(cfg_parser->cfg->logfile);
1306                 cfg_parser->cfg->logfile = $2;
1307                 cfg_parser->cfg->use_syslog = 0;
1308         }
1309         ;
1310 server_pidfile: VAR_PIDFILE STRING_ARG
1311         {
1312                 OUTYY(("P(server_pidfile:%s)\n", $2));
1313                 free(cfg_parser->cfg->pidfile);
1314                 cfg_parser->cfg->pidfile = $2;
1315         }
1316         ;
1317 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1318         {
1319                 OUTYY(("P(server_root_hints:%s)\n", $2));
1320                 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1321                         yyerror("out of memory");
1322         }
1323         ;
1324 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1325         {
1326                 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1327                 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1328                 free($2);
1329         }
1330         ;
1331 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1332         {
1333                 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1334                 log_warn("option dlv-anchor ignored: DLV is decommissioned");
1335                 free($2);
1336         }
1337         ;
1338 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1339         {
1340                 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1341                 if(!cfg_strlist_insert(&cfg_parser->cfg->
1342                         auto_trust_anchor_file_list, $2))
1343                         yyerror("out of memory");
1344         }
1345         ;
1346 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1347         {
1348                 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1349                 if(!cfg_strlist_insert(&cfg_parser->cfg->
1350                         trust_anchor_file_list, $2))
1351                         yyerror("out of memory");
1352         }
1353         ;
1354 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1355         {
1356                 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1357                 if(!cfg_strlist_insert(&cfg_parser->cfg->
1358                         trusted_keys_file_list, $2))
1359                         yyerror("out of memory");
1360         }
1361         ;
1362 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1363         {
1364                 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1365                 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1366                         yyerror("out of memory");
1367         }
1368         ;
1369 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1370         {
1371                 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1372                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1373                         yyerror("expected yes or no.");
1374                 else
1375                         cfg_parser->cfg->trust_anchor_signaling =
1376                                 (strcmp($2, "yes")==0);
1377                 free($2);
1378         }
1379         ;
1380 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1381         {
1382                 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1383                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1384                         yyerror("expected yes or no.");
1385                 else
1386                         cfg_parser->cfg->root_key_sentinel =
1387                                 (strcmp($2, "yes")==0);
1388                 free($2);
1389         }
1390         ;
1391 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1392         {
1393                 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1394                 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1395                         yyerror("out of memory");
1396         }
1397         ;
1398 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1399         {
1400                 OUTYY(("P(server_hide_identity:%s)\n", $2));
1401                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1402                         yyerror("expected yes or no.");
1403                 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1404                 free($2);
1405         }
1406         ;
1407 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1408         {
1409                 OUTYY(("P(server_hide_version:%s)\n", $2));
1410                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1411                         yyerror("expected yes or no.");
1412                 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1413                 free($2);
1414         }
1415         ;
1416 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1417         {
1418                 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1419                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1420                         yyerror("expected yes or no.");
1421                 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1422                 free($2);
1423         }
1424         ;
1425 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1426         {
1427                 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1428                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1429                         yyerror("expected yes or no.");
1430                 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1431                 free($2);
1432         }
1433         ;
1434 server_identity: VAR_IDENTITY STRING_ARG
1435         {
1436                 OUTYY(("P(server_identity:%s)\n", $2));
1437                 free(cfg_parser->cfg->identity);
1438                 cfg_parser->cfg->identity = $2;
1439         }
1440         ;
1441 server_version: VAR_VERSION STRING_ARG
1442         {
1443                 OUTYY(("P(server_version:%s)\n", $2));
1444                 free(cfg_parser->cfg->version);
1445                 cfg_parser->cfg->version = $2;
1446         }
1447         ;
1448 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1449         {
1450                 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1451                 free(cfg_parser->cfg->http_user_agent);
1452                 cfg_parser->cfg->http_user_agent = $2;
1453         }
1454         ;
1455 server_nsid: VAR_NSID STRING_ARG
1456         {
1457                 OUTYY(("P(server_nsid:%s)\n", $2));
1458                 free(cfg_parser->cfg->nsid_cfg_str);
1459                 cfg_parser->cfg->nsid_cfg_str = $2;
1460                 free(cfg_parser->cfg->nsid);
1461                 cfg_parser->cfg->nsid = NULL;
1462                 cfg_parser->cfg->nsid_len = 0;
1463                 if (*$2 == 0)
1464                         ; /* pass; empty string is not setting nsid */
1465                 else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1466                                         $2, &cfg_parser->cfg->nsid_len)))
1467                         yyerror("the NSID must be either a hex string or an "
1468                             "ascii character string prepended with ascii_.");
1469         }
1470         ;
1471 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1472         {
1473                 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1474                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1475                         yyerror("buffer size expected");
1476                 free($2);
1477         }
1478         ;
1479 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1480         {
1481                 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1482                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1483                         yyerror("buffer size expected");
1484                 free($2);
1485         }
1486         ;
1487 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1488         {
1489                 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1490                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1491                         yyerror("expected yes or no.");
1492                 else cfg_parser->cfg->so_reuseport =
1493                         (strcmp($2, "yes")==0);
1494                 free($2);
1495         }
1496         ;
1497 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1498         {
1499                 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1500                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1501                         yyerror("expected yes or no.");
1502                 else cfg_parser->cfg->ip_transparent =
1503                         (strcmp($2, "yes")==0);
1504                 free($2);
1505         }
1506         ;
1507 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1508         {
1509                 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1510                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1511                         yyerror("expected yes or no.");
1512                 else cfg_parser->cfg->ip_freebind =
1513                         (strcmp($2, "yes")==0);
1514                 free($2);
1515         }
1516         ;
1517 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1518         {
1519                 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1520                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1521                         yyerror("number expected");
1522                 else if (atoi($2) > 63)
1523                         yyerror("value too large (max 63)");
1524                 else if (atoi($2) < 0)
1525                         yyerror("value too small (min 0)");
1526                 else
1527                         cfg_parser->cfg->ip_dscp = atoi($2);
1528                 free($2);
1529         }
1530         ;
1531 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1532         {
1533                 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1534                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1535                         yyerror("memory size expected");
1536                 free($2);
1537         }
1538         ;
1539 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1540         {
1541                 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1542                 if(atoi($2) == 0)
1543                         yyerror("number expected");
1544                 else if (atoi($2) < 12)
1545                         yyerror("edns buffer size too small");
1546                 else if (atoi($2) > 65535)
1547                         cfg_parser->cfg->edns_buffer_size = 65535;
1548                 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1549                 free($2);
1550         }
1551         ;
1552 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1553         {
1554                 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1555                 if(atoi($2) == 0)
1556                         yyerror("number expected");
1557                 else if (atoi($2) < 4096)
1558                         yyerror("message buffer size too small (use 4096)");
1559                 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1560                 free($2);
1561         }
1562         ;
1563 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1564         {
1565                 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1566                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1567                         yyerror("memory size expected");
1568                 free($2);
1569         }
1570         ;
1571 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1572         {
1573                 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1574                 if(atoi($2) == 0) {
1575                         yyerror("number expected");
1576                 } else {
1577                         cfg_parser->cfg->msg_cache_slabs = atoi($2);
1578                         if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1579                                 yyerror("must be a power of 2");
1580                 }
1581                 free($2);
1582         }
1583         ;
1584 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1585         {
1586                 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1587                 if(atoi($2) == 0)
1588                         yyerror("number expected");
1589                 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1590                 free($2);
1591         }
1592         ;
1593 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1594         {
1595                 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1596                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1597                         yyerror("number expected");
1598                 else cfg_parser->cfg->jostle_time = atoi($2);
1599                 free($2);
1600         }
1601         ;
1602 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1603         {
1604                 OUTYY(("P(server_delay_close:%s)\n", $2));
1605                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1606                         yyerror("number expected");
1607                 else cfg_parser->cfg->delay_close = atoi($2);
1608                 free($2);
1609         }
1610         ;
1611 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1612         {
1613                 OUTYY(("P(server_udp_connect:%s)\n", $2));
1614                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1615                         yyerror("expected yes or no.");
1616                 else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1617                 free($2);
1618         }
1619         ;
1620 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1621         {
1622                 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1623                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1624                         yyerror("expected yes or no.");
1625                 else cfg_parser->cfg->unblock_lan_zones =
1626                         (strcmp($2, "yes")==0);
1627                 free($2);
1628         }
1629         ;
1630 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1631         {
1632                 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1633                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1634                         yyerror("expected yes or no.");
1635                 else cfg_parser->cfg->insecure_lan_zones =
1636                         (strcmp($2, "yes")==0);
1637                 free($2);
1638         }
1639         ;
1640 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1641         {
1642                 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1643                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1644                         yyerror("memory size expected");
1645                 free($2);
1646         }
1647         ;
1648 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1649         {
1650                 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1651                 if(atoi($2) == 0) {
1652                         yyerror("number expected");
1653                 } else {
1654                         cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1655                         if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1656                                 yyerror("must be a power of 2");
1657                 }
1658                 free($2);
1659         }
1660         ;
1661 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1662         {
1663                 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1664                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1665                         yyerror("number expected");
1666                 else cfg_parser->cfg->host_ttl = atoi($2);
1667                 free($2);
1668         }
1669         ;
1670 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1671         {
1672                 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1673                 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1674                         "removed, use infra-host-ttl)", $2);
1675                 free($2);
1676         }
1677         ;
1678 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1679         {
1680                 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1681                 if(atoi($2) == 0)
1682                         yyerror("number expected");
1683                 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1684                 free($2);
1685         }
1686         ;
1687 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1688         {
1689                 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1690                 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1691                         "(option removed, use infra-cache-numhosts)", $2);
1692                 free($2);
1693         }
1694         ;
1695 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1696         {
1697                 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1698                 if(atoi($2) == 0) {
1699                         yyerror("number expected");
1700                 } else {
1701                         cfg_parser->cfg->infra_cache_slabs = atoi($2);
1702                         if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1703                                 yyerror("must be a power of 2");
1704                 }
1705                 free($2);
1706         }
1707         ;
1708 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1709         {
1710                 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1711                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1712                         yyerror("number expected");
1713                 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1714                 free($2);
1715         }
1716         ;
1717 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1718         {
1719                 OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1720                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1721                         yyerror("number expected");
1722                 else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1723                 free($2);
1724         }
1725         ;
1726 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1727         {
1728                 OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1729                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1730                         yyerror("expected yes or no.");
1731                 else cfg_parser->cfg->infra_keep_probing =
1732                         (strcmp($2, "yes")==0);
1733                 free($2);
1734         }
1735         ;
1736 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1737         {
1738                 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1739                 free(cfg_parser->cfg->target_fetch_policy);
1740                 cfg_parser->cfg->target_fetch_policy = $2;
1741         }
1742         ;
1743 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1744         {
1745                 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1746                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1747                         yyerror("expected yes or no.");
1748                 else cfg_parser->cfg->harden_short_bufsize =
1749                         (strcmp($2, "yes")==0);
1750                 free($2);
1751         }
1752         ;
1753 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1754         {
1755                 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1756                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1757                         yyerror("expected yes or no.");
1758                 else cfg_parser->cfg->harden_large_queries =
1759                         (strcmp($2, "yes")==0);
1760                 free($2);
1761         }
1762         ;
1763 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1764         {
1765                 OUTYY(("P(server_harden_glue:%s)\n", $2));
1766                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1767                         yyerror("expected yes or no.");
1768                 else cfg_parser->cfg->harden_glue =
1769                         (strcmp($2, "yes")==0);
1770                 free($2);
1771         }
1772         ;
1773 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1774         {
1775                 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1776                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1777                         yyerror("expected yes or no.");
1778                 else cfg_parser->cfg->harden_dnssec_stripped =
1779                         (strcmp($2, "yes")==0);
1780                 free($2);
1781         }
1782         ;
1783 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1784         {
1785                 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1786                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1787                         yyerror("expected yes or no.");
1788                 else cfg_parser->cfg->harden_below_nxdomain =
1789                         (strcmp($2, "yes")==0);
1790                 free($2);
1791         }
1792         ;
1793 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1794         {
1795                 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1796                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1797                         yyerror("expected yes or no.");
1798                 else cfg_parser->cfg->harden_referral_path =
1799                         (strcmp($2, "yes")==0);
1800                 free($2);
1801         }
1802         ;
1803 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1804         {
1805                 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1806                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1807                         yyerror("expected yes or no.");
1808                 else cfg_parser->cfg->harden_algo_downgrade =
1809                         (strcmp($2, "yes")==0);
1810                 free($2);
1811         }
1812         ;
1813 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1814         {
1815                 OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1816                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1817                         yyerror("expected yes or no.");
1818                 else cfg_parser->cfg->harden_unknown_additional =
1819                         (strcmp($2, "yes")==0);
1820                 free($2);
1821         }
1822         ;
1823 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1824         {
1825                 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1826                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1827                         yyerror("expected yes or no.");
1828                 else cfg_parser->cfg->use_caps_bits_for_id =
1829                         (strcmp($2, "yes")==0);
1830                 free($2);
1831         }
1832         ;
1833 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1834         {
1835                 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1836                 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1837                         yyerror("out of memory");
1838         }
1839         ;
1840 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1841         {
1842                 OUTYY(("P(server_private_address:%s)\n", $2));
1843                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1844                         yyerror("out of memory");
1845         }
1846         ;
1847 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1848         {
1849                 OUTYY(("P(server_private_domain:%s)\n", $2));
1850                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1851                         yyerror("out of memory");
1852         }
1853         ;
1854 server_prefetch: VAR_PREFETCH STRING_ARG
1855         {
1856                 OUTYY(("P(server_prefetch:%s)\n", $2));
1857                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1858                         yyerror("expected yes or no.");
1859                 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1860                 free($2);
1861         }
1862         ;
1863 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1864         {
1865                 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1866                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1867                         yyerror("expected yes or no.");
1868                 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1869                 free($2);
1870         }
1871         ;
1872 server_deny_any: VAR_DENY_ANY STRING_ARG
1873         {
1874                 OUTYY(("P(server_deny_any:%s)\n", $2));
1875                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1876                         yyerror("expected yes or no.");
1877                 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1878                 free($2);
1879         }
1880         ;
1881 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1882         {
1883                 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1884                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1885                         yyerror("number expected");
1886                 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1887                 free($2);
1888         }
1889         ;
1890 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1891         {
1892                 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1893                 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1894                         yyerror("out of memory");
1895         }
1896         ;
1897 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1898         {
1899                 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1900                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1901                         yyerror("expected yes or no.");
1902                 else cfg_parser->cfg->donotquery_localhost =
1903                         (strcmp($2, "yes")==0);
1904                 free($2);
1905         }
1906         ;
1907 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1908         {
1909                 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1910                 validate_acl_action($3);
1911                 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1912                         fatal_exit("out of memory adding acl");
1913         }
1914         ;
1915 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
1916         {
1917                 OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
1918                 validate_acl_action($3);
1919                 if(!cfg_str2list_insert(
1920                         &cfg_parser->cfg->interface_actions, $2, $3))
1921                         fatal_exit("out of memory adding acl");
1922         }
1923         ;
1924 server_module_conf: VAR_MODULE_CONF STRING_ARG
1925         {
1926                 OUTYY(("P(server_module_conf:%s)\n", $2));
1927                 free(cfg_parser->cfg->module_conf);
1928                 cfg_parser->cfg->module_conf = $2;
1929         }
1930         ;
1931 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1932         {
1933                 OUTYY(("P(server_val_override_date:%s)\n", $2));
1934                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1935                         cfg_parser->cfg->val_date_override = 0;
1936                 } else if(strlen($2) == 14) {
1937                         cfg_parser->cfg->val_date_override =
1938                                 cfg_convert_timeval($2);
1939                         if(!cfg_parser->cfg->val_date_override)
1940                                 yyerror("bad date/time specification");
1941                 } else {
1942                         if(atoi($2) == 0)
1943                                 yyerror("number expected");
1944                         cfg_parser->cfg->val_date_override = atoi($2);
1945                 }
1946                 free($2);
1947         }
1948         ;
1949 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1950         {
1951                 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1952                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1953                         cfg_parser->cfg->val_sig_skew_min = 0;
1954                 } else {
1955                         cfg_parser->cfg->val_sig_skew_min = atoi($2);
1956                         if(!cfg_parser->cfg->val_sig_skew_min)
1957                                 yyerror("number expected");
1958                 }
1959                 free($2);
1960         }
1961         ;
1962 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1963         {
1964                 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1965                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1966                         cfg_parser->cfg->val_sig_skew_max = 0;
1967                 } else {
1968                         cfg_parser->cfg->val_sig_skew_max = atoi($2);
1969                         if(!cfg_parser->cfg->val_sig_skew_max)
1970                                 yyerror("number expected");
1971                 }
1972                 free($2);
1973         }
1974         ;
1975 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1976         {
1977                 OUTYY(("P(server_val_max_restart:%s)\n", $2));
1978                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1979                         cfg_parser->cfg->val_max_restart = 0;
1980                 } else {
1981                         cfg_parser->cfg->val_max_restart = atoi($2);
1982                         if(!cfg_parser->cfg->val_max_restart)
1983                                 yyerror("number expected");
1984                 }
1985                 free($2);
1986         }
1987         ;
1988 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1989         {
1990                 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1991                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1992                         yyerror("number expected");
1993                 else cfg_parser->cfg->max_ttl = atoi($2);
1994                 free($2);
1995         }
1996         ;
1997 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1998         {
1999                 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2000                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2001                         yyerror("number expected");
2002                 else cfg_parser->cfg->max_negative_ttl = atoi($2);
2003                 free($2);
2004         }
2005         ;
2006 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2007         {
2008                 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2009                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2010                         yyerror("number expected");
2011                 else cfg_parser->cfg->min_ttl = atoi($2);
2012                 free($2);
2013         }
2014         ;
2015 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2016         {
2017                 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2018                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2019                         yyerror("number expected");
2020                 else cfg_parser->cfg->bogus_ttl = atoi($2);
2021                 free($2);
2022         }
2023         ;
2024 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2025         {
2026                 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2027                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2028                         yyerror("expected yes or no.");
2029                 else cfg_parser->cfg->val_clean_additional =
2030                         (strcmp($2, "yes")==0);
2031                 free($2);
2032         }
2033         ;
2034 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2035         {
2036                 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2037                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2038                         yyerror("expected yes or no.");
2039                 else cfg_parser->cfg->val_permissive_mode =
2040                         (strcmp($2, "yes")==0);
2041                 free($2);
2042         }
2043         ;
2044 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2045         {
2046                 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2047                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2048                         yyerror("expected yes or no.");
2049                 else
2050                         cfg_parser->cfg->aggressive_nsec =
2051                                 (strcmp($2, "yes")==0);
2052                 free($2);
2053         }
2054         ;
2055 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2056         {
2057                 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2058                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2059                         yyerror("expected yes or no.");
2060                 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2061                 free($2);
2062         }
2063         ;
2064 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2065         {
2066                 OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2067                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2068                         yyerror("expected yes or no.");
2069                 else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2070                 free($2);
2071         }
2072         ;
2073 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2074         {
2075                 OUTYY(("P(server_serve_expired:%s)\n", $2));
2076                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2077                         yyerror("expected yes or no.");
2078                 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2079                 free($2);
2080         }
2081         ;
2082 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2083         {
2084                 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2085                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2086                         yyerror("number expected");
2087                 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2088                 free($2);
2089         }
2090         ;
2091 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2092         {
2093                 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2094                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2095                         yyerror("expected yes or no.");
2096                 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2097                 free($2);
2098         }
2099         ;
2100 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2101         {
2102                 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2103                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2104                         yyerror("number expected");
2105                 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2106                 free($2);
2107         }
2108         ;
2109 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2110         {
2111                 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2112                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2113                         yyerror("number expected");
2114                 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2115                 free($2);
2116         }
2117         ;
2118 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2119         {
2120                 OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2121                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2122                         yyerror("expected yes or no.");
2123                 else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2124                 free($2);
2125         }
2126         ;
2127 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2128         {
2129                 OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2130                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2131                         yyerror("expected yes or no.");
2132                 else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2133                 free($2);
2134         }
2135         ;
2136 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2137         {
2138                 OUTYY(("P(server_fake_dsa:%s)\n", $2));
2139                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140                         yyerror("expected yes or no.");
2141 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2142                 else fake_dsa = (strcmp($2, "yes")==0);
2143                 if(fake_dsa)
2144                         log_warn("test option fake_dsa is enabled");
2145 #endif
2146                 free($2);
2147         }
2148         ;
2149 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2150         {
2151                 OUTYY(("P(server_fake_sha1:%s)\n", $2));
2152                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2153                         yyerror("expected yes or no.");
2154 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2155                 else fake_sha1 = (strcmp($2, "yes")==0);
2156                 if(fake_sha1)
2157                         log_warn("test option fake_sha1 is enabled");
2158 #endif
2159                 free($2);
2160         }
2161         ;
2162 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2163         {
2164                 OUTYY(("P(server_val_log_level:%s)\n", $2));
2165                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2166                         yyerror("number expected");
2167                 else cfg_parser->cfg->val_log_level = atoi($2);
2168                 free($2);
2169         }
2170         ;
2171 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2172         {
2173                 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2174                 free(cfg_parser->cfg->val_nsec3_key_iterations);
2175                 cfg_parser->cfg->val_nsec3_key_iterations = $2;
2176         }
2177         ;
2178 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2179         {
2180                 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2181                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2182                         yyerror("expected yes or no.");
2183                 else    cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2184                 free($2);
2185         }
2186         ;
2187 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2188         {
2189                 OUTYY(("P(server_add_holddown:%s)\n", $2));
2190                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2191                         yyerror("number expected");
2192                 else cfg_parser->cfg->add_holddown = atoi($2);
2193                 free($2);
2194         }
2195         ;
2196 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2197         {
2198                 OUTYY(("P(server_del_holddown:%s)\n", $2));
2199                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2200                         yyerror("number expected");
2201                 else cfg_parser->cfg->del_holddown = atoi($2);
2202                 free($2);
2203         }
2204         ;
2205 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2206         {
2207                 OUTYY(("P(server_keep_missing:%s)\n", $2));
2208                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2209                         yyerror("number expected");
2210                 else cfg_parser->cfg->keep_missing = atoi($2);
2211                 free($2);
2212         }
2213         ;
2214 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2215         {
2216                 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2217                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2218                         yyerror("expected yes or no.");
2219                 else cfg_parser->cfg->permit_small_holddown =
2220                         (strcmp($2, "yes")==0);
2221                 free($2);
2222         }
2223         ;
2224 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2225         {
2226                 OUTYY(("P(server_key_cache_size:%s)\n", $2));
2227                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2228                         yyerror("memory size expected");
2229                 free($2);
2230         }
2231         ;
2232 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2233         {
2234                 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2235                 if(atoi($2) == 0) {
2236                         yyerror("number expected");
2237                 } else {
2238                         cfg_parser->cfg->key_cache_slabs = atoi($2);
2239                         if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2240                                 yyerror("must be a power of 2");
2241                 }
2242                 free($2);
2243         }
2244         ;
2245 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2246         {
2247                 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2248                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2249                         yyerror("memory size expected");
2250                 free($2);
2251         }
2252         ;
2253 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2254         {
2255                 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2256                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2257                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2258                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2259                    && strcmp($3, "typetransparent")!=0
2260                    && strcmp($3, "always_transparent")!=0
2261                    && strcmp($3, "block_a")!=0
2262                    && strcmp($3, "always_refuse")!=0
2263                    && strcmp($3, "always_nxdomain")!=0
2264                    && strcmp($3, "always_nodata")!=0
2265                    && strcmp($3, "always_deny")!=0
2266                    && strcmp($3, "always_null")!=0
2267                    && strcmp($3, "noview")!=0
2268                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2269                    && strcmp($3, "inform_redirect") != 0
2270                    && strcmp($3, "ipset") != 0) {
2271                         yyerror("local-zone type: expected static, deny, "
2272                                 "refuse, redirect, transparent, "
2273                                 "typetransparent, inform, inform_deny, "
2274                                 "inform_redirect, always_transparent, block_a,"
2275                                 "always_refuse, always_nxdomain, "
2276                                 "always_nodata, always_deny, always_null, "
2277                                 "noview, nodefault or ipset");
2278                         free($2);
2279                         free($3);
2280                 } else if(strcmp($3, "nodefault")==0) {
2281                         if(!cfg_strlist_insert(&cfg_parser->cfg->
2282                                 local_zones_nodefault, $2))
2283                                 fatal_exit("out of memory adding local-zone");
2284                         free($3);
2285 #ifdef USE_IPSET
2286                 } else if(strcmp($3, "ipset")==0) {
2287                         size_t len = strlen($2);
2288                         /* Make sure to add the trailing dot.
2289                          * These are str compared to domain names. */
2290                         if($2[len-1] != '.') {
2291                                 if(!($2 = realloc($2, len+2))) {
2292                                         fatal_exit("out of memory adding local-zone");
2293                                 }
2294                                 $2[len] = '.';
2295                                 $2[len+1] = 0;
2296                         }
2297                         if(!cfg_strlist_insert(&cfg_parser->cfg->
2298                                 local_zones_ipset, $2))
2299                                 fatal_exit("out of memory adding local-zone");
2300                         free($3);
2301 #endif
2302                 } else {
2303                         if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2304                                 $2, $3))
2305                                 fatal_exit("out of memory adding local-zone");
2306                 }
2307         }
2308         ;
2309 server_local_data: VAR_LOCAL_DATA STRING_ARG
2310         {
2311                 OUTYY(("P(server_local_data:%s)\n", $2));
2312                 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2313                         fatal_exit("out of memory adding local-data");
2314         }
2315         ;
2316 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2317         {
2318                 char* ptr;
2319                 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2320                 ptr = cfg_ptr_reverse($2);
2321                 free($2);
2322                 if(ptr) {
2323                         if(!cfg_strlist_insert(&cfg_parser->cfg->
2324                                 local_data, ptr))
2325                                 fatal_exit("out of memory adding local-data");
2326                 } else {
2327                         yyerror("local-data-ptr could not be reversed");
2328                 }
2329         }
2330         ;
2331 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2332         {
2333                 OUTYY(("P(server_minimal_responses:%s)\n", $2));
2334                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2335                         yyerror("expected yes or no.");
2336                 else cfg_parser->cfg->minimal_responses =
2337                         (strcmp($2, "yes")==0);
2338                 free($2);
2339         }
2340         ;
2341 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2342         {
2343                 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2344                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2345                         yyerror("expected yes or no.");
2346                 else cfg_parser->cfg->rrset_roundrobin =
2347                         (strcmp($2, "yes")==0);
2348                 free($2);
2349         }
2350         ;
2351 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2352         {
2353                 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2354                 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2355                 free($2);
2356         }
2357         ;
2358 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2359         {
2360                 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2361                 cfg_parser->cfg->max_udp_size = atoi($2);
2362                 free($2);
2363         }
2364         ;
2365 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2366         {
2367                 OUTYY(("P(dns64_prefix:%s)\n", $2));
2368                 free(cfg_parser->cfg->dns64_prefix);
2369                 cfg_parser->cfg->dns64_prefix = $2;
2370         }
2371         ;
2372 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2373         {
2374                 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2375                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2376                         yyerror("expected yes or no.");
2377                 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2378                 free($2);
2379         }
2380         ;
2381 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2382         {
2383                 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2384                 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2385                         $2))
2386                         fatal_exit("out of memory adding dns64-ignore-aaaa");
2387         }
2388         ;
2389 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2390         {
2391                 OUTYY(("P(nat64_prefix:%s)\n", $2));
2392                 free(cfg_parser->cfg->nat64_prefix);
2393                 cfg_parser->cfg->nat64_prefix = $2;
2394         }
2395         ;
2396 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2397         {
2398                 char* p, *s = $2;
2399                 OUTYY(("P(server_define_tag:%s)\n", $2));
2400                 while((p=strsep(&s, " \t\n")) != NULL) {
2401                         if(*p) {
2402                                 if(!config_add_tag(cfg_parser->cfg, p))
2403                                         yyerror("could not define-tag, "
2404                                                 "out of memory");
2405                         }
2406                 }
2407                 free($2);
2408         }
2409         ;
2410 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2411         {
2412                 size_t len = 0;
2413                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2414                         &len);
2415                 free($3);
2416                 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2417                 if(!bitlist) {
2418                         yyerror("could not parse tags, (define-tag them first)");
2419                         free($2);
2420                 }
2421                 if(bitlist) {
2422                         if(!cfg_strbytelist_insert(
2423                                 &cfg_parser->cfg->local_zone_tags,
2424                                 $2, bitlist, len)) {
2425                                 yyerror("out of memory");
2426                                 free($2);
2427                         }
2428                 }
2429         }
2430         ;
2431 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2432         {
2433                 size_t len = 0;
2434                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2435                         &len);
2436                 free($3);
2437                 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2438                 if(!bitlist) {
2439                         yyerror("could not parse tags, (define-tag them first)");
2440                         free($2);
2441                 }
2442                 if(bitlist) {
2443                         if(!cfg_strbytelist_insert(
2444                                 &cfg_parser->cfg->acl_tags,
2445                                 $2, bitlist, len)) {
2446                                 yyerror("out of memory");
2447                                 free($2);
2448                         }
2449                 }
2450         }
2451         ;
2452 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2453         {
2454                 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2455                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2456                         $2, $3, $4)) {
2457                         yyerror("out of memory");
2458                         free($2);
2459                         free($3);
2460                         free($4);
2461                 }
2462         }
2463         ;
2464 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2465         {
2466                 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2467                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2468                         $2, $3, $4)) {
2469                         yyerror("out of memory");
2470                         free($2);
2471                         free($3);
2472                         free($4);
2473                 }
2474         }
2475         ;
2476 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2477         {
2478                 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2479                 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2480                         $2, $3, $4)) {
2481                         yyerror("out of memory");
2482                         free($2);
2483                         free($3);
2484                         free($4);
2485                 }
2486         }
2487         ;
2488 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2489         {
2490                 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2491                 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2492                         $2, $3)) {
2493                         yyerror("out of memory");
2494                 }
2495         }
2496         ;
2497 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2498         {
2499                 size_t len = 0;
2500                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2501                         &len);
2502                 free($3);
2503                 OUTYY(("P(server_interface_tag:%s)\n", $2));
2504                 if(!bitlist) {
2505                         yyerror("could not parse tags, (define-tag them first)");
2506                         free($2);
2507                 }
2508                 if(bitlist) {
2509                         if(!cfg_strbytelist_insert(
2510                                 &cfg_parser->cfg->interface_tags,
2511                                 $2, bitlist, len)) {
2512                                 yyerror("out of memory");
2513                                 free($2);
2514                         }
2515                 }
2516         }
2517         ;
2518 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2519         {
2520                 OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2521                 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2522                         $2, $3, $4)) {
2523                         yyerror("out of memory");
2524                         free($2);
2525                         free($3);
2526                         free($4);
2527                 }
2528         }
2529         ;
2530 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2531         {
2532                 OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2533                 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2534                         $2, $3, $4)) {
2535                         yyerror("out of memory");
2536                         free($2);
2537                         free($3);
2538                         free($4);
2539                 }
2540         }
2541         ;
2542 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2543         {
2544                 OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2545                 if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2546                         $2, $3)) {
2547                         yyerror("out of memory");
2548                 }
2549         }
2550         ;
2551 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2552         {
2553                 size_t len = 0;
2554                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2555                         &len);
2556                 free($3);
2557                 OUTYY(("P(response_ip_tag:%s)\n", $2));
2558                 if(!bitlist) {
2559                         yyerror("could not parse tags, (define-tag them first)");
2560                         free($2);
2561                 }
2562                 if(bitlist) {
2563                         if(!cfg_strbytelist_insert(
2564                                 &cfg_parser->cfg->respip_tags,
2565                                 $2, bitlist, len)) {
2566                                 yyerror("out of memory");
2567                                 free($2);
2568                         }
2569                 }
2570         }
2571         ;
2572 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2573         {
2574                 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2575                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2576                         yyerror("number expected");
2577                 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2578                 free($2);
2579         }
2580         ;
2581 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2582         {
2583                 OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2584                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2585                         yyerror("number expected");
2586                 else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2587                 free($2);
2588         }
2589         ;
2590 server_ratelimit: VAR_RATELIMIT STRING_ARG
2591         {
2592                 OUTYY(("P(server_ratelimit:%s)\n", $2));
2593                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2594                         yyerror("number expected");
2595                 else cfg_parser->cfg->ratelimit = atoi($2);
2596                 free($2);
2597         }
2598         ;
2599 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2600         {
2601                 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2602                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2603                         yyerror("memory size expected");
2604                 free($2);
2605         }
2606         ;
2607 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2608         {
2609                 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2610                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2611                         yyerror("memory size expected");
2612                 free($2);
2613         }
2614         ;
2615 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2616         {
2617                 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2618                 if(atoi($2) == 0) {
2619                         yyerror("number expected");
2620                 } else {
2621                         cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2622                         if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2623                                 yyerror("must be a power of 2");
2624                 }
2625                 free($2);
2626         }
2627         ;
2628 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2629         {
2630                 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2631                 if(atoi($2) == 0) {
2632                         yyerror("number expected");
2633                 } else {
2634                         cfg_parser->cfg->ratelimit_slabs = atoi($2);
2635                         if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2636                                 yyerror("must be a power of 2");
2637                 }
2638                 free($2);
2639         }
2640         ;
2641 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2642         {
2643                 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2644                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2645                         yyerror("number expected");
2646                         free($2);
2647                         free($3);
2648                 } else {
2649                         if(!cfg_str2list_insert(&cfg_parser->cfg->
2650                                 ratelimit_for_domain, $2, $3))
2651                                 fatal_exit("out of memory adding "
2652                                         "ratelimit-for-domain");
2653                 }
2654         }
2655         ;
2656 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2657         {
2658                 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2659                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2660                         yyerror("number expected");
2661                         free($2);
2662                         free($3);
2663                 } else {
2664                         if(!cfg_str2list_insert(&cfg_parser->cfg->
2665                                 ratelimit_below_domain, $2, $3))
2666                                 fatal_exit("out of memory adding "
2667                                         "ratelimit-below-domain");
2668                 }
2669         }
2670         ;
2671 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2672         {
2673                 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2674                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2675                         yyerror("number expected");
2676                 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2677                 free($2);
2678         }
2679         ;
2680 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2681         {
2682                 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2683                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2684                         yyerror("number expected");
2685                 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2686                 free($2);
2687         }
2688         ;
2689 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2690         {
2691                 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2692                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2693                         yyerror("expected yes or no.");
2694                 else cfg_parser->cfg->ip_ratelimit_backoff =
2695                         (strcmp($2, "yes")==0);
2696                 free($2);
2697         }
2698         ;
2699 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2700         {
2701                 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2702                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2703                         yyerror("expected yes or no.");
2704                 else cfg_parser->cfg->ratelimit_backoff =
2705                         (strcmp($2, "yes")==0);
2706                 free($2);
2707         }
2708         ;
2709 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2710         {
2711                 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2712                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2713                         yyerror("number expected");
2714                 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2715                 free($2);
2716         }
2717         ;
2718 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2719         {
2720                 OUTYY(("P(server_max_sent_count:%s)\n", $2));
2721                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2722                         yyerror("number expected");
2723                 else cfg_parser->cfg->max_sent_count = atoi($2);
2724                 free($2);
2725         }
2726         ;
2727 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2728         {
2729                 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2730                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2731                         yyerror("number expected");
2732                 else cfg_parser->cfg->max_query_restarts = atoi($2);
2733                 free($2);
2734         }
2735         ;
2736 server_low_rtt: VAR_LOW_RTT STRING_ARG
2737         {
2738                 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2739                 free($2);
2740         }
2741         ;
2742 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2743         {
2744                 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2745                 if(atoi($2) <= 0)
2746                         yyerror("number expected");
2747                 else cfg_parser->cfg->fast_server_num = atoi($2);
2748                 free($2);
2749         }
2750         ;
2751 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2752         {
2753                 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2754                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2755                         yyerror("number expected");
2756                 else cfg_parser->cfg->fast_server_permil = atoi($2);
2757                 free($2);
2758         }
2759         ;
2760 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2761         {
2762                 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2763                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2764                         yyerror("expected yes or no.");
2765                 else cfg_parser->cfg->qname_minimisation =
2766                         (strcmp($2, "yes")==0);
2767                 free($2);
2768         }
2769         ;
2770 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2771         {
2772                 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2773                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2774                         yyerror("expected yes or no.");
2775                 else cfg_parser->cfg->qname_minimisation_strict =
2776                         (strcmp($2, "yes")==0);
2777                 free($2);
2778         }
2779         ;
2780 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2781         {
2782                 OUTYY(("P(server_pad_responses:%s)\n", $2));
2783                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784                         yyerror("expected yes or no.");
2785                 else cfg_parser->cfg->pad_responses =
2786                         (strcmp($2, "yes")==0);
2787                 free($2);
2788         }
2789         ;
2790 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2791         {
2792                 OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2793                 if(atoi($2) == 0)
2794                         yyerror("number expected");
2795                 else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2796                 free($2);
2797         }
2798         ;
2799 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2800         {
2801                 OUTYY(("P(server_pad_queries:%s)\n", $2));
2802                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2803                         yyerror("expected yes or no.");
2804                 else cfg_parser->cfg->pad_queries =
2805                         (strcmp($2, "yes")==0);
2806                 free($2);
2807         }
2808         ;
2809 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2810         {
2811                 OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2812                 if(atoi($2) == 0)
2813                         yyerror("number expected");
2814                 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2815                 free($2);
2816         }
2817         ;
2818 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2819         {
2820         #ifdef USE_IPSECMOD
2821                 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2822                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2823                         yyerror("expected yes or no.");
2824                 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2825         #else
2826                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2827         #endif
2828                 free($2);
2829         }
2830         ;
2831 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2832         {
2833         #ifdef USE_IPSECMOD
2834                 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2835                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2836                         yyerror("expected yes or no.");
2837                 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2838         #else
2839                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2840         #endif
2841                 free($2);
2842         }
2843         ;
2844 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2845         {
2846         #ifdef USE_IPSECMOD
2847                 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2848                 free(cfg_parser->cfg->ipsecmod_hook);
2849                 cfg_parser->cfg->ipsecmod_hook = $2;
2850         #else
2851                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2852                 free($2);
2853         #endif
2854         }
2855         ;
2856 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2857         {
2858         #ifdef USE_IPSECMOD
2859                 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2860                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2861                         yyerror("number expected");
2862                 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2863                 free($2);
2864         #else
2865                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2866                 free($2);
2867         #endif
2868         }
2869         ;
2870 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2871         {
2872         #ifdef USE_IPSECMOD
2873                 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2874                 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2875                         yyerror("out of memory");
2876         #else
2877                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2878                 free($2);
2879         #endif
2880         }
2881         ;
2882 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2883         {
2884         #ifdef USE_IPSECMOD
2885                 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2886                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2887                         yyerror("expected yes or no.");
2888                 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2889                 free($2);
2890         #else
2891                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2892                 free($2);
2893         #endif
2894         }
2895         ;
2896 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2897         {
2898                 OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2899                 if(!cfg_str2list_insert(
2900                         &cfg_parser->cfg->edns_client_strings, $2, $3))
2901                         fatal_exit("out of memory adding "
2902                                 "edns-client-string");
2903         }
2904         ;
2905 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2906         {
2907                 OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2908                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2909                         yyerror("option code expected");
2910                 else if(atoi($2) > 65535 || atoi($2) < 0)
2911                         yyerror("option code must be in interval [0, 65535]");
2912                 else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2913                 free($2);
2914         }
2915         ;
2916 server_ede: VAR_EDE STRING_ARG
2917         {
2918                 OUTYY(("P(server_ede:%s)\n", $2));
2919                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2920                         yyerror("expected yes or no.");
2921                 else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2922                 free($2);
2923         }
2924         ;
2925 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
2926         {
2927                 OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
2928                 if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
2929                         yyerror("out of memory");
2930         }
2931         ;
2932 stub_name: VAR_NAME STRING_ARG
2933         {
2934                 OUTYY(("P(name:%s)\n", $2));
2935                 if(cfg_parser->cfg->stubs->name)
2936                         yyerror("stub name override, there must be one name "
2937                                 "for one stub-zone");
2938                 free(cfg_parser->cfg->stubs->name);
2939                 cfg_parser->cfg->stubs->name = $2;
2940         }
2941         ;
2942 stub_host: VAR_STUB_HOST STRING_ARG
2943         {
2944                 OUTYY(("P(stub-host:%s)\n", $2));
2945                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2946                         yyerror("out of memory");
2947         }
2948         ;
2949 stub_addr: VAR_STUB_ADDR STRING_ARG
2950         {
2951                 OUTYY(("P(stub-addr:%s)\n", $2));
2952                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2953                         yyerror("out of memory");
2954         }
2955         ;
2956 stub_first: VAR_STUB_FIRST STRING_ARG
2957         {
2958                 OUTYY(("P(stub-first:%s)\n", $2));
2959                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2960                         yyerror("expected yes or no.");
2961                 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2962                 free($2);
2963         }
2964         ;
2965 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2966         {
2967                 OUTYY(("P(stub-no-cache:%s)\n", $2));
2968                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2969                         yyerror("expected yes or no.");
2970                 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2971                 free($2);
2972         }
2973         ;
2974 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2975         {
2976                 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2977                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2978                         yyerror("expected yes or no.");
2979                 else cfg_parser->cfg->stubs->ssl_upstream =
2980                         (strcmp($2, "yes")==0);
2981                 free($2);
2982         }
2983         ;
2984 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2985         {
2986                 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2987                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2988                         yyerror("expected yes or no.");
2989                 else cfg_parser->cfg->stubs->tcp_upstream =
2990                         (strcmp($2, "yes")==0);
2991                 free($2);
2992         }
2993         ;
2994 stub_prime: VAR_STUB_PRIME STRING_ARG
2995         {
2996                 OUTYY(("P(stub-prime:%s)\n", $2));
2997                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2998                         yyerror("expected yes or no.");
2999                 else cfg_parser->cfg->stubs->isprime =
3000                         (strcmp($2, "yes")==0);
3001                 free($2);
3002         }
3003         ;
3004 forward_name: VAR_NAME STRING_ARG
3005         {
3006                 OUTYY(("P(name:%s)\n", $2));
3007                 if(cfg_parser->cfg->forwards->name)
3008                         yyerror("forward name override, there must be one "
3009                                 "name for one forward-zone");
3010                 free(cfg_parser->cfg->forwards->name);
3011                 cfg_parser->cfg->forwards->name = $2;
3012         }
3013         ;
3014 forward_host: VAR_FORWARD_HOST STRING_ARG
3015         {
3016                 OUTYY(("P(forward-host:%s)\n", $2));
3017                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3018                         yyerror("out of memory");
3019         }
3020         ;
3021 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3022         {
3023                 OUTYY(("P(forward-addr:%s)\n", $2));
3024                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3025                         yyerror("out of memory");
3026         }
3027         ;
3028 forward_first: VAR_FORWARD_FIRST STRING_ARG
3029         {
3030                 OUTYY(("P(forward-first:%s)\n", $2));
3031                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3032                         yyerror("expected yes or no.");
3033                 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3034                 free($2);
3035         }
3036         ;
3037 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3038         {
3039                 OUTYY(("P(forward-no-cache:%s)\n", $2));
3040                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3041                         yyerror("expected yes or no.");
3042                 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3043                 free($2);
3044         }
3045         ;
3046 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3047         {
3048                 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3049                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3050                         yyerror("expected yes or no.");
3051                 else cfg_parser->cfg->forwards->ssl_upstream =
3052                         (strcmp($2, "yes")==0);
3053                 free($2);
3054         }
3055         ;
3056 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3057         {
3058                 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3059                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3060                         yyerror("expected yes or no.");
3061                 else cfg_parser->cfg->forwards->tcp_upstream =
3062                         (strcmp($2, "yes")==0);
3063                 free($2);
3064         }
3065         ;
3066 auth_name: VAR_NAME STRING_ARG
3067         {
3068                 OUTYY(("P(name:%s)\n", $2));
3069                 if(cfg_parser->cfg->auths->name)
3070                         yyerror("auth name override, there must be one name "
3071                                 "for one auth-zone");
3072                 free(cfg_parser->cfg->auths->name);
3073                 cfg_parser->cfg->auths->name = $2;
3074         }
3075         ;
3076 auth_zonefile: VAR_ZONEFILE STRING_ARG
3077         {
3078                 OUTYY(("P(zonefile:%s)\n", $2));
3079                 free(cfg_parser->cfg->auths->zonefile);
3080                 cfg_parser->cfg->auths->zonefile = $2;
3081         }
3082         ;
3083 auth_master: VAR_MASTER STRING_ARG
3084         {
3085                 OUTYY(("P(master:%s)\n", $2));
3086                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3087                         yyerror("out of memory");
3088         }
3089         ;
3090 auth_url: VAR_URL STRING_ARG
3091         {
3092                 OUTYY(("P(url:%s)\n", $2));
3093                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3094                         yyerror("out of memory");
3095         }
3096         ;
3097 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3098         {
3099                 OUTYY(("P(allow-notify:%s)\n", $2));
3100                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3101                         $2))
3102                         yyerror("out of memory");
3103         }
3104         ;
3105 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3106         {
3107                 OUTYY(("P(zonemd-check:%s)\n", $2));
3108                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3109                         yyerror("expected yes or no.");
3110                 else cfg_parser->cfg->auths->zonemd_check =
3111                         (strcmp($2, "yes")==0);
3112                 free($2);
3113         }
3114         ;
3115 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3116         {
3117                 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3118                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3119                         yyerror("expected yes or no.");
3120                 else cfg_parser->cfg->auths->zonemd_reject_absence =
3121                         (strcmp($2, "yes")==0);
3122                 free($2);
3123         }
3124         ;
3125 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3126         {
3127                 OUTYY(("P(for-downstream:%s)\n", $2));
3128                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3129                         yyerror("expected yes or no.");
3130                 else cfg_parser->cfg->auths->for_downstream =
3131                         (strcmp($2, "yes")==0);
3132                 free($2);
3133         }
3134         ;
3135 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3136         {
3137                 OUTYY(("P(for-upstream:%s)\n", $2));
3138                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3139                         yyerror("expected yes or no.");
3140                 else cfg_parser->cfg->auths->for_upstream =
3141                         (strcmp($2, "yes")==0);
3142                 free($2);
3143         }
3144         ;
3145 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3146         {
3147                 OUTYY(("P(fallback-enabled:%s)\n", $2));
3148                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3149                         yyerror("expected yes or no.");
3150                 else cfg_parser->cfg->auths->fallback_enabled =
3151                         (strcmp($2, "yes")==0);
3152                 free($2);
3153         }
3154         ;
3155 view_name: VAR_NAME STRING_ARG
3156         {
3157                 OUTYY(("P(name:%s)\n", $2));
3158                 if(cfg_parser->cfg->views->name)
3159                         yyerror("view name override, there must be one "
3160                                 "name for one view");
3161                 free(cfg_parser->cfg->views->name);
3162                 cfg_parser->cfg->views->name = $2;
3163         }
3164         ;
3165 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3166         {
3167                 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3168                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3169                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3170                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3171                    && strcmp($3, "typetransparent")!=0
3172                    && strcmp($3, "always_transparent")!=0
3173                    && strcmp($3, "always_refuse")!=0
3174                    && strcmp($3, "always_nxdomain")!=0
3175                    && strcmp($3, "always_nodata")!=0
3176                    && strcmp($3, "always_deny")!=0
3177                    && strcmp($3, "always_null")!=0
3178                    && strcmp($3, "noview")!=0
3179                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3180                    && strcmp($3, "inform_redirect") != 0
3181                    && strcmp($3, "ipset") != 0) {
3182                         yyerror("local-zone type: expected static, deny, "
3183                                 "refuse, redirect, transparent, "
3184                                 "typetransparent, inform, inform_deny, "
3185                                 "inform_redirect, always_transparent, "
3186                                 "always_refuse, always_nxdomain, "
3187                                 "always_nodata, always_deny, always_null, "
3188                                 "noview, nodefault or ipset");
3189                         free($2);
3190                         free($3);
3191                 } else if(strcmp($3, "nodefault")==0) {
3192                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3193                                 local_zones_nodefault, $2))
3194                                 fatal_exit("out of memory adding local-zone");
3195                         free($3);
3196 #ifdef USE_IPSET
3197                 } else if(strcmp($3, "ipset")==0) {
3198                         size_t len = strlen($2);
3199                         /* Make sure to add the trailing dot.
3200                          * These are str compared to domain names. */
3201                         if($2[len-1] != '.') {
3202                                 if(!($2 = realloc($2, len+2))) {
3203                                         fatal_exit("out of memory adding local-zone");
3204                                 }
3205                                 $2[len] = '.';
3206                                 $2[len+1] = 0;
3207                         }
3208                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3209                                 local_zones_ipset, $2))
3210                                 fatal_exit("out of memory adding local-zone");
3211                         free($3);
3212 #endif
3213                 } else {
3214                         if(!cfg_str2list_insert(
3215                                 &cfg_parser->cfg->views->local_zones,
3216                                 $2, $3))
3217                                 fatal_exit("out of memory adding local-zone");
3218                 }
3219         }
3220         ;
3221 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3222         {
3223                 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3224                 validate_respip_action($3);
3225                 if(!cfg_str2list_insert(
3226                         &cfg_parser->cfg->views->respip_actions, $2, $3))
3227                         fatal_exit("out of memory adding per-view "
3228                                 "response-ip action");
3229         }
3230         ;
3231 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3232         {
3233                 OUTYY(("P(view_response_ip_data:%s)\n", $2));
3234                 if(!cfg_str2list_insert(
3235                         &cfg_parser->cfg->views->respip_data, $2, $3))
3236                         fatal_exit("out of memory adding response-ip-data");
3237         }
3238         ;
3239 view_local_data: VAR_LOCAL_DATA STRING_ARG
3240         {
3241                 OUTYY(("P(view_local_data:%s)\n", $2));
3242                 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3243                         fatal_exit("out of memory adding local-data");
3244                 }
3245         }
3246         ;
3247 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3248         {
3249                 char* ptr;
3250                 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3251                 ptr = cfg_ptr_reverse($2);
3252                 free($2);
3253                 if(ptr) {
3254                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3255                                 local_data, ptr))
3256                                 fatal_exit("out of memory adding local-data");
3257                 } else {
3258                         yyerror("local-data-ptr could not be reversed");
3259                 }
3260         }
3261         ;
3262 view_first: VAR_VIEW_FIRST STRING_ARG
3263         {
3264                 OUTYY(("P(view-first:%s)\n", $2));
3265                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3266                         yyerror("expected yes or no.");
3267                 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3268                 free($2);
3269         }
3270         ;
3271 rcstart: VAR_REMOTE_CONTROL
3272         {
3273                 OUTYY(("\nP(remote-control:)\n"));
3274                 cfg_parser->started_toplevel = 1;
3275         }
3276         ;
3277 contents_rc: contents_rc content_rc
3278         | ;
3279 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3280         rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3281         rc_control_cert_file | rc_control_use_cert
3282         ;
3283 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3284         {
3285                 OUTYY(("P(control_enable:%s)\n", $2));
3286                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3287                         yyerror("expected yes or no.");
3288                 else cfg_parser->cfg->remote_control_enable =
3289                         (strcmp($2, "yes")==0);
3290                 free($2);
3291         }
3292         ;
3293 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3294         {
3295                 OUTYY(("P(control_port:%s)\n", $2));
3296                 if(atoi($2) == 0)
3297                         yyerror("control port number expected");
3298                 else cfg_parser->cfg->control_port = atoi($2);
3299                 free($2);
3300         }
3301         ;
3302 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3303         {
3304                 OUTYY(("P(control_interface:%s)\n", $2));
3305                 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3306                         yyerror("out of memory");
3307         }
3308         ;
3309 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3310         {
3311                 OUTYY(("P(control_use_cert:%s)\n", $2));
3312                 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3313                 free($2);
3314         }
3315         ;
3316 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3317         {
3318                 OUTYY(("P(rc_server_key_file:%s)\n", $2));
3319                 free(cfg_parser->cfg->server_key_file);
3320                 cfg_parser->cfg->server_key_file = $2;
3321         }
3322         ;
3323 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3324         {
3325                 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3326                 free(cfg_parser->cfg->server_cert_file);
3327                 cfg_parser->cfg->server_cert_file = $2;
3328         }
3329         ;
3330 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3331         {
3332                 OUTYY(("P(rc_control_key_file:%s)\n", $2));
3333                 free(cfg_parser->cfg->control_key_file);
3334                 cfg_parser->cfg->control_key_file = $2;
3335         }
3336         ;
3337 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3338         {
3339                 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3340                 free(cfg_parser->cfg->control_cert_file);
3341                 cfg_parser->cfg->control_cert_file = $2;
3342         }
3343         ;
3344 dtstart: VAR_DNSTAP
3345         {
3346                 OUTYY(("\nP(dnstap:)\n"));
3347                 cfg_parser->started_toplevel = 1;
3348         }
3349         ;
3350 contents_dt: contents_dt content_dt
3351         | ;
3352 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3353         dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3354         dt_dnstap_tls_cert_bundle |
3355         dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3356         dt_dnstap_send_identity | dt_dnstap_send_version |
3357         dt_dnstap_identity | dt_dnstap_version |
3358         dt_dnstap_log_resolver_query_messages |
3359         dt_dnstap_log_resolver_response_messages |
3360         dt_dnstap_log_client_query_messages |
3361         dt_dnstap_log_client_response_messages |
3362         dt_dnstap_log_forwarder_query_messages |
3363         dt_dnstap_log_forwarder_response_messages
3364         ;
3365 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3366         {
3367                 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3368                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3369                         yyerror("expected yes or no.");
3370                 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3371                 free($2);
3372         }
3373         ;
3374 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3375         {
3376                 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3377                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3378                         yyerror("expected yes or no.");
3379                 else cfg_parser->cfg->dnstap_bidirectional =
3380                         (strcmp($2, "yes")==0);
3381                 free($2);
3382         }
3383         ;
3384 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3385         {
3386                 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3387                 free(cfg_parser->cfg->dnstap_socket_path);
3388                 cfg_parser->cfg->dnstap_socket_path = $2;
3389         }
3390         ;
3391 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3392         {
3393                 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3394                 free(cfg_parser->cfg->dnstap_ip);
3395                 cfg_parser->cfg->dnstap_ip = $2;
3396         }
3397         ;
3398 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3399         {
3400                 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3401                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3402                         yyerror("expected yes or no.");
3403                 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3404                 free($2);
3405         }
3406         ;
3407 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3408         {
3409                 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3410                 free(cfg_parser->cfg->dnstap_tls_server_name);
3411                 cfg_parser->cfg->dnstap_tls_server_name = $2;
3412         }
3413         ;
3414 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3415         {
3416                 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3417                 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3418                 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3419         }
3420         ;
3421 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3422         {
3423                 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3424                 free(cfg_parser->cfg->dnstap_tls_client_key_file);
3425                 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3426         }
3427         ;
3428 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3429         {
3430                 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3431                 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3432                 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3433         }
3434         ;
3435 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3436         {
3437                 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3438                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3439                         yyerror("expected yes or no.");
3440                 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3441                 free($2);
3442         }
3443         ;
3444 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3445         {
3446                 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3447                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3448                         yyerror("expected yes or no.");
3449                 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3450                 free($2);
3451         }
3452         ;
3453 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3454         {
3455                 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3456                 free(cfg_parser->cfg->dnstap_identity);
3457                 cfg_parser->cfg->dnstap_identity = $2;
3458         }
3459         ;
3460 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3461         {
3462                 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3463                 free(cfg_parser->cfg->dnstap_version);
3464                 cfg_parser->cfg->dnstap_version = $2;
3465         }
3466         ;
3467 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3468         {
3469                 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3470                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3471                         yyerror("expected yes or no.");
3472                 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3473                         (strcmp($2, "yes")==0);
3474                 free($2);
3475         }
3476         ;
3477 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3478         {
3479                 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3480                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3481                         yyerror("expected yes or no.");
3482                 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3483                         (strcmp($2, "yes")==0);
3484                 free($2);
3485         }
3486         ;
3487 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3488         {
3489                 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3490                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3491                         yyerror("expected yes or no.");
3492                 else cfg_parser->cfg->dnstap_log_client_query_messages =
3493                         (strcmp($2, "yes")==0);
3494                 free($2);
3495         }
3496         ;
3497 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3498         {
3499                 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3500                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3501                         yyerror("expected yes or no.");
3502                 else cfg_parser->cfg->dnstap_log_client_response_messages =
3503                         (strcmp($2, "yes")==0);
3504                 free($2);
3505         }
3506         ;
3507 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3508         {
3509                 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3510                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3511                         yyerror("expected yes or no.");
3512                 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3513                         (strcmp($2, "yes")==0);
3514                 free($2);
3515         }
3516         ;
3517 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3518         {
3519                 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3520                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3521                         yyerror("expected yes or no.");
3522                 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3523                         (strcmp($2, "yes")==0);
3524                 free($2);
3525         }
3526         ;
3527 pythonstart: VAR_PYTHON
3528         {
3529                 OUTYY(("\nP(python:)\n"));
3530                 cfg_parser->started_toplevel = 1;
3531         }
3532         ;
3533 contents_py: contents_py content_py
3534         | ;
3535 content_py: py_script
3536         ;
3537 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3538         {
3539                 OUTYY(("P(python-script:%s)\n", $2));
3540                 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3541                         yyerror("out of memory");
3542         }
3543         ;
3544 dynlibstart: VAR_DYNLIB
3545         {
3546                 OUTYY(("\nP(dynlib:)\n"));
3547                 cfg_parser->started_toplevel = 1;
3548         }
3549         ;
3550 contents_dl: contents_dl content_dl
3551         | ;
3552 content_dl: dl_file
3553         ;
3554 dl_file: VAR_DYNLIB_FILE STRING_ARG
3555         {
3556                 OUTYY(("P(dynlib-file:%s)\n", $2));
3557                 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3558                         yyerror("out of memory");
3559         }
3560         ;
3561 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3562         {
3563                 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3564                 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3565                         yyerror("expected yes or no.");
3566                 else cfg_parser->cfg->disable_dnssec_lame_check =
3567                         (strcmp($2, "yes")==0);
3568                 free($2);
3569         }
3570         ;
3571 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3572         {
3573                 OUTYY(("P(server_log_identity:%s)\n", $2));
3574                 free(cfg_parser->cfg->log_identity);
3575                 cfg_parser->cfg->log_identity = $2;
3576         }
3577         ;
3578 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3579         {
3580                 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3581                 validate_respip_action($3);
3582                 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3583                         $2, $3))
3584                         fatal_exit("out of memory adding response-ip");
3585         }
3586         ;
3587 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3588         {
3589                 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3590                 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3591                         $2, $3))
3592                         fatal_exit("out of memory adding response-ip-data");
3593         }
3594         ;
3595 dnscstart: VAR_DNSCRYPT
3596         {
3597                 OUTYY(("\nP(dnscrypt:)\n"));
3598                 cfg_parser->started_toplevel = 1;
3599         }
3600         ;
3601 contents_dnsc: contents_dnsc content_dnsc
3602         | ;
3603 content_dnsc:
3604         dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3605         dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3606         dnsc_dnscrypt_provider_cert_rotated |
3607         dnsc_dnscrypt_shared_secret_cache_size |
3608         dnsc_dnscrypt_shared_secret_cache_slabs |
3609         dnsc_dnscrypt_nonce_cache_size |
3610         dnsc_dnscrypt_nonce_cache_slabs
3611         ;
3612 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3613         {
3614                 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3615                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3616                         yyerror("expected yes or no.");
3617                 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3618                 free($2);
3619         }
3620         ;
3621 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3622         {
3623                 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3624                 if(atoi($2) == 0)
3625                         yyerror("port number expected");
3626                 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3627                 free($2);
3628         }
3629         ;
3630 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3631         {
3632                 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3633                 free(cfg_parser->cfg->dnscrypt_provider);
3634                 cfg_parser->cfg->dnscrypt_provider = $2;
3635         }
3636         ;
3637 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3638         {
3639                 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3640                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3641                         log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3642                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3643                         fatal_exit("out of memory adding dnscrypt-provider-cert");
3644         }
3645         ;
3646 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3647         {
3648                 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3649                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3650                         fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3651         }
3652         ;
3653 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3654         {
3655                 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3656                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3657                         log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3658                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3659                         fatal_exit("out of memory adding dnscrypt-secret-key");
3660         }
3661         ;
3662 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3663   {
3664         OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3665         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3666                 yyerror("memory size expected");
3667         free($2);
3668   }
3669   ;
3670 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3671   {
3672         OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3673         if(atoi($2) == 0) {
3674                 yyerror("number expected");
3675         } else {
3676                 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3677                 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3678                         yyerror("must be a power of 2");
3679         }
3680         free($2);
3681   }
3682   ;
3683 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3684   {
3685         OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3686         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3687                 yyerror("memory size expected");
3688         free($2);
3689   }
3690   ;
3691 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3692   {
3693         OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3694         if(atoi($2) == 0) {
3695                 yyerror("number expected");
3696         } else {
3697                 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3698                 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3699                         yyerror("must be a power of 2");
3700         }
3701         free($2);
3702   }
3703   ;
3704 cachedbstart: VAR_CACHEDB
3705         {
3706                 OUTYY(("\nP(cachedb:)\n"));
3707                 cfg_parser->started_toplevel = 1;
3708         }
3709         ;
3710 contents_cachedb: contents_cachedb content_cachedb
3711         | ;
3712 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3713         redis_server_host | redis_server_port | redis_timeout |
3714         redis_expire_records | redis_server_path | redis_server_password |
3715         cachedb_no_store | redis_logical_db
3716         ;
3717 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3718         {
3719         #ifdef USE_CACHEDB
3720                 OUTYY(("P(backend:%s)\n", $2));
3721                 free(cfg_parser->cfg->cachedb_backend);
3722                 cfg_parser->cfg->cachedb_backend = $2;
3723         #else
3724                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3725                 free($2);
3726         #endif
3727         }
3728         ;
3729 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3730         {
3731         #ifdef USE_CACHEDB
3732                 OUTYY(("P(secret-seed:%s)\n", $2));
3733                 free(cfg_parser->cfg->cachedb_secret);
3734                 cfg_parser->cfg->cachedb_secret = $2;
3735         #else
3736                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3737                 free($2);
3738         #endif
3739         }
3740         ;
3741 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3742         {
3743         #ifdef USE_CACHEDB
3744                 OUTYY(("P(cachedb_no_store:%s)\n", $2));
3745                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3746                         yyerror("expected yes or no.");
3747                 else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3748         #else
3749                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3750         #endif
3751                 free($2);
3752         }
3753         ;
3754 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3755         {
3756         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3757                 OUTYY(("P(redis_server_host:%s)\n", $2));
3758                 free(cfg_parser->cfg->redis_server_host);
3759                 cfg_parser->cfg->redis_server_host = $2;
3760         #else
3761                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3762                 free($2);
3763         #endif
3764         }
3765         ;
3766 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3767         {
3768         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3769                 int port;
3770                 OUTYY(("P(redis_server_port:%s)\n", $2));
3771                 port = atoi($2);
3772                 if(port == 0 || port < 0 || port > 65535)
3773                         yyerror("valid redis server port number expected");
3774                 else cfg_parser->cfg->redis_server_port = port;
3775         #else
3776                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3777         #endif
3778                 free($2);
3779         }
3780         ;
3781 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
3782         {
3783         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3784                 OUTYY(("P(redis_server_path:%s)\n", $2));
3785                 free(cfg_parser->cfg->redis_server_path);
3786                 cfg_parser->cfg->redis_server_path = $2;
3787         #else
3788                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3789                 free($2);
3790         #endif
3791         }
3792         ;
3793 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
3794         {
3795         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3796                 OUTYY(("P(redis_server_password:%s)\n", $2));
3797                 free(cfg_parser->cfg->redis_server_password);
3798                 cfg_parser->cfg->redis_server_password = $2;
3799         #else
3800                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3801                 free($2);
3802         #endif
3803         }
3804         ;
3805 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3806         {
3807         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3808                 OUTYY(("P(redis_timeout:%s)\n", $2));
3809                 if(atoi($2) == 0)
3810                         yyerror("redis timeout value expected");
3811                 else cfg_parser->cfg->redis_timeout = atoi($2);
3812         #else
3813                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3814         #endif
3815                 free($2);
3816         }
3817         ;
3818 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3819         {
3820         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3821                 OUTYY(("P(redis_expire_records:%s)\n", $2));
3822                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3823                         yyerror("expected yes or no.");
3824                 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3825         #else
3826                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3827         #endif
3828                 free($2);
3829         }
3830         ;
3831 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
3832         {
3833         #if defined(USE_CACHEDB) && defined(USE_REDIS)
3834                 int db;
3835                 OUTYY(("P(redis_logical_db:%s)\n", $2));
3836                 db = atoi($2);
3837                 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
3838                         yyerror("valid redis logical database index expected");
3839                 else cfg_parser->cfg->redis_logical_db = db;
3840         #else
3841                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3842         #endif
3843                 free($2);
3844         }
3845         ;
3846 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3847         {
3848                 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3849                 if (atoi($3) < 0)
3850                         yyerror("positive number expected");
3851                 else {
3852                         if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3853                                 fatal_exit("out of memory adding tcp connection limit");
3854                 }
3855         }
3856         ;
3857 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
3858         {
3859                 OUTYY(("P(server_answer_cookie:%s)\n", $2));
3860                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3861                         yyerror("expected yes or no.");
3862                 else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
3863                 free($2);
3864         }
3865         ;
3866 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
3867         {
3868                 uint8_t secret[32];
3869                 size_t secret_len = sizeof(secret);
3870
3871                 OUTYY(("P(server_cookie_secret:%s)\n", $2));
3872                 if(sldns_str2wire_hex_buf($2, secret, &secret_len)
3873                 || (secret_len != 16))
3874                         yyerror("expected 128 bit hex string");
3875                 else {
3876                         cfg_parser->cfg->cookie_secret_len = secret_len;
3877                         memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
3878                 }
3879                 free($2);
3880         }
3881         ;
3882         ipsetstart: VAR_IPSET
3883                 {
3884                         OUTYY(("\nP(ipset:)\n"));
3885                         cfg_parser->started_toplevel = 1;
3886                 }
3887                 ;
3888         contents_ipset: contents_ipset content_ipset
3889                 | ;
3890         content_ipset: ipset_name_v4 | ipset_name_v6
3891                 ;
3892         ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3893                 {
3894                 #ifdef USE_IPSET
3895                         OUTYY(("P(name-v4:%s)\n", $2));
3896                         if(cfg_parser->cfg->ipset_name_v4)
3897                                 yyerror("ipset name v4 override, there must be one "
3898                                         "name for ip v4");
3899                         free(cfg_parser->cfg->ipset_name_v4);
3900                         cfg_parser->cfg->ipset_name_v4 = $2;
3901                 #else
3902                         OUTYY(("P(Compiled without ipset, ignoring)\n"));
3903                         free($2);
3904                 #endif
3905                 }
3906         ;
3907         ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3908         {
3909                 #ifdef USE_IPSET
3910                         OUTYY(("P(name-v6:%s)\n", $2));
3911                         if(cfg_parser->cfg->ipset_name_v6)
3912                                 yyerror("ipset name v6 override, there must be one "
3913                                         "name for ip v6");
3914                         free(cfg_parser->cfg->ipset_name_v6);
3915                         cfg_parser->cfg->ipset_name_v6 = $2;
3916                 #else
3917                         OUTYY(("P(Compiled without ipset, ignoring)\n"));
3918                         free($2);
3919                 #endif
3920                 }
3921         ;
3922 %%
3923
3924 /* parse helper routines could be here */
3925 static void
3926 validate_respip_action(const char* action)
3927 {
3928         if(strcmp(action, "deny")!=0 &&
3929                 strcmp(action, "redirect")!=0 &&
3930                 strcmp(action, "inform")!=0 &&
3931                 strcmp(action, "inform_deny")!=0 &&
3932                 strcmp(action, "always_transparent")!=0 &&
3933                 strcmp(action, "always_refuse")!=0 &&
3934                 strcmp(action, "always_nxdomain")!=0)
3935         {
3936                 yyerror("response-ip action: expected deny, redirect, "
3937                         "inform, inform_deny, always_transparent, "
3938                         "always_refuse or always_nxdomain");
3939         }
3940 }
3941
3942 static void
3943 validate_acl_action(const char* action)
3944 {
3945         if(strcmp(action, "deny")!=0 &&
3946                 strcmp(action, "refuse")!=0 &&
3947                 strcmp(action, "deny_non_local")!=0 &&
3948                 strcmp(action, "refuse_non_local")!=0 &&
3949                 strcmp(action, "allow_setrd")!=0 &&
3950                 strcmp(action, "allow")!=0 &&
3951                 strcmp(action, "allow_snoop")!=0 &&
3952                 strcmp(action, "allow_cookie")!=0)
3953         {
3954                 yyerror("expected deny, refuse, deny_non_local, "
3955                         "refuse_non_local, allow, allow_setrd, "
3956                         "allow_snoop or allow_cookie as access control action");
3957         }
3958 }
Unnamed repository; edit this file 'description' to name the repository.