2 * configparser.y -- yacc grammar for unbound configuration files
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
8 * This software is open source.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
53 void ub_c_error(const char *message);
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
62 #define OUTYY(s) printf s /* used ONLY when debugging */
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
141 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
143 %token VAR_DISABLE_DNSSEC_LAME_CHECK
144 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
145 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
146 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
147 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
148 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
149 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
150 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
151 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
152 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
153 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
154 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
155 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
156 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
157 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
158 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
159 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
160 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
161 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
162 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
163 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
164 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
165 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
166 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
167 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
168 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
169 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
170 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
171 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
172 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
173 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
174 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
175 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
176 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
177 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
178 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
179 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
180 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
181 %token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
182 %token VAR_CACHEDB_REDISLOGICALDB
183 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
184 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
185 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
186 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
187 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
188 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
189 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
190 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
191 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
192 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
193 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
194 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
195 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
196 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
197 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
198 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
199 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
200 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
201 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
202 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
205 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
206 toplevelvar: serverstart contents_server | stubstart contents_stub |
207 forwardstart contents_forward | pythonstart contents_py |
208 rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
209 dnscstart contents_dnsc | cachedbstart contents_cachedb |
210 ipsetstart contents_ipset | authstart contents_auth |
211 rpzstart contents_rpz | dynlibstart contents_dl |
214 force_toplevel: VAR_FORCE_TOPLEVEL
216 OUTYY(("\nP(force-toplevel)\n"));
217 cfg_parser->started_toplevel = 0;
220 /* server: declaration */
221 serverstart: VAR_SERVER
223 OUTYY(("\nP(server:)\n"));
224 cfg_parser->started_toplevel = 1;
227 contents_server: contents_server content_server
229 content_server: server_num_threads | server_verbosity | server_port |
230 server_outgoing_range | server_do_ip4 |
231 server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
232 server_prefer_ip6 | server_do_udp | server_do_tcp |
233 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
234 server_tcp_keepalive | server_tcp_keepalive_timeout |
235 server_sock_queue_timeout |
236 server_interface | server_chroot | server_username |
237 server_directory | server_logfile | server_pidfile |
238 server_msg_cache_size | server_msg_cache_slabs |
239 server_num_queries_per_thread | server_rrset_cache_size |
240 server_rrset_cache_slabs | server_outgoing_num_tcp |
241 server_infra_host_ttl | server_infra_lame_ttl |
242 server_infra_cache_slabs | server_infra_cache_numhosts |
243 server_infra_cache_lame_size | server_target_fetch_policy |
244 server_harden_short_bufsize | server_harden_large_queries |
245 server_do_not_query_address | server_hide_identity |
246 server_hide_version | server_identity | server_version |
247 server_hide_http_user_agent | server_http_user_agent |
248 server_harden_glue | server_module_conf | server_trust_anchor_file |
249 server_trust_anchor | server_val_override_date | server_bogus_ttl |
250 server_val_clean_additional | server_val_permissive_mode |
251 server_incoming_num_tcp | server_msg_buffer_size |
252 server_key_cache_size | server_key_cache_slabs |
253 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
254 server_use_syslog | server_outgoing_interface | server_root_hints |
255 server_do_not_query_localhost | server_cache_max_ttl |
256 server_harden_dnssec_stripped | server_access_control |
257 server_local_zone | server_local_data | server_interface_automatic |
258 server_statistics_interval | server_do_daemonize |
259 server_use_caps_for_id | server_statistics_cumulative |
260 server_outgoing_port_permit | server_outgoing_port_avoid |
261 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
262 server_harden_referral_path | server_private_address |
263 server_private_domain | server_extended_statistics |
264 server_local_data_ptr | server_jostle_timeout |
265 server_unwanted_reply_threshold | server_log_time_ascii |
266 server_domain_insecure | server_val_sig_skew_min |
267 server_val_sig_skew_max | server_val_max_restart |
268 server_cache_min_ttl | server_val_log_level |
269 server_auto_trust_anchor_file | server_add_holddown |
270 server_del_holddown | server_keep_missing | server_so_rcvbuf |
271 server_edns_buffer_size | server_prefetch | server_prefetch_key |
272 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
273 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
274 server_log_local_actions |
275 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
276 server_https_port | server_http_endpoint | server_http_max_streams |
277 server_http_query_buffer_size | server_http_response_buffer_size |
278 server_http_nodelay | server_http_notls_downstream |
279 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
280 server_so_reuseport | server_delay_close | server_udp_connect |
281 server_unblock_lan_zones | server_insecure_lan_zones |
282 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
283 server_nat64_prefix |
284 server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
285 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
286 server_ip_dscp | server_infra_keep_probing |
287 server_ip_ratelimit_slabs | server_ratelimit_slabs |
288 server_ip_ratelimit_size | server_ratelimit_size |
289 server_ratelimit_for_domain |
290 server_ratelimit_below_domain | server_ratelimit_factor |
291 server_ip_ratelimit_factor | server_ratelimit_backoff |
292 server_ip_ratelimit_backoff | server_outbound_msg_retry |
293 server_max_sent_count | server_max_query_restarts |
294 server_send_client_subnet | server_client_subnet_zone |
295 server_client_subnet_always_forward | server_client_subnet_opcode |
296 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
297 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
298 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
299 server_caps_whitelist | server_cache_max_negative_ttl |
300 server_permit_small_holddown | server_qname_minimisation |
301 server_ip_freebind | server_define_tag | server_local_zone_tag |
302 server_disable_dnssec_lame_check | server_access_control_tag |
303 server_local_zone_override | server_access_control_tag_action |
304 server_access_control_tag_data | server_access_control_view |
305 server_interface_action | server_interface_view | server_interface_tag |
306 server_interface_tag_action | server_interface_tag_data |
307 server_qname_minimisation_strict |
308 server_pad_responses | server_pad_responses_block_size |
309 server_pad_queries | server_pad_queries_block_size |
310 server_serve_expired |
311 server_serve_expired_ttl | server_serve_expired_ttl_reset |
312 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
313 server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
314 server_log_identity | server_use_systemd |
315 server_response_ip_tag | server_response_ip | server_response_ip_data |
316 server_shm_enable | server_shm_key | server_fake_sha1 |
317 server_hide_trustanchor | server_trust_anchor_signaling |
318 server_root_key_sentinel |
319 server_ipsecmod_enabled | server_ipsecmod_hook |
320 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
321 server_ipsecmod_whitelist | server_ipsecmod_strict |
322 server_udp_upstream_without_downstream | server_aggressive_nsec |
323 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
324 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
325 server_tcp_connection_limit | server_log_servfail | server_deny_any |
326 server_unknown_server_time_limit | server_log_tag_queryreply |
327 server_stream_wait_size | server_tls_ciphers |
328 server_tls_ciphersuites | server_tls_session_ticket_keys |
329 server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
330 server_tls_use_sni | server_edns_client_string |
331 server_edns_client_string_opcode | server_nsid |
332 server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
333 server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
334 server_interface_automatic_ports | server_ede |
335 server_proxy_protocol_port | server_statistics_inhibit_zero |
336 server_harden_unknown_additional | server_disable_edns_do
338 stubstart: VAR_STUB_ZONE
340 struct config_stub* s;
341 OUTYY(("\nP(stub_zone:)\n"));
342 cfg_parser->started_toplevel = 1;
343 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
345 s->next = cfg_parser->cfg->stubs;
346 cfg_parser->cfg->stubs = s;
348 yyerror("out of memory");
352 contents_stub: contents_stub content_stub
354 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
355 stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
357 forwardstart: VAR_FORWARD_ZONE
359 struct config_stub* s;
360 OUTYY(("\nP(forward_zone:)\n"));
361 cfg_parser->started_toplevel = 1;
362 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
364 s->next = cfg_parser->cfg->forwards;
365 cfg_parser->cfg->forwards = s;
367 yyerror("out of memory");
371 contents_forward: contents_forward content_forward
373 content_forward: forward_name | forward_host | forward_addr | forward_first |
374 forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
378 struct config_view* s;
379 OUTYY(("\nP(view:)\n"));
380 cfg_parser->started_toplevel = 1;
381 s = (struct config_view*)calloc(1, sizeof(struct config_view));
383 s->next = cfg_parser->cfg->views;
384 if(s->next && !s->next->name)
385 yyerror("view without name");
386 cfg_parser->cfg->views = s;
388 yyerror("out of memory");
392 contents_view: contents_view content_view
394 content_view: view_name | view_local_zone | view_local_data | view_first |
395 view_response_ip | view_response_ip_data | view_local_data_ptr
397 authstart: VAR_AUTH_ZONE
399 struct config_auth* s;
400 OUTYY(("\nP(auth_zone:)\n"));
401 cfg_parser->started_toplevel = 1;
402 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
404 s->next = cfg_parser->cfg->auths;
405 cfg_parser->cfg->auths = s;
406 /* defaults for auth zone */
407 s->for_downstream = 1;
409 s->fallback_enabled = 0;
411 s->zonemd_reject_absence = 0;
414 yyerror("out of memory");
418 contents_auth: contents_auth content_auth
420 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
421 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
422 auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
425 rpz_tag: VAR_TAGS STRING_ARG
429 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
430 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
434 yyerror("could not parse tags, (define-tag them first)");
437 cfg_parser->cfg->auths->rpz_taglist = bitlist;
438 cfg_parser->cfg->auths->rpz_taglistlen = len;
444 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
446 OUTYY(("P(rpz_action_override:%s)\n", $2));
447 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
448 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
449 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
450 yyerror("rpz-action-override action: expected nxdomain, "
451 "nodata, passthru, drop, cname or disabled");
453 cfg_parser->cfg->auths->rpz_action_override = NULL;
456 cfg_parser->cfg->auths->rpz_action_override = $2;
461 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
463 OUTYY(("P(rpz_cname_override:%s)\n", $2));
464 free(cfg_parser->cfg->auths->rpz_cname);
465 cfg_parser->cfg->auths->rpz_cname = $2;
469 rpz_log: VAR_RPZ_LOG STRING_ARG
471 OUTYY(("P(rpz_log:%s)\n", $2));
472 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
473 yyerror("expected yes or no.");
474 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
479 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
481 OUTYY(("P(rpz_log_name:%s)\n", $2));
482 free(cfg_parser->cfg->auths->rpz_log_name);
483 cfg_parser->cfg->auths->rpz_log_name = $2;
486 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
488 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
489 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
490 yyerror("expected yes or no.");
491 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
498 struct config_auth* s;
499 OUTYY(("\nP(rpz:)\n"));
500 cfg_parser->started_toplevel = 1;
501 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
503 s->next = cfg_parser->cfg->auths;
504 cfg_parser->cfg->auths = s;
505 /* defaults for RPZ auth zone */
506 s->for_downstream = 0;
508 s->fallback_enabled = 0;
511 yyerror("out of memory");
515 contents_rpz: contents_rpz content_rpz
517 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
518 auth_allow_notify | rpz_action_override | rpz_cname_override |
519 rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
521 server_num_threads: VAR_NUM_THREADS STRING_ARG
523 OUTYY(("P(server_num_threads:%s)\n", $2));
524 if(atoi($2) == 0 && strcmp($2, "0") != 0)
525 yyerror("number expected");
526 else cfg_parser->cfg->num_threads = atoi($2);
530 server_verbosity: VAR_VERBOSITY STRING_ARG
532 OUTYY(("P(server_verbosity:%s)\n", $2));
533 if(atoi($2) == 0 && strcmp($2, "0") != 0)
534 yyerror("number expected");
535 else cfg_parser->cfg->verbosity = atoi($2);
539 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
541 OUTYY(("P(server_statistics_interval:%s)\n", $2));
542 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
543 cfg_parser->cfg->stat_interval = 0;
544 else if(atoi($2) == 0)
545 yyerror("number expected");
546 else cfg_parser->cfg->stat_interval = atoi($2);
550 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
552 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
553 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
554 yyerror("expected yes or no.");
555 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
559 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
561 OUTYY(("P(server_extended_statistics:%s)\n", $2));
562 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
563 yyerror("expected yes or no.");
564 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
568 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
570 OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
571 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
572 yyerror("expected yes or no.");
573 else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
577 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
579 OUTYY(("P(server_shm_enable:%s)\n", $2));
580 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
581 yyerror("expected yes or no.");
582 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
586 server_shm_key: VAR_SHM_KEY STRING_ARG
588 OUTYY(("P(server_shm_key:%s)\n", $2));
589 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
590 cfg_parser->cfg->shm_key = 0;
591 else if(atoi($2) == 0)
592 yyerror("number expected");
593 else cfg_parser->cfg->shm_key = atoi($2);
597 server_port: VAR_PORT STRING_ARG
599 OUTYY(("P(server_port:%s)\n", $2));
601 yyerror("port number expected");
602 else cfg_parser->cfg->port = atoi($2);
606 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
609 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
610 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
611 fatal_exit("out of memory adding client-subnet");
613 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
618 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
621 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
622 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
624 fatal_exit("out of memory adding client-subnet-zone");
626 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
631 server_client_subnet_always_forward:
632 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
635 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
636 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
637 yyerror("expected yes or no.");
639 cfg_parser->cfg->client_subnet_always_forward =
640 (strcmp($2, "yes")==0);
642 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
647 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
650 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
651 OUTYY(("P(Deprecated option, ignoring)\n"));
653 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
658 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
661 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
662 if(atoi($2) == 0 && strcmp($2, "0") != 0)
663 yyerror("IPv4 subnet length expected");
664 else if (atoi($2) > 32)
665 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
666 else if (atoi($2) < 0)
667 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
668 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
670 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
675 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
678 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
679 if(atoi($2) == 0 && strcmp($2, "0") != 0)
680 yyerror("Ipv6 subnet length expected");
681 else if (atoi($2) > 128)
682 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
683 else if (atoi($2) < 0)
684 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
685 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
687 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
692 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
695 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
696 if(atoi($2) == 0 && strcmp($2, "0") != 0)
697 yyerror("IPv4 subnet length expected");
698 else if (atoi($2) > 32)
699 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
700 else if (atoi($2) < 0)
701 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
702 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
704 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
709 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
712 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
713 if(atoi($2) == 0 && strcmp($2, "0") != 0)
714 yyerror("Ipv6 subnet length expected");
715 else if (atoi($2) > 128)
716 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
717 else if (atoi($2) < 0)
718 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
719 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
721 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
726 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
729 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
730 if(atoi($2) == 0 && strcmp($2, "0") != 0)
731 yyerror("IPv4 ECS tree size expected");
732 else if (atoi($2) < 0)
733 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
734 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
736 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
741 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
744 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
745 if(atoi($2) == 0 && strcmp($2, "0") != 0)
746 yyerror("IPv6 ECS tree size expected");
747 else if (atoi($2) < 0)
748 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
749 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
751 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
756 server_interface: VAR_INTERFACE STRING_ARG
758 OUTYY(("P(server_interface:%s)\n", $2));
759 if(cfg_parser->cfg->num_ifs == 0)
760 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
761 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
762 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
763 if(!cfg_parser->cfg->ifs)
764 yyerror("out of memory");
766 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
769 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
771 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
772 if(cfg_parser->cfg->num_out_ifs == 0)
773 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
774 else cfg_parser->cfg->out_ifs = realloc(
775 cfg_parser->cfg->out_ifs,
776 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
777 if(!cfg_parser->cfg->out_ifs)
778 yyerror("out of memory");
780 cfg_parser->cfg->out_ifs[
781 cfg_parser->cfg->num_out_ifs++] = $2;
784 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
786 OUTYY(("P(server_outgoing_range:%s)\n", $2));
788 yyerror("number expected");
789 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
793 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
795 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
796 if(!cfg_mark_ports($2, 1,
797 cfg_parser->cfg->outgoing_avail_ports, 65536))
798 yyerror("port number or range (\"low-high\") expected");
802 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
804 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
805 if(!cfg_mark_ports($2, 0,
806 cfg_parser->cfg->outgoing_avail_ports, 65536))
807 yyerror("port number or range (\"low-high\") expected");
811 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
813 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
814 if(atoi($2) == 0 && strcmp($2, "0") != 0)
815 yyerror("number expected");
816 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
820 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
822 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
823 if(atoi($2) == 0 && strcmp($2, "0") != 0)
824 yyerror("number expected");
825 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
829 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
831 OUTYY(("P(server_interface_automatic:%s)\n", $2));
832 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
833 yyerror("expected yes or no.");
834 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
838 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
840 OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
841 free(cfg_parser->cfg->if_automatic_ports);
842 cfg_parser->cfg->if_automatic_ports = $2;
845 server_do_ip4: VAR_DO_IP4 STRING_ARG
847 OUTYY(("P(server_do_ip4:%s)\n", $2));
848 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849 yyerror("expected yes or no.");
850 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
854 server_do_ip6: VAR_DO_IP6 STRING_ARG
856 OUTYY(("P(server_do_ip6:%s)\n", $2));
857 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
858 yyerror("expected yes or no.");
859 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
863 server_do_nat64: VAR_DO_NAT64 STRING_ARG
865 OUTYY(("P(server_do_nat64:%s)\n", $2));
866 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
867 yyerror("expected yes or no.");
868 else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
872 server_do_udp: VAR_DO_UDP STRING_ARG
874 OUTYY(("P(server_do_udp:%s)\n", $2));
875 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
876 yyerror("expected yes or no.");
877 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
881 server_do_tcp: VAR_DO_TCP STRING_ARG
883 OUTYY(("P(server_do_tcp:%s)\n", $2));
884 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
885 yyerror("expected yes or no.");
886 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
890 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
892 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
893 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
894 yyerror("expected yes or no.");
895 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
899 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
901 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
902 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
903 yyerror("expected yes or no.");
904 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
908 server_tcp_mss: VAR_TCP_MSS STRING_ARG
910 OUTYY(("P(server_tcp_mss:%s)\n", $2));
911 if(atoi($2) == 0 && strcmp($2, "0") != 0)
912 yyerror("number expected");
913 else cfg_parser->cfg->tcp_mss = atoi($2);
917 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
919 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
920 if(atoi($2) == 0 && strcmp($2, "0") != 0)
921 yyerror("number expected");
922 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
926 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
928 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
929 if(atoi($2) == 0 && strcmp($2, "0") != 0)
930 yyerror("number expected");
931 else if (atoi($2) > 120000)
932 cfg_parser->cfg->tcp_idle_timeout = 120000;
933 else if (atoi($2) < 1)
934 cfg_parser->cfg->tcp_idle_timeout = 1;
935 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
939 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
941 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
942 if(atoi($2) == 0 && strcmp($2, "0") != 0)
943 yyerror("number expected");
944 else if (atoi($2) < 1)
945 cfg_parser->cfg->max_reuse_tcp_queries = 0;
946 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
950 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
952 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
953 if(atoi($2) == 0 && strcmp($2, "0") != 0)
954 yyerror("number expected");
955 else if (atoi($2) < 1)
956 cfg_parser->cfg->tcp_reuse_timeout = 0;
957 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
961 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
963 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
964 if(atoi($2) == 0 && strcmp($2, "0") != 0)
965 yyerror("number expected");
966 else if (atoi($2) < 1)
967 cfg_parser->cfg->tcp_auth_query_timeout = 0;
968 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
972 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
974 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
975 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
976 yyerror("expected yes or no.");
977 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
981 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
983 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
984 if(atoi($2) == 0 && strcmp($2, "0") != 0)
985 yyerror("number expected");
986 else if (atoi($2) > 6553500)
987 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
988 else if (atoi($2) < 1)
989 cfg_parser->cfg->tcp_keepalive_timeout = 0;
990 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
994 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
996 OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
997 if(atoi($2) == 0 && strcmp($2, "0") != 0)
998 yyerror("number expected");
999 else if (atoi($2) > 6553500)
1000 cfg_parser->cfg->sock_queue_timeout = 6553500;
1001 else if (atoi($2) < 1)
1002 cfg_parser->cfg->sock_queue_timeout = 0;
1003 else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1007 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1009 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1010 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1011 yyerror("expected yes or no.");
1012 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1016 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1018 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1019 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1020 yyerror("expected yes or no.");
1021 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1025 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1027 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1028 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1029 yyerror("expected yes or no.");
1030 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1034 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1036 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1037 free(cfg_parser->cfg->ssl_service_key);
1038 cfg_parser->cfg->ssl_service_key = $2;
1041 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1043 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1044 free(cfg_parser->cfg->ssl_service_pem);
1045 cfg_parser->cfg->ssl_service_pem = $2;
1048 server_ssl_port: VAR_SSL_PORT STRING_ARG
1050 OUTYY(("P(server_ssl_port:%s)\n", $2));
1052 yyerror("port number expected");
1053 else cfg_parser->cfg->ssl_port = atoi($2);
1057 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1059 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1060 free(cfg_parser->cfg->tls_cert_bundle);
1061 cfg_parser->cfg->tls_cert_bundle = $2;
1064 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1066 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1067 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1068 yyerror("expected yes or no.");
1069 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1073 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1075 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1076 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1078 yyerror("out of memory");
1081 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1083 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1084 free(cfg_parser->cfg->tls_ciphers);
1085 cfg_parser->cfg->tls_ciphers = $2;
1088 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1090 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1091 free(cfg_parser->cfg->tls_ciphersuites);
1092 cfg_parser->cfg->tls_ciphersuites = $2;
1095 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1097 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1098 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1100 yyerror("out of memory");
1103 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1105 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1106 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1107 yyerror("expected yes or no.");
1108 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1112 server_https_port: VAR_HTTPS_PORT STRING_ARG
1114 OUTYY(("P(server_https_port:%s)\n", $2));
1116 yyerror("port number expected");
1117 else cfg_parser->cfg->https_port = atoi($2);
1120 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1122 OUTYY(("P(server_http_endpoint:%s)\n", $2));
1123 free(cfg_parser->cfg->http_endpoint);
1124 if($2 && $2[0] != '/') {
1125 cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1126 if(!cfg_parser->cfg->http_endpoint)
1127 yyerror("out of memory");
1128 cfg_parser->cfg->http_endpoint[0] = '/';
1129 memmove(cfg_parser->cfg->http_endpoint+1, $2,
1133 cfg_parser->cfg->http_endpoint = $2;
1136 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1138 OUTYY(("P(server_http_max_streams:%s)\n", $2));
1139 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1140 yyerror("number expected");
1141 else cfg_parser->cfg->http_max_streams = atoi($2);
1144 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1146 OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1147 if(!cfg_parse_memsize($2,
1148 &cfg_parser->cfg->http_query_buffer_size))
1149 yyerror("memory size expected");
1152 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1154 OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1155 if(!cfg_parse_memsize($2,
1156 &cfg_parser->cfg->http_response_buffer_size))
1157 yyerror("memory size expected");
1160 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1162 OUTYY(("P(server_http_nodelay:%s)\n", $2));
1163 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1164 yyerror("expected yes or no.");
1165 else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1168 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1170 OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1171 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1172 yyerror("expected yes or no.");
1173 else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1176 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1178 OUTYY(("P(server_use_systemd:%s)\n", $2));
1179 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180 yyerror("expected yes or no.");
1181 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1185 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1187 OUTYY(("P(server_do_daemonize:%s)\n", $2));
1188 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1189 yyerror("expected yes or no.");
1190 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1194 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1196 OUTYY(("P(server_use_syslog:%s)\n", $2));
1197 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1198 yyerror("expected yes or no.");
1199 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1200 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1201 if(strcmp($2, "yes") == 0)
1202 yyerror("no syslog services are available. "
1203 "(reconfigure and compile to add)");
1208 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1210 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1211 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1212 yyerror("expected yes or no.");
1213 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1217 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1219 OUTYY(("P(server_log_queries:%s)\n", $2));
1220 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1221 yyerror("expected yes or no.");
1222 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1226 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1228 OUTYY(("P(server_log_replies:%s)\n", $2));
1229 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1230 yyerror("expected yes or no.");
1231 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1235 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1237 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1238 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1239 yyerror("expected yes or no.");
1240 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1244 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1246 OUTYY(("P(server_log_servfail:%s)\n", $2));
1247 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1248 yyerror("expected yes or no.");
1249 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1253 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1255 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1256 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1257 yyerror("expected yes or no.");
1258 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1262 server_chroot: VAR_CHROOT STRING_ARG
1264 OUTYY(("P(server_chroot:%s)\n", $2));
1265 free(cfg_parser->cfg->chrootdir);
1266 cfg_parser->cfg->chrootdir = $2;
1269 server_username: VAR_USERNAME STRING_ARG
1271 OUTYY(("P(server_username:%s)\n", $2));
1272 free(cfg_parser->cfg->username);
1273 cfg_parser->cfg->username = $2;
1276 server_directory: VAR_DIRECTORY STRING_ARG
1278 OUTYY(("P(server_directory:%s)\n", $2));
1279 free(cfg_parser->cfg->directory);
1280 cfg_parser->cfg->directory = $2;
1281 /* change there right away for includes relative to this */
1284 #ifdef UB_ON_WINDOWS
1285 w_config_adjust_directory(cfg_parser->cfg);
1287 d = cfg_parser->cfg->directory;
1288 /* adjust directory if we have already chroot,
1289 * like, we reread after sighup */
1290 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1291 strncmp(d, cfg_parser->chroot, strlen(
1292 cfg_parser->chroot)) == 0)
1293 d += strlen(cfg_parser->chroot);
1296 log_err("cannot chdir to directory: %s (%s)",
1297 d, strerror(errno));
1302 server_logfile: VAR_LOGFILE STRING_ARG
1304 OUTYY(("P(server_logfile:%s)\n", $2));
1305 free(cfg_parser->cfg->logfile);
1306 cfg_parser->cfg->logfile = $2;
1307 cfg_parser->cfg->use_syslog = 0;
1310 server_pidfile: VAR_PIDFILE STRING_ARG
1312 OUTYY(("P(server_pidfile:%s)\n", $2));
1313 free(cfg_parser->cfg->pidfile);
1314 cfg_parser->cfg->pidfile = $2;
1317 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1319 OUTYY(("P(server_root_hints:%s)\n", $2));
1320 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1321 yyerror("out of memory");
1324 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1326 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1327 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1331 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1333 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1334 log_warn("option dlv-anchor ignored: DLV is decommissioned");
1338 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1340 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1341 if(!cfg_strlist_insert(&cfg_parser->cfg->
1342 auto_trust_anchor_file_list, $2))
1343 yyerror("out of memory");
1346 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1348 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1349 if(!cfg_strlist_insert(&cfg_parser->cfg->
1350 trust_anchor_file_list, $2))
1351 yyerror("out of memory");
1354 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1356 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1357 if(!cfg_strlist_insert(&cfg_parser->cfg->
1358 trusted_keys_file_list, $2))
1359 yyerror("out of memory");
1362 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1364 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1365 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1366 yyerror("out of memory");
1369 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1371 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1372 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1373 yyerror("expected yes or no.");
1375 cfg_parser->cfg->trust_anchor_signaling =
1376 (strcmp($2, "yes")==0);
1380 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1382 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1383 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1384 yyerror("expected yes or no.");
1386 cfg_parser->cfg->root_key_sentinel =
1387 (strcmp($2, "yes")==0);
1391 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1393 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1394 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1395 yyerror("out of memory");
1398 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1400 OUTYY(("P(server_hide_identity:%s)\n", $2));
1401 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1402 yyerror("expected yes or no.");
1403 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1407 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1409 OUTYY(("P(server_hide_version:%s)\n", $2));
1410 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1411 yyerror("expected yes or no.");
1412 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1416 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1418 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1419 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1420 yyerror("expected yes or no.");
1421 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1425 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1427 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1428 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1429 yyerror("expected yes or no.");
1430 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1434 server_identity: VAR_IDENTITY STRING_ARG
1436 OUTYY(("P(server_identity:%s)\n", $2));
1437 free(cfg_parser->cfg->identity);
1438 cfg_parser->cfg->identity = $2;
1441 server_version: VAR_VERSION STRING_ARG
1443 OUTYY(("P(server_version:%s)\n", $2));
1444 free(cfg_parser->cfg->version);
1445 cfg_parser->cfg->version = $2;
1448 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1450 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1451 free(cfg_parser->cfg->http_user_agent);
1452 cfg_parser->cfg->http_user_agent = $2;
1455 server_nsid: VAR_NSID STRING_ARG
1457 OUTYY(("P(server_nsid:%s)\n", $2));
1458 free(cfg_parser->cfg->nsid_cfg_str);
1459 cfg_parser->cfg->nsid_cfg_str = $2;
1460 free(cfg_parser->cfg->nsid);
1461 cfg_parser->cfg->nsid = NULL;
1462 cfg_parser->cfg->nsid_len = 0;
1464 ; /* pass; empty string is not setting nsid */
1465 else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1466 $2, &cfg_parser->cfg->nsid_len)))
1467 yyerror("the NSID must be either a hex string or an "
1468 "ascii character string prepended with ascii_.");
1471 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1473 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1474 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1475 yyerror("buffer size expected");
1479 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1481 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1482 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1483 yyerror("buffer size expected");
1487 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1489 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1490 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1491 yyerror("expected yes or no.");
1492 else cfg_parser->cfg->so_reuseport =
1493 (strcmp($2, "yes")==0);
1497 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1499 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1500 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1501 yyerror("expected yes or no.");
1502 else cfg_parser->cfg->ip_transparent =
1503 (strcmp($2, "yes")==0);
1507 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1509 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1510 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1511 yyerror("expected yes or no.");
1512 else cfg_parser->cfg->ip_freebind =
1513 (strcmp($2, "yes")==0);
1517 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1519 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1520 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1521 yyerror("number expected");
1522 else if (atoi($2) > 63)
1523 yyerror("value too large (max 63)");
1524 else if (atoi($2) < 0)
1525 yyerror("value too small (min 0)");
1527 cfg_parser->cfg->ip_dscp = atoi($2);
1531 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1533 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1534 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1535 yyerror("memory size expected");
1539 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1541 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1543 yyerror("number expected");
1544 else if (atoi($2) < 12)
1545 yyerror("edns buffer size too small");
1546 else if (atoi($2) > 65535)
1547 cfg_parser->cfg->edns_buffer_size = 65535;
1548 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1552 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1554 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1556 yyerror("number expected");
1557 else if (atoi($2) < 4096)
1558 yyerror("message buffer size too small (use 4096)");
1559 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1563 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1565 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1566 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1567 yyerror("memory size expected");
1571 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1573 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1575 yyerror("number expected");
1577 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1578 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1579 yyerror("must be a power of 2");
1584 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1586 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1588 yyerror("number expected");
1589 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1593 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1595 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1596 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1597 yyerror("number expected");
1598 else cfg_parser->cfg->jostle_time = atoi($2);
1602 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1604 OUTYY(("P(server_delay_close:%s)\n", $2));
1605 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1606 yyerror("number expected");
1607 else cfg_parser->cfg->delay_close = atoi($2);
1611 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1613 OUTYY(("P(server_udp_connect:%s)\n", $2));
1614 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1615 yyerror("expected yes or no.");
1616 else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1620 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1622 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1623 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1624 yyerror("expected yes or no.");
1625 else cfg_parser->cfg->unblock_lan_zones =
1626 (strcmp($2, "yes")==0);
1630 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1632 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1633 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1634 yyerror("expected yes or no.");
1635 else cfg_parser->cfg->insecure_lan_zones =
1636 (strcmp($2, "yes")==0);
1640 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1642 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1643 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1644 yyerror("memory size expected");
1648 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1650 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1652 yyerror("number expected");
1654 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1655 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1656 yyerror("must be a power of 2");
1661 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1663 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1664 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1665 yyerror("number expected");
1666 else cfg_parser->cfg->host_ttl = atoi($2);
1670 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1672 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1673 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1674 "removed, use infra-host-ttl)", $2);
1678 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1680 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1682 yyerror("number expected");
1683 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1687 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1689 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1690 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1691 "(option removed, use infra-cache-numhosts)", $2);
1695 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1697 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1699 yyerror("number expected");
1701 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1702 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1703 yyerror("must be a power of 2");
1708 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1710 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1711 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1712 yyerror("number expected");
1713 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1717 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1719 OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1720 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1721 yyerror("number expected");
1722 else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1726 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1728 OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1729 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1730 yyerror("expected yes or no.");
1731 else cfg_parser->cfg->infra_keep_probing =
1732 (strcmp($2, "yes")==0);
1736 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1738 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1739 free(cfg_parser->cfg->target_fetch_policy);
1740 cfg_parser->cfg->target_fetch_policy = $2;
1743 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1745 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1746 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1747 yyerror("expected yes or no.");
1748 else cfg_parser->cfg->harden_short_bufsize =
1749 (strcmp($2, "yes")==0);
1753 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1755 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1756 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1757 yyerror("expected yes or no.");
1758 else cfg_parser->cfg->harden_large_queries =
1759 (strcmp($2, "yes")==0);
1763 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1765 OUTYY(("P(server_harden_glue:%s)\n", $2));
1766 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1767 yyerror("expected yes or no.");
1768 else cfg_parser->cfg->harden_glue =
1769 (strcmp($2, "yes")==0);
1773 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1775 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1776 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1777 yyerror("expected yes or no.");
1778 else cfg_parser->cfg->harden_dnssec_stripped =
1779 (strcmp($2, "yes")==0);
1783 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1785 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1786 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1787 yyerror("expected yes or no.");
1788 else cfg_parser->cfg->harden_below_nxdomain =
1789 (strcmp($2, "yes")==0);
1793 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1795 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1796 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1797 yyerror("expected yes or no.");
1798 else cfg_parser->cfg->harden_referral_path =
1799 (strcmp($2, "yes")==0);
1803 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1805 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1806 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1807 yyerror("expected yes or no.");
1808 else cfg_parser->cfg->harden_algo_downgrade =
1809 (strcmp($2, "yes")==0);
1813 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1815 OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1816 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1817 yyerror("expected yes or no.");
1818 else cfg_parser->cfg->harden_unknown_additional =
1819 (strcmp($2, "yes")==0);
1823 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1825 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1826 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1827 yyerror("expected yes or no.");
1828 else cfg_parser->cfg->use_caps_bits_for_id =
1829 (strcmp($2, "yes")==0);
1833 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1835 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1836 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1837 yyerror("out of memory");
1840 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1842 OUTYY(("P(server_private_address:%s)\n", $2));
1843 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1844 yyerror("out of memory");
1847 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1849 OUTYY(("P(server_private_domain:%s)\n", $2));
1850 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1851 yyerror("out of memory");
1854 server_prefetch: VAR_PREFETCH STRING_ARG
1856 OUTYY(("P(server_prefetch:%s)\n", $2));
1857 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1858 yyerror("expected yes or no.");
1859 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1863 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1865 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1866 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1867 yyerror("expected yes or no.");
1868 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1872 server_deny_any: VAR_DENY_ANY STRING_ARG
1874 OUTYY(("P(server_deny_any:%s)\n", $2));
1875 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1876 yyerror("expected yes or no.");
1877 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1881 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1883 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1884 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1885 yyerror("number expected");
1886 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1890 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1892 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1893 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1894 yyerror("out of memory");
1897 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1899 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1900 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1901 yyerror("expected yes or no.");
1902 else cfg_parser->cfg->donotquery_localhost =
1903 (strcmp($2, "yes")==0);
1907 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1909 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1910 validate_acl_action($3);
1911 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1912 fatal_exit("out of memory adding acl");
1915 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
1917 OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
1918 validate_acl_action($3);
1919 if(!cfg_str2list_insert(
1920 &cfg_parser->cfg->interface_actions, $2, $3))
1921 fatal_exit("out of memory adding acl");
1924 server_module_conf: VAR_MODULE_CONF STRING_ARG
1926 OUTYY(("P(server_module_conf:%s)\n", $2));
1927 free(cfg_parser->cfg->module_conf);
1928 cfg_parser->cfg->module_conf = $2;
1931 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1933 OUTYY(("P(server_val_override_date:%s)\n", $2));
1934 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1935 cfg_parser->cfg->val_date_override = 0;
1936 } else if(strlen($2) == 14) {
1937 cfg_parser->cfg->val_date_override =
1938 cfg_convert_timeval($2);
1939 if(!cfg_parser->cfg->val_date_override)
1940 yyerror("bad date/time specification");
1943 yyerror("number expected");
1944 cfg_parser->cfg->val_date_override = atoi($2);
1949 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1951 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1952 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1953 cfg_parser->cfg->val_sig_skew_min = 0;
1955 cfg_parser->cfg->val_sig_skew_min = atoi($2);
1956 if(!cfg_parser->cfg->val_sig_skew_min)
1957 yyerror("number expected");
1962 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1964 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1965 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1966 cfg_parser->cfg->val_sig_skew_max = 0;
1968 cfg_parser->cfg->val_sig_skew_max = atoi($2);
1969 if(!cfg_parser->cfg->val_sig_skew_max)
1970 yyerror("number expected");
1975 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1977 OUTYY(("P(server_val_max_restart:%s)\n", $2));
1978 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1979 cfg_parser->cfg->val_max_restart = 0;
1981 cfg_parser->cfg->val_max_restart = atoi($2);
1982 if(!cfg_parser->cfg->val_max_restart)
1983 yyerror("number expected");
1988 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1990 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1991 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1992 yyerror("number expected");
1993 else cfg_parser->cfg->max_ttl = atoi($2);
1997 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1999 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2000 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2001 yyerror("number expected");
2002 else cfg_parser->cfg->max_negative_ttl = atoi($2);
2006 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2008 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2009 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2010 yyerror("number expected");
2011 else cfg_parser->cfg->min_ttl = atoi($2);
2015 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2017 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2018 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2019 yyerror("number expected");
2020 else cfg_parser->cfg->bogus_ttl = atoi($2);
2024 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2026 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2027 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2028 yyerror("expected yes or no.");
2029 else cfg_parser->cfg->val_clean_additional =
2030 (strcmp($2, "yes")==0);
2034 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2036 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2037 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2038 yyerror("expected yes or no.");
2039 else cfg_parser->cfg->val_permissive_mode =
2040 (strcmp($2, "yes")==0);
2044 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2046 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2047 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2048 yyerror("expected yes or no.");
2050 cfg_parser->cfg->aggressive_nsec =
2051 (strcmp($2, "yes")==0);
2055 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2057 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2058 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2059 yyerror("expected yes or no.");
2060 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2064 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2066 OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2067 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2068 yyerror("expected yes or no.");
2069 else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2073 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2075 OUTYY(("P(server_serve_expired:%s)\n", $2));
2076 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2077 yyerror("expected yes or no.");
2078 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2082 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2084 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2085 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2086 yyerror("number expected");
2087 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2091 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2093 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2094 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2095 yyerror("expected yes or no.");
2096 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2100 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2102 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2103 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2104 yyerror("number expected");
2105 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2109 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2111 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2112 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2113 yyerror("number expected");
2114 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2118 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2120 OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2121 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2122 yyerror("expected yes or no.");
2123 else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2127 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2129 OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2130 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2131 yyerror("expected yes or no.");
2132 else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2136 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2138 OUTYY(("P(server_fake_dsa:%s)\n", $2));
2139 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140 yyerror("expected yes or no.");
2141 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2142 else fake_dsa = (strcmp($2, "yes")==0);
2144 log_warn("test option fake_dsa is enabled");
2149 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2151 OUTYY(("P(server_fake_sha1:%s)\n", $2));
2152 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2153 yyerror("expected yes or no.");
2154 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2155 else fake_sha1 = (strcmp($2, "yes")==0);
2157 log_warn("test option fake_sha1 is enabled");
2162 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2164 OUTYY(("P(server_val_log_level:%s)\n", $2));
2165 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2166 yyerror("number expected");
2167 else cfg_parser->cfg->val_log_level = atoi($2);
2171 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2173 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2174 free(cfg_parser->cfg->val_nsec3_key_iterations);
2175 cfg_parser->cfg->val_nsec3_key_iterations = $2;
2178 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2180 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2181 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2182 yyerror("expected yes or no.");
2183 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2187 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2189 OUTYY(("P(server_add_holddown:%s)\n", $2));
2190 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2191 yyerror("number expected");
2192 else cfg_parser->cfg->add_holddown = atoi($2);
2196 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2198 OUTYY(("P(server_del_holddown:%s)\n", $2));
2199 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2200 yyerror("number expected");
2201 else cfg_parser->cfg->del_holddown = atoi($2);
2205 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2207 OUTYY(("P(server_keep_missing:%s)\n", $2));
2208 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2209 yyerror("number expected");
2210 else cfg_parser->cfg->keep_missing = atoi($2);
2214 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2216 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2217 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2218 yyerror("expected yes or no.");
2219 else cfg_parser->cfg->permit_small_holddown =
2220 (strcmp($2, "yes")==0);
2224 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2226 OUTYY(("P(server_key_cache_size:%s)\n", $2));
2227 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2228 yyerror("memory size expected");
2232 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2234 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2236 yyerror("number expected");
2238 cfg_parser->cfg->key_cache_slabs = atoi($2);
2239 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2240 yyerror("must be a power of 2");
2245 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2247 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2248 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2249 yyerror("memory size expected");
2253 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2255 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2256 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2257 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2258 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2259 && strcmp($3, "typetransparent")!=0
2260 && strcmp($3, "always_transparent")!=0
2261 && strcmp($3, "block_a")!=0
2262 && strcmp($3, "always_refuse")!=0
2263 && strcmp($3, "always_nxdomain")!=0
2264 && strcmp($3, "always_nodata")!=0
2265 && strcmp($3, "always_deny")!=0
2266 && strcmp($3, "always_null")!=0
2267 && strcmp($3, "noview")!=0
2268 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2269 && strcmp($3, "inform_redirect") != 0
2270 && strcmp($3, "ipset") != 0) {
2271 yyerror("local-zone type: expected static, deny, "
2272 "refuse, redirect, transparent, "
2273 "typetransparent, inform, inform_deny, "
2274 "inform_redirect, always_transparent, block_a,"
2275 "always_refuse, always_nxdomain, "
2276 "always_nodata, always_deny, always_null, "
2277 "noview, nodefault or ipset");
2280 } else if(strcmp($3, "nodefault")==0) {
2281 if(!cfg_strlist_insert(&cfg_parser->cfg->
2282 local_zones_nodefault, $2))
2283 fatal_exit("out of memory adding local-zone");
2286 } else if(strcmp($3, "ipset")==0) {
2287 size_t len = strlen($2);
2288 /* Make sure to add the trailing dot.
2289 * These are str compared to domain names. */
2290 if($2[len-1] != '.') {
2291 if(!($2 = realloc($2, len+2))) {
2292 fatal_exit("out of memory adding local-zone");
2297 if(!cfg_strlist_insert(&cfg_parser->cfg->
2298 local_zones_ipset, $2))
2299 fatal_exit("out of memory adding local-zone");
2303 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2305 fatal_exit("out of memory adding local-zone");
2309 server_local_data: VAR_LOCAL_DATA STRING_ARG
2311 OUTYY(("P(server_local_data:%s)\n", $2));
2312 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2313 fatal_exit("out of memory adding local-data");
2316 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2319 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2320 ptr = cfg_ptr_reverse($2);
2323 if(!cfg_strlist_insert(&cfg_parser->cfg->
2325 fatal_exit("out of memory adding local-data");
2327 yyerror("local-data-ptr could not be reversed");
2331 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2333 OUTYY(("P(server_minimal_responses:%s)\n", $2));
2334 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2335 yyerror("expected yes or no.");
2336 else cfg_parser->cfg->minimal_responses =
2337 (strcmp($2, "yes")==0);
2341 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2343 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2344 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2345 yyerror("expected yes or no.");
2346 else cfg_parser->cfg->rrset_roundrobin =
2347 (strcmp($2, "yes")==0);
2351 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2353 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2354 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2358 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2360 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2361 cfg_parser->cfg->max_udp_size = atoi($2);
2365 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2367 OUTYY(("P(dns64_prefix:%s)\n", $2));
2368 free(cfg_parser->cfg->dns64_prefix);
2369 cfg_parser->cfg->dns64_prefix = $2;
2372 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2374 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2375 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2376 yyerror("expected yes or no.");
2377 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2381 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2383 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2384 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2386 fatal_exit("out of memory adding dns64-ignore-aaaa");
2389 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2391 OUTYY(("P(nat64_prefix:%s)\n", $2));
2392 free(cfg_parser->cfg->nat64_prefix);
2393 cfg_parser->cfg->nat64_prefix = $2;
2396 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2399 OUTYY(("P(server_define_tag:%s)\n", $2));
2400 while((p=strsep(&s, " \t\n")) != NULL) {
2402 if(!config_add_tag(cfg_parser->cfg, p))
2403 yyerror("could not define-tag, "
2410 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2413 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2416 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2418 yyerror("could not parse tags, (define-tag them first)");
2422 if(!cfg_strbytelist_insert(
2423 &cfg_parser->cfg->local_zone_tags,
2424 $2, bitlist, len)) {
2425 yyerror("out of memory");
2431 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2434 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2437 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2439 yyerror("could not parse tags, (define-tag them first)");
2443 if(!cfg_strbytelist_insert(
2444 &cfg_parser->cfg->acl_tags,
2445 $2, bitlist, len)) {
2446 yyerror("out of memory");
2452 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2454 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2455 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2457 yyerror("out of memory");
2464 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2466 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2467 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2469 yyerror("out of memory");
2476 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2478 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2479 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2481 yyerror("out of memory");
2488 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2490 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2491 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2493 yyerror("out of memory");
2497 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2500 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2503 OUTYY(("P(server_interface_tag:%s)\n", $2));
2505 yyerror("could not parse tags, (define-tag them first)");
2509 if(!cfg_strbytelist_insert(
2510 &cfg_parser->cfg->interface_tags,
2511 $2, bitlist, len)) {
2512 yyerror("out of memory");
2518 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2520 OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2521 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2523 yyerror("out of memory");
2530 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2532 OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2533 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2535 yyerror("out of memory");
2542 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2544 OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2545 if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2547 yyerror("out of memory");
2551 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2554 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2557 OUTYY(("P(response_ip_tag:%s)\n", $2));
2559 yyerror("could not parse tags, (define-tag them first)");
2563 if(!cfg_strbytelist_insert(
2564 &cfg_parser->cfg->respip_tags,
2565 $2, bitlist, len)) {
2566 yyerror("out of memory");
2572 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2574 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2575 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2576 yyerror("number expected");
2577 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2581 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2583 OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2584 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2585 yyerror("number expected");
2586 else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2590 server_ratelimit: VAR_RATELIMIT STRING_ARG
2592 OUTYY(("P(server_ratelimit:%s)\n", $2));
2593 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2594 yyerror("number expected");
2595 else cfg_parser->cfg->ratelimit = atoi($2);
2599 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2601 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2602 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2603 yyerror("memory size expected");
2607 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2609 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2610 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2611 yyerror("memory size expected");
2615 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2617 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2619 yyerror("number expected");
2621 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2622 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2623 yyerror("must be a power of 2");
2628 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2630 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2632 yyerror("number expected");
2634 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2635 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2636 yyerror("must be a power of 2");
2641 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2643 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2644 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2645 yyerror("number expected");
2649 if(!cfg_str2list_insert(&cfg_parser->cfg->
2650 ratelimit_for_domain, $2, $3))
2651 fatal_exit("out of memory adding "
2652 "ratelimit-for-domain");
2656 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2658 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2659 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2660 yyerror("number expected");
2664 if(!cfg_str2list_insert(&cfg_parser->cfg->
2665 ratelimit_below_domain, $2, $3))
2666 fatal_exit("out of memory adding "
2667 "ratelimit-below-domain");
2671 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2673 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2674 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2675 yyerror("number expected");
2676 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2680 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2682 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2683 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2684 yyerror("number expected");
2685 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2689 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2691 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2692 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2693 yyerror("expected yes or no.");
2694 else cfg_parser->cfg->ip_ratelimit_backoff =
2695 (strcmp($2, "yes")==0);
2699 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2701 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2702 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2703 yyerror("expected yes or no.");
2704 else cfg_parser->cfg->ratelimit_backoff =
2705 (strcmp($2, "yes")==0);
2709 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2711 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2712 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2713 yyerror("number expected");
2714 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2718 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2720 OUTYY(("P(server_max_sent_count:%s)\n", $2));
2721 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2722 yyerror("number expected");
2723 else cfg_parser->cfg->max_sent_count = atoi($2);
2727 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2729 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2730 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2731 yyerror("number expected");
2732 else cfg_parser->cfg->max_query_restarts = atoi($2);
2736 server_low_rtt: VAR_LOW_RTT STRING_ARG
2738 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2742 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2744 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2746 yyerror("number expected");
2747 else cfg_parser->cfg->fast_server_num = atoi($2);
2751 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2753 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2754 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2755 yyerror("number expected");
2756 else cfg_parser->cfg->fast_server_permil = atoi($2);
2760 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2762 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2763 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2764 yyerror("expected yes or no.");
2765 else cfg_parser->cfg->qname_minimisation =
2766 (strcmp($2, "yes")==0);
2770 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2772 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2773 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2774 yyerror("expected yes or no.");
2775 else cfg_parser->cfg->qname_minimisation_strict =
2776 (strcmp($2, "yes")==0);
2780 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2782 OUTYY(("P(server_pad_responses:%s)\n", $2));
2783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784 yyerror("expected yes or no.");
2785 else cfg_parser->cfg->pad_responses =
2786 (strcmp($2, "yes")==0);
2790 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2792 OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2794 yyerror("number expected");
2795 else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2799 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2801 OUTYY(("P(server_pad_queries:%s)\n", $2));
2802 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2803 yyerror("expected yes or no.");
2804 else cfg_parser->cfg->pad_queries =
2805 (strcmp($2, "yes")==0);
2809 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2811 OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2813 yyerror("number expected");
2814 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2818 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2821 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2822 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2823 yyerror("expected yes or no.");
2824 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2826 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2831 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2834 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2835 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2836 yyerror("expected yes or no.");
2837 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2839 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2844 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2847 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2848 free(cfg_parser->cfg->ipsecmod_hook);
2849 cfg_parser->cfg->ipsecmod_hook = $2;
2851 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2856 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2859 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2860 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2861 yyerror("number expected");
2862 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2865 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2870 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2873 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2874 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2875 yyerror("out of memory");
2877 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2882 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2885 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2886 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2887 yyerror("expected yes or no.");
2888 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2891 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2896 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2898 OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2899 if(!cfg_str2list_insert(
2900 &cfg_parser->cfg->edns_client_strings, $2, $3))
2901 fatal_exit("out of memory adding "
2902 "edns-client-string");
2905 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2907 OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2908 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2909 yyerror("option code expected");
2910 else if(atoi($2) > 65535 || atoi($2) < 0)
2911 yyerror("option code must be in interval [0, 65535]");
2912 else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2916 server_ede: VAR_EDE STRING_ARG
2918 OUTYY(("P(server_ede:%s)\n", $2));
2919 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2920 yyerror("expected yes or no.");
2921 else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2925 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
2927 OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
2928 if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
2929 yyerror("out of memory");
2932 stub_name: VAR_NAME STRING_ARG
2934 OUTYY(("P(name:%s)\n", $2));
2935 if(cfg_parser->cfg->stubs->name)
2936 yyerror("stub name override, there must be one name "
2937 "for one stub-zone");
2938 free(cfg_parser->cfg->stubs->name);
2939 cfg_parser->cfg->stubs->name = $2;
2942 stub_host: VAR_STUB_HOST STRING_ARG
2944 OUTYY(("P(stub-host:%s)\n", $2));
2945 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2946 yyerror("out of memory");
2949 stub_addr: VAR_STUB_ADDR STRING_ARG
2951 OUTYY(("P(stub-addr:%s)\n", $2));
2952 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2953 yyerror("out of memory");
2956 stub_first: VAR_STUB_FIRST STRING_ARG
2958 OUTYY(("P(stub-first:%s)\n", $2));
2959 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2960 yyerror("expected yes or no.");
2961 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2965 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2967 OUTYY(("P(stub-no-cache:%s)\n", $2));
2968 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2969 yyerror("expected yes or no.");
2970 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2974 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2976 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2977 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2978 yyerror("expected yes or no.");
2979 else cfg_parser->cfg->stubs->ssl_upstream =
2980 (strcmp($2, "yes")==0);
2984 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2986 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2987 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2988 yyerror("expected yes or no.");
2989 else cfg_parser->cfg->stubs->tcp_upstream =
2990 (strcmp($2, "yes")==0);
2994 stub_prime: VAR_STUB_PRIME STRING_ARG
2996 OUTYY(("P(stub-prime:%s)\n", $2));
2997 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2998 yyerror("expected yes or no.");
2999 else cfg_parser->cfg->stubs->isprime =
3000 (strcmp($2, "yes")==0);
3004 forward_name: VAR_NAME STRING_ARG
3006 OUTYY(("P(name:%s)\n", $2));
3007 if(cfg_parser->cfg->forwards->name)
3008 yyerror("forward name override, there must be one "
3009 "name for one forward-zone");
3010 free(cfg_parser->cfg->forwards->name);
3011 cfg_parser->cfg->forwards->name = $2;
3014 forward_host: VAR_FORWARD_HOST STRING_ARG
3016 OUTYY(("P(forward-host:%s)\n", $2));
3017 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3018 yyerror("out of memory");
3021 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3023 OUTYY(("P(forward-addr:%s)\n", $2));
3024 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3025 yyerror("out of memory");
3028 forward_first: VAR_FORWARD_FIRST STRING_ARG
3030 OUTYY(("P(forward-first:%s)\n", $2));
3031 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3032 yyerror("expected yes or no.");
3033 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3037 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3039 OUTYY(("P(forward-no-cache:%s)\n", $2));
3040 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3041 yyerror("expected yes or no.");
3042 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3046 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3048 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3049 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3050 yyerror("expected yes or no.");
3051 else cfg_parser->cfg->forwards->ssl_upstream =
3052 (strcmp($2, "yes")==0);
3056 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3058 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3059 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3060 yyerror("expected yes or no.");
3061 else cfg_parser->cfg->forwards->tcp_upstream =
3062 (strcmp($2, "yes")==0);
3066 auth_name: VAR_NAME STRING_ARG
3068 OUTYY(("P(name:%s)\n", $2));
3069 if(cfg_parser->cfg->auths->name)
3070 yyerror("auth name override, there must be one name "
3071 "for one auth-zone");
3072 free(cfg_parser->cfg->auths->name);
3073 cfg_parser->cfg->auths->name = $2;
3076 auth_zonefile: VAR_ZONEFILE STRING_ARG
3078 OUTYY(("P(zonefile:%s)\n", $2));
3079 free(cfg_parser->cfg->auths->zonefile);
3080 cfg_parser->cfg->auths->zonefile = $2;
3083 auth_master: VAR_MASTER STRING_ARG
3085 OUTYY(("P(master:%s)\n", $2));
3086 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3087 yyerror("out of memory");
3090 auth_url: VAR_URL STRING_ARG
3092 OUTYY(("P(url:%s)\n", $2));
3093 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3094 yyerror("out of memory");
3097 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3099 OUTYY(("P(allow-notify:%s)\n", $2));
3100 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3102 yyerror("out of memory");
3105 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3107 OUTYY(("P(zonemd-check:%s)\n", $2));
3108 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3109 yyerror("expected yes or no.");
3110 else cfg_parser->cfg->auths->zonemd_check =
3111 (strcmp($2, "yes")==0);
3115 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3117 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3118 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3119 yyerror("expected yes or no.");
3120 else cfg_parser->cfg->auths->zonemd_reject_absence =
3121 (strcmp($2, "yes")==0);
3125 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3127 OUTYY(("P(for-downstream:%s)\n", $2));
3128 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3129 yyerror("expected yes or no.");
3130 else cfg_parser->cfg->auths->for_downstream =
3131 (strcmp($2, "yes")==0);
3135 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3137 OUTYY(("P(for-upstream:%s)\n", $2));
3138 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3139 yyerror("expected yes or no.");
3140 else cfg_parser->cfg->auths->for_upstream =
3141 (strcmp($2, "yes")==0);
3145 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3147 OUTYY(("P(fallback-enabled:%s)\n", $2));
3148 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3149 yyerror("expected yes or no.");
3150 else cfg_parser->cfg->auths->fallback_enabled =
3151 (strcmp($2, "yes")==0);
3155 view_name: VAR_NAME STRING_ARG
3157 OUTYY(("P(name:%s)\n", $2));
3158 if(cfg_parser->cfg->views->name)
3159 yyerror("view name override, there must be one "
3160 "name for one view");
3161 free(cfg_parser->cfg->views->name);
3162 cfg_parser->cfg->views->name = $2;
3165 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3167 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3168 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3169 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3170 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3171 && strcmp($3, "typetransparent")!=0
3172 && strcmp($3, "always_transparent")!=0
3173 && strcmp($3, "always_refuse")!=0
3174 && strcmp($3, "always_nxdomain")!=0
3175 && strcmp($3, "always_nodata")!=0
3176 && strcmp($3, "always_deny")!=0
3177 && strcmp($3, "always_null")!=0
3178 && strcmp($3, "noview")!=0
3179 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3180 && strcmp($3, "inform_redirect") != 0
3181 && strcmp($3, "ipset") != 0) {
3182 yyerror("local-zone type: expected static, deny, "
3183 "refuse, redirect, transparent, "
3184 "typetransparent, inform, inform_deny, "
3185 "inform_redirect, always_transparent, "
3186 "always_refuse, always_nxdomain, "
3187 "always_nodata, always_deny, always_null, "
3188 "noview, nodefault or ipset");
3191 } else if(strcmp($3, "nodefault")==0) {
3192 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3193 local_zones_nodefault, $2))
3194 fatal_exit("out of memory adding local-zone");
3197 } else if(strcmp($3, "ipset")==0) {
3198 size_t len = strlen($2);
3199 /* Make sure to add the trailing dot.
3200 * These are str compared to domain names. */
3201 if($2[len-1] != '.') {
3202 if(!($2 = realloc($2, len+2))) {
3203 fatal_exit("out of memory adding local-zone");
3208 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3209 local_zones_ipset, $2))
3210 fatal_exit("out of memory adding local-zone");
3214 if(!cfg_str2list_insert(
3215 &cfg_parser->cfg->views->local_zones,
3217 fatal_exit("out of memory adding local-zone");
3221 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3223 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3224 validate_respip_action($3);
3225 if(!cfg_str2list_insert(
3226 &cfg_parser->cfg->views->respip_actions, $2, $3))
3227 fatal_exit("out of memory adding per-view "
3228 "response-ip action");
3231 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3233 OUTYY(("P(view_response_ip_data:%s)\n", $2));
3234 if(!cfg_str2list_insert(
3235 &cfg_parser->cfg->views->respip_data, $2, $3))
3236 fatal_exit("out of memory adding response-ip-data");
3239 view_local_data: VAR_LOCAL_DATA STRING_ARG
3241 OUTYY(("P(view_local_data:%s)\n", $2));
3242 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3243 fatal_exit("out of memory adding local-data");
3247 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3250 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3251 ptr = cfg_ptr_reverse($2);
3254 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3256 fatal_exit("out of memory adding local-data");
3258 yyerror("local-data-ptr could not be reversed");
3262 view_first: VAR_VIEW_FIRST STRING_ARG
3264 OUTYY(("P(view-first:%s)\n", $2));
3265 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3266 yyerror("expected yes or no.");
3267 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3271 rcstart: VAR_REMOTE_CONTROL
3273 OUTYY(("\nP(remote-control:)\n"));
3274 cfg_parser->started_toplevel = 1;
3277 contents_rc: contents_rc content_rc
3279 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3280 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3281 rc_control_cert_file | rc_control_use_cert
3283 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3285 OUTYY(("P(control_enable:%s)\n", $2));
3286 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3287 yyerror("expected yes or no.");
3288 else cfg_parser->cfg->remote_control_enable =
3289 (strcmp($2, "yes")==0);
3293 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3295 OUTYY(("P(control_port:%s)\n", $2));
3297 yyerror("control port number expected");
3298 else cfg_parser->cfg->control_port = atoi($2);
3302 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3304 OUTYY(("P(control_interface:%s)\n", $2));
3305 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3306 yyerror("out of memory");
3309 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3311 OUTYY(("P(control_use_cert:%s)\n", $2));
3312 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3316 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3318 OUTYY(("P(rc_server_key_file:%s)\n", $2));
3319 free(cfg_parser->cfg->server_key_file);
3320 cfg_parser->cfg->server_key_file = $2;
3323 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3325 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3326 free(cfg_parser->cfg->server_cert_file);
3327 cfg_parser->cfg->server_cert_file = $2;
3330 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3332 OUTYY(("P(rc_control_key_file:%s)\n", $2));
3333 free(cfg_parser->cfg->control_key_file);
3334 cfg_parser->cfg->control_key_file = $2;
3337 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3339 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3340 free(cfg_parser->cfg->control_cert_file);
3341 cfg_parser->cfg->control_cert_file = $2;
3346 OUTYY(("\nP(dnstap:)\n"));
3347 cfg_parser->started_toplevel = 1;
3350 contents_dt: contents_dt content_dt
3352 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3353 dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3354 dt_dnstap_tls_cert_bundle |
3355 dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3356 dt_dnstap_send_identity | dt_dnstap_send_version |
3357 dt_dnstap_identity | dt_dnstap_version |
3358 dt_dnstap_log_resolver_query_messages |
3359 dt_dnstap_log_resolver_response_messages |
3360 dt_dnstap_log_client_query_messages |
3361 dt_dnstap_log_client_response_messages |
3362 dt_dnstap_log_forwarder_query_messages |
3363 dt_dnstap_log_forwarder_response_messages
3365 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3367 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3368 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3369 yyerror("expected yes or no.");
3370 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3374 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3376 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3377 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3378 yyerror("expected yes or no.");
3379 else cfg_parser->cfg->dnstap_bidirectional =
3380 (strcmp($2, "yes")==0);
3384 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3386 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3387 free(cfg_parser->cfg->dnstap_socket_path);
3388 cfg_parser->cfg->dnstap_socket_path = $2;
3391 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3393 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3394 free(cfg_parser->cfg->dnstap_ip);
3395 cfg_parser->cfg->dnstap_ip = $2;
3398 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3400 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3401 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3402 yyerror("expected yes or no.");
3403 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3407 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3409 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3410 free(cfg_parser->cfg->dnstap_tls_server_name);
3411 cfg_parser->cfg->dnstap_tls_server_name = $2;
3414 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3416 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3417 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3418 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3421 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3423 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3424 free(cfg_parser->cfg->dnstap_tls_client_key_file);
3425 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3428 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3430 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3431 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3432 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3435 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3437 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3438 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3439 yyerror("expected yes or no.");
3440 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3444 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3446 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3447 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3448 yyerror("expected yes or no.");
3449 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3453 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3455 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3456 free(cfg_parser->cfg->dnstap_identity);
3457 cfg_parser->cfg->dnstap_identity = $2;
3460 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3462 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3463 free(cfg_parser->cfg->dnstap_version);
3464 cfg_parser->cfg->dnstap_version = $2;
3467 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3469 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3470 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3471 yyerror("expected yes or no.");
3472 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3473 (strcmp($2, "yes")==0);
3477 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3479 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3480 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3481 yyerror("expected yes or no.");
3482 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3483 (strcmp($2, "yes")==0);
3487 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3489 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3490 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3491 yyerror("expected yes or no.");
3492 else cfg_parser->cfg->dnstap_log_client_query_messages =
3493 (strcmp($2, "yes")==0);
3497 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3499 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3500 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3501 yyerror("expected yes or no.");
3502 else cfg_parser->cfg->dnstap_log_client_response_messages =
3503 (strcmp($2, "yes")==0);
3507 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3509 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3510 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3511 yyerror("expected yes or no.");
3512 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3513 (strcmp($2, "yes")==0);
3517 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3519 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3520 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3521 yyerror("expected yes or no.");
3522 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3523 (strcmp($2, "yes")==0);
3527 pythonstart: VAR_PYTHON
3529 OUTYY(("\nP(python:)\n"));
3530 cfg_parser->started_toplevel = 1;
3533 contents_py: contents_py content_py
3535 content_py: py_script
3537 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3539 OUTYY(("P(python-script:%s)\n", $2));
3540 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3541 yyerror("out of memory");
3544 dynlibstart: VAR_DYNLIB
3546 OUTYY(("\nP(dynlib:)\n"));
3547 cfg_parser->started_toplevel = 1;
3550 contents_dl: contents_dl content_dl
3554 dl_file: VAR_DYNLIB_FILE STRING_ARG
3556 OUTYY(("P(dynlib-file:%s)\n", $2));
3557 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3558 yyerror("out of memory");
3561 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3563 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3564 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3565 yyerror("expected yes or no.");
3566 else cfg_parser->cfg->disable_dnssec_lame_check =
3567 (strcmp($2, "yes")==0);
3571 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3573 OUTYY(("P(server_log_identity:%s)\n", $2));
3574 free(cfg_parser->cfg->log_identity);
3575 cfg_parser->cfg->log_identity = $2;
3578 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3580 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3581 validate_respip_action($3);
3582 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3584 fatal_exit("out of memory adding response-ip");
3587 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3589 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3590 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3592 fatal_exit("out of memory adding response-ip-data");
3595 dnscstart: VAR_DNSCRYPT
3597 OUTYY(("\nP(dnscrypt:)\n"));
3598 cfg_parser->started_toplevel = 1;
3601 contents_dnsc: contents_dnsc content_dnsc
3604 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3605 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3606 dnsc_dnscrypt_provider_cert_rotated |
3607 dnsc_dnscrypt_shared_secret_cache_size |
3608 dnsc_dnscrypt_shared_secret_cache_slabs |
3609 dnsc_dnscrypt_nonce_cache_size |
3610 dnsc_dnscrypt_nonce_cache_slabs
3612 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3614 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3615 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3616 yyerror("expected yes or no.");
3617 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3621 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3623 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3625 yyerror("port number expected");
3626 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3630 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3632 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3633 free(cfg_parser->cfg->dnscrypt_provider);
3634 cfg_parser->cfg->dnscrypt_provider = $2;
3637 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3639 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3640 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3641 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3642 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3643 fatal_exit("out of memory adding dnscrypt-provider-cert");
3646 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3648 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3649 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3650 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3653 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3655 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3656 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3657 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3658 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3659 fatal_exit("out of memory adding dnscrypt-secret-key");
3662 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3664 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3665 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3666 yyerror("memory size expected");
3670 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3672 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3674 yyerror("number expected");
3676 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3677 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3678 yyerror("must be a power of 2");
3683 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3685 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3686 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3687 yyerror("memory size expected");
3691 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3693 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3695 yyerror("number expected");
3697 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3698 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3699 yyerror("must be a power of 2");
3704 cachedbstart: VAR_CACHEDB
3706 OUTYY(("\nP(cachedb:)\n"));
3707 cfg_parser->started_toplevel = 1;
3710 contents_cachedb: contents_cachedb content_cachedb
3712 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3713 redis_server_host | redis_server_port | redis_timeout |
3714 redis_expire_records | redis_server_path | redis_server_password |
3715 cachedb_no_store | redis_logical_db
3717 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3720 OUTYY(("P(backend:%s)\n", $2));
3721 free(cfg_parser->cfg->cachedb_backend);
3722 cfg_parser->cfg->cachedb_backend = $2;
3724 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3729 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3732 OUTYY(("P(secret-seed:%s)\n", $2));
3733 free(cfg_parser->cfg->cachedb_secret);
3734 cfg_parser->cfg->cachedb_secret = $2;
3736 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3741 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3744 OUTYY(("P(cachedb_no_store:%s)\n", $2));
3745 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3746 yyerror("expected yes or no.");
3747 else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3749 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3754 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3756 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3757 OUTYY(("P(redis_server_host:%s)\n", $2));
3758 free(cfg_parser->cfg->redis_server_host);
3759 cfg_parser->cfg->redis_server_host = $2;
3761 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3766 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3768 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3770 OUTYY(("P(redis_server_port:%s)\n", $2));
3772 if(port == 0 || port < 0 || port > 65535)
3773 yyerror("valid redis server port number expected");
3774 else cfg_parser->cfg->redis_server_port = port;
3776 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3781 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
3783 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3784 OUTYY(("P(redis_server_path:%s)\n", $2));
3785 free(cfg_parser->cfg->redis_server_path);
3786 cfg_parser->cfg->redis_server_path = $2;
3788 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3793 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
3795 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3796 OUTYY(("P(redis_server_password:%s)\n", $2));
3797 free(cfg_parser->cfg->redis_server_password);
3798 cfg_parser->cfg->redis_server_password = $2;
3800 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3805 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3807 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3808 OUTYY(("P(redis_timeout:%s)\n", $2));
3810 yyerror("redis timeout value expected");
3811 else cfg_parser->cfg->redis_timeout = atoi($2);
3813 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3818 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3820 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3821 OUTYY(("P(redis_expire_records:%s)\n", $2));
3822 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3823 yyerror("expected yes or no.");
3824 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3826 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3831 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
3833 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3835 OUTYY(("P(redis_logical_db:%s)\n", $2));
3837 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
3838 yyerror("valid redis logical database index expected");
3839 else cfg_parser->cfg->redis_logical_db = db;
3841 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3846 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3848 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3850 yyerror("positive number expected");
3852 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3853 fatal_exit("out of memory adding tcp connection limit");
3857 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
3859 OUTYY(("P(server_answer_cookie:%s)\n", $2));
3860 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3861 yyerror("expected yes or no.");
3862 else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
3866 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
3869 size_t secret_len = sizeof(secret);
3871 OUTYY(("P(server_cookie_secret:%s)\n", $2));
3872 if(sldns_str2wire_hex_buf($2, secret, &secret_len)
3873 || (secret_len != 16))
3874 yyerror("expected 128 bit hex string");
3876 cfg_parser->cfg->cookie_secret_len = secret_len;
3877 memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
3882 ipsetstart: VAR_IPSET
3884 OUTYY(("\nP(ipset:)\n"));
3885 cfg_parser->started_toplevel = 1;
3888 contents_ipset: contents_ipset content_ipset
3890 content_ipset: ipset_name_v4 | ipset_name_v6
3892 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3895 OUTYY(("P(name-v4:%s)\n", $2));
3896 if(cfg_parser->cfg->ipset_name_v4)
3897 yyerror("ipset name v4 override, there must be one "
3899 free(cfg_parser->cfg->ipset_name_v4);
3900 cfg_parser->cfg->ipset_name_v4 = $2;
3902 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3907 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3910 OUTYY(("P(name-v6:%s)\n", $2));
3911 if(cfg_parser->cfg->ipset_name_v6)
3912 yyerror("ipset name v6 override, there must be one "
3914 free(cfg_parser->cfg->ipset_name_v6);
3915 cfg_parser->cfg->ipset_name_v6 = $2;
3917 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3924 /* parse helper routines could be here */
3926 validate_respip_action(const char* action)
3928 if(strcmp(action, "deny")!=0 &&
3929 strcmp(action, "redirect")!=0 &&
3930 strcmp(action, "inform")!=0 &&
3931 strcmp(action, "inform_deny")!=0 &&
3932 strcmp(action, "always_transparent")!=0 &&
3933 strcmp(action, "always_refuse")!=0 &&
3934 strcmp(action, "always_nxdomain")!=0)
3936 yyerror("response-ip action: expected deny, redirect, "
3937 "inform, inform_deny, always_transparent, "
3938 "always_refuse or always_nxdomain");
3943 validate_acl_action(const char* action)
3945 if(strcmp(action, "deny")!=0 &&
3946 strcmp(action, "refuse")!=0 &&
3947 strcmp(action, "deny_non_local")!=0 &&
3948 strcmp(action, "refuse_non_local")!=0 &&
3949 strcmp(action, "allow_setrd")!=0 &&
3950 strcmp(action, "allow")!=0 &&
3951 strcmp(action, "allow_snoop")!=0 &&
3952 strcmp(action, "allow_cookie")!=0)
3954 yyerror("expected deny, refuse, deny_non_local, "
3955 "refuse_non_local, allow, allow_setrd, "
3956 "allow_snoop or allow_cookie as access control action");