xref: /netbsd-src/external/bsd/unbound/dist/util/configparser.y (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 
51 int ub_c_lex(void);
52 void ub_c_error(const char *message);
53 
54 static void validate_respip_action(const char* action);
55 
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
58 
59 #if 0
60 #define OUTYY(s)  printf s /* used ONLY when debugging */
61 #else
62 #define OUTYY(s)
63 #endif
64 
65 %}
66 %union {
67 	char*	str;
68 };
69 
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS
76 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
77 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
78 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
79 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
80 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
81 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
82 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
83 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
84 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
85 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
86 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
87 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
88 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
89 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
90 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
91 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
92 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
93 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
94 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
95 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
96 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
97 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
98 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
99 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
100 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
101 %token VAR_CONTROL_USE_CERT
102 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
103 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
104 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
105 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
106 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
107 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
108 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
109 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES
110 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
111 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
112 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM
113 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
114 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
115 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
116 %token VAR_INFRA_CACHE_MIN_RTT
117 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
118 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
119 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
120 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
121 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
122 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
123 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
124 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
125 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
126 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
127 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
128 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
129 %token VAR_DISABLE_DNSSEC_LAME_CHECK
130 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
131 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
132 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
133 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
134 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
135 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
136 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
137 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
138 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
139 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
140 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
141 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
142 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
143 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
144 %token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
145 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
146 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
147 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
148 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
149 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
150 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
151 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
152 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
153 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
154 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM
155 
156 %%
157 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
158 toplevelvar: serverstart contents_server | stubstart contents_stub |
159 	forwardstart contents_forward | pythonstart contents_py |
160 	rcstart contents_rc | dtstart contents_dt | viewstart
161 	contents_view |
162 	dnscstart contents_dnsc |
163 	cachedbstart contents_cachedb
164 	;
165 
166 /* server: declaration */
167 serverstart: VAR_SERVER
168 	{
169 		OUTYY(("\nP(server:)\n"));
170 	}
171 	;
172 contents_server: contents_server content_server
173 	| ;
174 content_server: server_num_threads | server_verbosity | server_port |
175 	server_outgoing_range | server_do_ip4 |
176 	server_do_ip6 | server_prefer_ip6 |
177 	server_do_udp | server_do_tcp |
178 	server_tcp_mss | server_outgoing_tcp_mss |
179 	server_interface | server_chroot | server_username |
180 	server_directory | server_logfile | server_pidfile |
181 	server_msg_cache_size | server_msg_cache_slabs |
182 	server_num_queries_per_thread | server_rrset_cache_size |
183 	server_rrset_cache_slabs | server_outgoing_num_tcp |
184 	server_infra_host_ttl | server_infra_lame_ttl |
185 	server_infra_cache_slabs | server_infra_cache_numhosts |
186 	server_infra_cache_lame_size | server_target_fetch_policy |
187 	server_harden_short_bufsize | server_harden_large_queries |
188 	server_do_not_query_address | server_hide_identity |
189 	server_hide_version | server_identity | server_version |
190 	server_harden_glue | server_module_conf | server_trust_anchor_file |
191 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
192 	server_val_clean_additional | server_val_permissive_mode |
193 	server_incoming_num_tcp | server_msg_buffer_size |
194 	server_key_cache_size | server_key_cache_slabs |
195 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
196 	server_use_syslog | server_outgoing_interface | server_root_hints |
197 	server_do_not_query_localhost | server_cache_max_ttl |
198 	server_harden_dnssec_stripped | server_access_control |
199 	server_local_zone | server_local_data | server_interface_automatic |
200 	server_statistics_interval | server_do_daemonize |
201 	server_use_caps_for_id | server_statistics_cumulative |
202 	server_outgoing_port_permit | server_outgoing_port_avoid |
203 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
204 	server_harden_referral_path | server_private_address |
205 	server_private_domain | server_extended_statistics |
206 	server_local_data_ptr | server_jostle_timeout |
207 	server_unwanted_reply_threshold | server_log_time_ascii |
208 	server_domain_insecure | server_val_sig_skew_min |
209 	server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
210 	server_auto_trust_anchor_file | server_add_holddown |
211 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
212 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
213 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
214 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
215 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
216 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
217 	server_so_reuseport | server_delay_close |
218 	server_unblock_lan_zones | server_insecure_lan_zones |
219 	server_dns64_prefix | server_dns64_synthall |
220 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
221 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
222 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
223 	server_ip_ratelimit_size | server_ratelimit_size |
224 	server_ratelimit_for_domain |
225 	server_ratelimit_below_domain | server_ratelimit_factor |
226 	server_ip_ratelimit_factor | server_send_client_subnet |
227 	server_client_subnet_zone | server_client_subnet_always_forward |
228 	server_client_subnet_opcode |
229 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
230 	server_caps_whitelist | server_cache_max_negative_ttl |
231 	server_permit_small_holddown | server_qname_minimisation |
232 	server_ip_freebind | server_define_tag | server_local_zone_tag |
233 	server_disable_dnssec_lame_check | server_access_control_tag |
234 	server_local_zone_override | server_access_control_tag_action |
235 	server_access_control_tag_data | server_access_control_view |
236 	server_qname_minimisation_strict | server_serve_expired |
237 	server_fake_dsa | server_log_identity | server_use_systemd |
238 	server_response_ip_tag | server_response_ip | server_response_ip_data |
239 	server_shm_enable | server_shm_key | server_fake_sha1 |
240 	server_hide_trustanchor | server_trust_anchor_signaling |
241 	server_ipsecmod_enabled | server_ipsecmod_hook |
242 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
243 	server_ipsecmod_whitelist | server_ipsecmod_strict |
244 	server_udp_upstream_without_downstream
245 	;
246 stubstart: VAR_STUB_ZONE
247 	{
248 		struct config_stub* s;
249 		OUTYY(("\nP(stub_zone:)\n"));
250 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
251 		if(s) {
252 			s->next = cfg_parser->cfg->stubs;
253 			cfg_parser->cfg->stubs = s;
254 		} else
255 			yyerror("out of memory");
256 	}
257 	;
258 contents_stub: contents_stub content_stub
259 	| ;
260 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
261 	stub_ssl_upstream
262 	;
263 forwardstart: VAR_FORWARD_ZONE
264 	{
265 		struct config_stub* s;
266 		OUTYY(("\nP(forward_zone:)\n"));
267 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
268 		if(s) {
269 			s->next = cfg_parser->cfg->forwards;
270 			cfg_parser->cfg->forwards = s;
271 		} else
272 			yyerror("out of memory");
273 	}
274 	;
275 contents_forward: contents_forward content_forward
276 	| ;
277 content_forward: forward_name | forward_host | forward_addr | forward_first |
278 	forward_ssl_upstream
279 	;
280 viewstart: VAR_VIEW
281 	{
282 		struct config_view* s;
283 		OUTYY(("\nP(view:)\n"));
284 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
285 		if(s) {
286 			s->next = cfg_parser->cfg->views;
287 			if(s->next && !s->next->name)
288 				yyerror("view without name");
289 			cfg_parser->cfg->views = s;
290 		} else
291 			yyerror("out of memory");
292 	}
293 	;
294 contents_view: contents_view content_view
295 	| ;
296 content_view: view_name | view_local_zone | view_local_data | view_first |
297 		view_response_ip | view_response_ip_data | view_local_data_ptr
298 	;
299 server_num_threads: VAR_NUM_THREADS STRING_ARG
300 	{
301 		OUTYY(("P(server_num_threads:%s)\n", $2));
302 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
303 			yyerror("number expected");
304 		else cfg_parser->cfg->num_threads = atoi($2);
305 		free($2);
306 	}
307 	;
308 server_verbosity: VAR_VERBOSITY STRING_ARG
309 	{
310 		OUTYY(("P(server_verbosity:%s)\n", $2));
311 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
312 			yyerror("number expected");
313 		else cfg_parser->cfg->verbosity = atoi($2);
314 		free($2);
315 	}
316 	;
317 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
318 	{
319 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
320 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
321 			cfg_parser->cfg->stat_interval = 0;
322 		else if(atoi($2) == 0)
323 			yyerror("number expected");
324 		else cfg_parser->cfg->stat_interval = atoi($2);
325 		free($2);
326 	}
327 	;
328 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
329 	{
330 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
331 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
332 			yyerror("expected yes or no.");
333 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
334 		free($2);
335 	}
336 	;
337 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
338 	{
339 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
340 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
341 			yyerror("expected yes or no.");
342 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
343 		free($2);
344 	}
345 	;
346 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
347 	{
348 		OUTYY(("P(server_shm_enable:%s)\n", $2));
349 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
350 			yyerror("expected yes or no.");
351 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
352 		free($2);
353 	}
354 	;
355 server_shm_key: VAR_SHM_KEY STRING_ARG
356 	{
357 		OUTYY(("P(server_shm_key:%s)\n", $2));
358 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
359 			cfg_parser->cfg->shm_key = 0;
360 		else if(atoi($2) == 0)
361 			yyerror("number expected");
362 		else cfg_parser->cfg->shm_key = atoi($2);
363 		free($2);
364 	}
365 	;
366 server_port: VAR_PORT STRING_ARG
367 	{
368 		OUTYY(("P(server_port:%s)\n", $2));
369 		if(atoi($2) == 0)
370 			yyerror("port number expected");
371 		else cfg_parser->cfg->port = atoi($2);
372 		free($2);
373 	}
374 	;
375 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
376 	{
377 	#ifdef CLIENT_SUBNET
378 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
379 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
380 			fatal_exit("out of memory adding client-subnet");
381 	#else
382 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
383 	#endif
384 	}
385 	;
386 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
387 	{
388 	#ifdef CLIENT_SUBNET
389 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
390 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
391 			$2))
392 			fatal_exit("out of memory adding client-subnet-zone");
393 	#else
394 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
395 	#endif
396 	}
397 	;
398 server_client_subnet_always_forward:
399 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
400 	{
401 	#ifdef CLIENT_SUBNET
402 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
403 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
404 			yyerror("expected yes or no.");
405 		else
406 			cfg_parser->cfg->client_subnet_always_forward =
407 				(strcmp($2, "yes")==0);
408 	#else
409 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
410 	#endif
411 		free($2);
412 	}
413 	;
414 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
415 	{
416 	#ifdef CLIENT_SUBNET
417 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
418 		OUTYY(("P(Deprecated option, ignoring)\n"));
419 	#else
420 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
421 	#endif
422 		free($2);
423 	}
424 	;
425 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
426 	{
427 	#ifdef CLIENT_SUBNET
428 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
429 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
430 			yyerror("IPv4 subnet length expected");
431 		else if (atoi($2) > 32)
432 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
433 		else if (atoi($2) < 0)
434 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
435 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
436 	#else
437 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
438 	#endif
439 		free($2);
440 	}
441 	;
442 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
443 	{
444 	#ifdef CLIENT_SUBNET
445 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
446 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
447 			yyerror("Ipv6 subnet length expected");
448 		else if (atoi($2) > 128)
449 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
450 		else if (atoi($2) < 0)
451 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
452 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
453 	#else
454 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
455 	#endif
456 		free($2);
457 	}
458 	;
459 server_interface: VAR_INTERFACE STRING_ARG
460 	{
461 		OUTYY(("P(server_interface:%s)\n", $2));
462 		if(cfg_parser->cfg->num_ifs == 0)
463 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
464 		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
465 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
466 		if(!cfg_parser->cfg->ifs)
467 			yyerror("out of memory");
468 		else
469 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
470 	}
471 	;
472 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
473 	{
474 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
475 		if(cfg_parser->cfg->num_out_ifs == 0)
476 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
477 		else 	cfg_parser->cfg->out_ifs = realloc(
478 			cfg_parser->cfg->out_ifs,
479 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
480 		if(!cfg_parser->cfg->out_ifs)
481 			yyerror("out of memory");
482 		else
483 			cfg_parser->cfg->out_ifs[
484 				cfg_parser->cfg->num_out_ifs++] = $2;
485 	}
486 	;
487 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
488 	{
489 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
490 		if(atoi($2) == 0)
491 			yyerror("number expected");
492 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
493 		free($2);
494 	}
495 	;
496 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
497 	{
498 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
499 		if(!cfg_mark_ports($2, 1,
500 			cfg_parser->cfg->outgoing_avail_ports, 65536))
501 			yyerror("port number or range (\"low-high\") expected");
502 		free($2);
503 	}
504 	;
505 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
506 	{
507 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
508 		if(!cfg_mark_ports($2, 0,
509 			cfg_parser->cfg->outgoing_avail_ports, 65536))
510 			yyerror("port number or range (\"low-high\") expected");
511 		free($2);
512 	}
513 	;
514 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
515 	{
516 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
517 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
518 			yyerror("number expected");
519 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
520 		free($2);
521 	}
522 	;
523 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
524 	{
525 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
526 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
527 			yyerror("number expected");
528 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
529 		free($2);
530 	}
531 	;
532 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
533 	{
534 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
535 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
536 			yyerror("expected yes or no.");
537 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
538 		free($2);
539 	}
540 	;
541 server_do_ip4: VAR_DO_IP4 STRING_ARG
542 	{
543 		OUTYY(("P(server_do_ip4:%s)\n", $2));
544 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
545 			yyerror("expected yes or no.");
546 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
547 		free($2);
548 	}
549 	;
550 server_do_ip6: VAR_DO_IP6 STRING_ARG
551 	{
552 		OUTYY(("P(server_do_ip6:%s)\n", $2));
553 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
554 			yyerror("expected yes or no.");
555 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
556 		free($2);
557 	}
558 	;
559 server_do_udp: VAR_DO_UDP STRING_ARG
560 	{
561 		OUTYY(("P(server_do_udp:%s)\n", $2));
562 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
563 			yyerror("expected yes or no.");
564 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
565 		free($2);
566 	}
567 	;
568 server_do_tcp: VAR_DO_TCP STRING_ARG
569 	{
570 		OUTYY(("P(server_do_tcp:%s)\n", $2));
571 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
572 			yyerror("expected yes or no.");
573 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
574 		free($2);
575 	}
576 	;
577 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
578 	{
579 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
580 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
581 			yyerror("expected yes or no.");
582 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
583 		free($2);
584 	}
585 	;
586 server_tcp_mss: VAR_TCP_MSS STRING_ARG
587 	{
588 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
589                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
590                         yyerror("number expected");
591                 else cfg_parser->cfg->tcp_mss = atoi($2);
592                 free($2);
593 	}
594 	;
595 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
596 	{
597 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
598 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
599 			yyerror("number expected");
600 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
601 		free($2);
602 	}
603 	;
604 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
605 	{
606 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
607 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
608 			yyerror("expected yes or no.");
609 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
610 		free($2);
611 	}
612 	;
613 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
614 	{
615 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
616 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
617 			yyerror("expected yes or no.");
618 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
619 		free($2);
620 	}
621 	;
622 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
623 	{
624 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
625 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
626 			yyerror("expected yes or no.");
627 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
628 		free($2);
629 	}
630 	;
631 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
632 	{
633 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
634 		free(cfg_parser->cfg->ssl_service_key);
635 		cfg_parser->cfg->ssl_service_key = $2;
636 	}
637 	;
638 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
639 	{
640 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
641 		free(cfg_parser->cfg->ssl_service_pem);
642 		cfg_parser->cfg->ssl_service_pem = $2;
643 	}
644 	;
645 server_ssl_port: VAR_SSL_PORT STRING_ARG
646 	{
647 		OUTYY(("P(server_ssl_port:%s)\n", $2));
648 		if(atoi($2) == 0)
649 			yyerror("port number expected");
650 		else cfg_parser->cfg->ssl_port = atoi($2);
651 		free($2);
652 	}
653 	;
654 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
655 	{
656 		OUTYY(("P(server_use_systemd:%s)\n", $2));
657 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
658 			yyerror("expected yes or no.");
659 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
660 		free($2);
661 	}
662 	;
663 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
664 	{
665 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
666 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
667 			yyerror("expected yes or no.");
668 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
669 		free($2);
670 	}
671 	;
672 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
673 	{
674 		OUTYY(("P(server_use_syslog:%s)\n", $2));
675 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
676 			yyerror("expected yes or no.");
677 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
678 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
679 		if(strcmp($2, "yes") == 0)
680 			yyerror("no syslog services are available. "
681 				"(reconfigure and compile to add)");
682 #endif
683 		free($2);
684 	}
685 	;
686 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
687 	{
688 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
689 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
690 			yyerror("expected yes or no.");
691 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
692 		free($2);
693 	}
694 	;
695 server_log_queries: VAR_LOG_QUERIES STRING_ARG
696 	{
697 		OUTYY(("P(server_log_queries:%s)\n", $2));
698 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
699 			yyerror("expected yes or no.");
700 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
701 		free($2);
702 	}
703 	;
704 server_log_replies: VAR_LOG_REPLIES STRING_ARG
705   {
706   	OUTYY(("P(server_log_replies:%s)\n", $2));
707   	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
708   		yyerror("expected yes or no.");
709   	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
710   	free($2);
711   }
712   ;
713 server_chroot: VAR_CHROOT STRING_ARG
714 	{
715 		OUTYY(("P(server_chroot:%s)\n", $2));
716 		free(cfg_parser->cfg->chrootdir);
717 		cfg_parser->cfg->chrootdir = $2;
718 	}
719 	;
720 server_username: VAR_USERNAME STRING_ARG
721 	{
722 		OUTYY(("P(server_username:%s)\n", $2));
723 		free(cfg_parser->cfg->username);
724 		cfg_parser->cfg->username = $2;
725 	}
726 	;
727 server_directory: VAR_DIRECTORY STRING_ARG
728 	{
729 		OUTYY(("P(server_directory:%s)\n", $2));
730 		free(cfg_parser->cfg->directory);
731 		cfg_parser->cfg->directory = $2;
732 		/* change there right away for includes relative to this */
733 		if($2[0]) {
734 			char* d;
735 #ifdef UB_ON_WINDOWS
736 			w_config_adjust_directory(cfg_parser->cfg);
737 #endif
738 			d = cfg_parser->cfg->directory;
739 			/* adjust directory if we have already chroot,
740 			 * like, we reread after sighup */
741 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
742 				strncmp(d, cfg_parser->chroot, strlen(
743 				cfg_parser->chroot)) == 0)
744 				d += strlen(cfg_parser->chroot);
745 			if(d[0]) {
746 			    if(chdir(d))
747 				log_err("cannot chdir to directory: %s (%s)",
748 					d, strerror(errno));
749 			}
750 		}
751 	}
752 	;
753 server_logfile: VAR_LOGFILE STRING_ARG
754 	{
755 		OUTYY(("P(server_logfile:%s)\n", $2));
756 		free(cfg_parser->cfg->logfile);
757 		cfg_parser->cfg->logfile = $2;
758 		cfg_parser->cfg->use_syslog = 0;
759 	}
760 	;
761 server_pidfile: VAR_PIDFILE STRING_ARG
762 	{
763 		OUTYY(("P(server_pidfile:%s)\n", $2));
764 		free(cfg_parser->cfg->pidfile);
765 		cfg_parser->cfg->pidfile = $2;
766 	}
767 	;
768 server_root_hints: VAR_ROOT_HINTS STRING_ARG
769 	{
770 		OUTYY(("P(server_root_hints:%s)\n", $2));
771 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
772 			yyerror("out of memory");
773 	}
774 	;
775 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
776 	{
777 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
778 		free(cfg_parser->cfg->dlv_anchor_file);
779 		cfg_parser->cfg->dlv_anchor_file = $2;
780 	}
781 	;
782 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
783 	{
784 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
785 		if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
786 			yyerror("out of memory");
787 	}
788 	;
789 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
790 	{
791 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
792 		if(!cfg_strlist_insert(&cfg_parser->cfg->
793 			auto_trust_anchor_file_list, $2))
794 			yyerror("out of memory");
795 	}
796 	;
797 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
798 	{
799 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
800 		if(!cfg_strlist_insert(&cfg_parser->cfg->
801 			trust_anchor_file_list, $2))
802 			yyerror("out of memory");
803 	}
804 	;
805 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
806 	{
807 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
808 		if(!cfg_strlist_insert(&cfg_parser->cfg->
809 			trusted_keys_file_list, $2))
810 			yyerror("out of memory");
811 	}
812 	;
813 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
814 	{
815 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
816 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
817 			yyerror("out of memory");
818 	}
819 	;
820 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
821 	{
822 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
823 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
824 			yyerror("expected yes or no.");
825 		else
826 			cfg_parser->cfg->trust_anchor_signaling =
827 				(strcmp($2, "yes")==0);
828 		free($2);
829 	}
830 	;
831 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
832 	{
833 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
834 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
835 			yyerror("out of memory");
836 	}
837 	;
838 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
839 	{
840 		OUTYY(("P(server_hide_identity:%s)\n", $2));
841 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
842 			yyerror("expected yes or no.");
843 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
844 		free($2);
845 	}
846 	;
847 server_hide_version: VAR_HIDE_VERSION STRING_ARG
848 	{
849 		OUTYY(("P(server_hide_version:%s)\n", $2));
850 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
851 			yyerror("expected yes or no.");
852 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
853 		free($2);
854 	}
855 	;
856 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
857 	{
858 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
859 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
860 			yyerror("expected yes or no.");
861 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
862 		free($2);
863 	}
864 	;
865 server_identity: VAR_IDENTITY STRING_ARG
866 	{
867 		OUTYY(("P(server_identity:%s)\n", $2));
868 		free(cfg_parser->cfg->identity);
869 		cfg_parser->cfg->identity = $2;
870 	}
871 	;
872 server_version: VAR_VERSION STRING_ARG
873 	{
874 		OUTYY(("P(server_version:%s)\n", $2));
875 		free(cfg_parser->cfg->version);
876 		cfg_parser->cfg->version = $2;
877 	}
878 	;
879 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
880 	{
881 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
882 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
883 			yyerror("buffer size expected");
884 		free($2);
885 	}
886 	;
887 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
888 	{
889 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
890 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
891 			yyerror("buffer size expected");
892 		free($2);
893 	}
894 	;
895 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
896     {
897         OUTYY(("P(server_so_reuseport:%s)\n", $2));
898         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
899             yyerror("expected yes or no.");
900         else cfg_parser->cfg->so_reuseport =
901             (strcmp($2, "yes")==0);
902         free($2);
903     }
904     ;
905 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
906     {
907         OUTYY(("P(server_ip_transparent:%s)\n", $2));
908         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
909             yyerror("expected yes or no.");
910         else cfg_parser->cfg->ip_transparent =
911             (strcmp($2, "yes")==0);
912         free($2);
913     }
914     ;
915 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
916     {
917         OUTYY(("P(server_ip_freebind:%s)\n", $2));
918         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
919             yyerror("expected yes or no.");
920         else cfg_parser->cfg->ip_freebind =
921             (strcmp($2, "yes")==0);
922         free($2);
923     }
924     ;
925 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
926 	{
927 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
928 		if(atoi($2) == 0)
929 			yyerror("number expected");
930 		else if (atoi($2) < 12)
931 			yyerror("edns buffer size too small");
932 		else if (atoi($2) > 65535)
933 			cfg_parser->cfg->edns_buffer_size = 65535;
934 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
935 		free($2);
936 	}
937 	;
938 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
939 	{
940 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
941 		if(atoi($2) == 0)
942 			yyerror("number expected");
943 		else if (atoi($2) < 4096)
944 			yyerror("message buffer size too small (use 4096)");
945 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
946 		free($2);
947 	}
948 	;
949 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
950 	{
951 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
952 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
953 			yyerror("memory size expected");
954 		free($2);
955 	}
956 	;
957 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
958 	{
959 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
960 		if(atoi($2) == 0)
961 			yyerror("number expected");
962 		else {
963 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
964 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
965 				yyerror("must be a power of 2");
966 		}
967 		free($2);
968 	}
969 	;
970 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
971 	{
972 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
973 		if(atoi($2) == 0)
974 			yyerror("number expected");
975 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
976 		free($2);
977 	}
978 	;
979 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
980 	{
981 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
982 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
983 			yyerror("number expected");
984 		else cfg_parser->cfg->jostle_time = atoi($2);
985 		free($2);
986 	}
987 	;
988 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
989 	{
990 		OUTYY(("P(server_delay_close:%s)\n", $2));
991 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
992 			yyerror("number expected");
993 		else cfg_parser->cfg->delay_close = atoi($2);
994 		free($2);
995 	}
996 	;
997 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
998 	{
999 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1000 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1001 			yyerror("expected yes or no.");
1002 		else cfg_parser->cfg->unblock_lan_zones =
1003 			(strcmp($2, "yes")==0);
1004 		free($2);
1005 	}
1006 	;
1007 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1008 	{
1009 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1010 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1011 			yyerror("expected yes or no.");
1012 		else cfg_parser->cfg->insecure_lan_zones =
1013 			(strcmp($2, "yes")==0);
1014 		free($2);
1015 	}
1016 	;
1017 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1018 	{
1019 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1020 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1021 			yyerror("memory size expected");
1022 		free($2);
1023 	}
1024 	;
1025 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1026 	{
1027 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1028 		if(atoi($2) == 0)
1029 			yyerror("number expected");
1030 		else {
1031 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1032 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1033 				yyerror("must be a power of 2");
1034 		}
1035 		free($2);
1036 	}
1037 	;
1038 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1039 	{
1040 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1041 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1042 			yyerror("number expected");
1043 		else cfg_parser->cfg->host_ttl = atoi($2);
1044 		free($2);
1045 	}
1046 	;
1047 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1048 	{
1049 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1050 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1051 			"removed, use infra-host-ttl)", $2);
1052 		free($2);
1053 	}
1054 	;
1055 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1056 	{
1057 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1058 		if(atoi($2) == 0)
1059 			yyerror("number expected");
1060 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1061 		free($2);
1062 	}
1063 	;
1064 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1065 	{
1066 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1067 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1068 			"(option removed, use infra-cache-numhosts)", $2);
1069 		free($2);
1070 	}
1071 	;
1072 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1073 	{
1074 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1075 		if(atoi($2) == 0)
1076 			yyerror("number expected");
1077 		else {
1078 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1079 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1080 				yyerror("must be a power of 2");
1081 		}
1082 		free($2);
1083 	}
1084 	;
1085 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1086 	{
1087 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1088 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1089 			yyerror("number expected");
1090 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1091 		free($2);
1092 	}
1093 	;
1094 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1095 	{
1096 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1097 		free(cfg_parser->cfg->target_fetch_policy);
1098 		cfg_parser->cfg->target_fetch_policy = $2;
1099 	}
1100 	;
1101 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1102 	{
1103 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1104 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1105 			yyerror("expected yes or no.");
1106 		else cfg_parser->cfg->harden_short_bufsize =
1107 			(strcmp($2, "yes")==0);
1108 		free($2);
1109 	}
1110 	;
1111 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1112 	{
1113 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1114 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1115 			yyerror("expected yes or no.");
1116 		else cfg_parser->cfg->harden_large_queries =
1117 			(strcmp($2, "yes")==0);
1118 		free($2);
1119 	}
1120 	;
1121 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1122 	{
1123 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1124 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1125 			yyerror("expected yes or no.");
1126 		else cfg_parser->cfg->harden_glue =
1127 			(strcmp($2, "yes")==0);
1128 		free($2);
1129 	}
1130 	;
1131 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1132 	{
1133 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1134 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1135 			yyerror("expected yes or no.");
1136 		else cfg_parser->cfg->harden_dnssec_stripped =
1137 			(strcmp($2, "yes")==0);
1138 		free($2);
1139 	}
1140 	;
1141 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1142 	{
1143 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1144 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1145 			yyerror("expected yes or no.");
1146 		else cfg_parser->cfg->harden_below_nxdomain =
1147 			(strcmp($2, "yes")==0);
1148 		free($2);
1149 	}
1150 	;
1151 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1152 	{
1153 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1154 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1155 			yyerror("expected yes or no.");
1156 		else cfg_parser->cfg->harden_referral_path =
1157 			(strcmp($2, "yes")==0);
1158 		free($2);
1159 	}
1160 	;
1161 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1162 	{
1163 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1164 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1165 			yyerror("expected yes or no.");
1166 		else cfg_parser->cfg->harden_algo_downgrade =
1167 			(strcmp($2, "yes")==0);
1168 		free($2);
1169 	}
1170 	;
1171 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1172 	{
1173 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1174 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1175 			yyerror("expected yes or no.");
1176 		else cfg_parser->cfg->use_caps_bits_for_id =
1177 			(strcmp($2, "yes")==0);
1178 		free($2);
1179 	}
1180 	;
1181 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1182 	{
1183 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1184 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1185 			yyerror("out of memory");
1186 	}
1187 	;
1188 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1189 	{
1190 		OUTYY(("P(server_private_address:%s)\n", $2));
1191 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1192 			yyerror("out of memory");
1193 	}
1194 	;
1195 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1196 	{
1197 		OUTYY(("P(server_private_domain:%s)\n", $2));
1198 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1199 			yyerror("out of memory");
1200 	}
1201 	;
1202 server_prefetch: VAR_PREFETCH STRING_ARG
1203 	{
1204 		OUTYY(("P(server_prefetch:%s)\n", $2));
1205 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1206 			yyerror("expected yes or no.");
1207 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1208 		free($2);
1209 	}
1210 	;
1211 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1212 	{
1213 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1214 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1215 			yyerror("expected yes or no.");
1216 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1217 		free($2);
1218 	}
1219 	;
1220 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1221 	{
1222 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1223 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1224 			yyerror("number expected");
1225 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1226 		free($2);
1227 	}
1228 	;
1229 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1230 	{
1231 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1232 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1233 			yyerror("out of memory");
1234 	}
1235 	;
1236 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1237 	{
1238 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1239 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1240 			yyerror("expected yes or no.");
1241 		else cfg_parser->cfg->donotquery_localhost =
1242 			(strcmp($2, "yes")==0);
1243 		free($2);
1244 	}
1245 	;
1246 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1247 	{
1248 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1249 		if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1250 			strcmp($3, "deny_non_local")!=0 &&
1251 			strcmp($3, "refuse_non_local")!=0 &&
1252 			strcmp($3, "allow")!=0 &&
1253 			strcmp($3, "allow_snoop")!=0) {
1254 			yyerror("expected deny, refuse, deny_non_local, "
1255 				"refuse_non_local, allow or allow_snoop "
1256 				"in access control action");
1257 		} else {
1258 			if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1259 				fatal_exit("out of memory adding acl");
1260 		}
1261 	}
1262 	;
1263 server_module_conf: VAR_MODULE_CONF STRING_ARG
1264 	{
1265 		OUTYY(("P(server_module_conf:%s)\n", $2));
1266 		free(cfg_parser->cfg->module_conf);
1267 		cfg_parser->cfg->module_conf = $2;
1268 	}
1269 	;
1270 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1271 	{
1272 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1273 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1274 			cfg_parser->cfg->val_date_override = 0;
1275 		} else if(strlen($2) == 14) {
1276 			cfg_parser->cfg->val_date_override =
1277 				cfg_convert_timeval($2);
1278 			if(!cfg_parser->cfg->val_date_override)
1279 				yyerror("bad date/time specification");
1280 		} else {
1281 			if(atoi($2) == 0)
1282 				yyerror("number expected");
1283 			cfg_parser->cfg->val_date_override = atoi($2);
1284 		}
1285 		free($2);
1286 	}
1287 	;
1288 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1289 	{
1290 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1291 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1292 			cfg_parser->cfg->val_sig_skew_min = 0;
1293 		} else {
1294 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1295 			if(!cfg_parser->cfg->val_sig_skew_min)
1296 				yyerror("number expected");
1297 		}
1298 		free($2);
1299 	}
1300 	;
1301 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1302 	{
1303 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1304 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1305 			cfg_parser->cfg->val_sig_skew_max = 0;
1306 		} else {
1307 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1308 			if(!cfg_parser->cfg->val_sig_skew_max)
1309 				yyerror("number expected");
1310 		}
1311 		free($2);
1312 	}
1313 	;
1314 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1315 	{
1316 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1317 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1318 			yyerror("number expected");
1319 		else cfg_parser->cfg->max_ttl = atoi($2);
1320 		free($2);
1321 	}
1322 	;
1323 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1324 	{
1325 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1326 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1327 			yyerror("number expected");
1328 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
1329 		free($2);
1330 	}
1331 	;
1332 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1333 	{
1334 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1335 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1336 			yyerror("number expected");
1337 		else cfg_parser->cfg->min_ttl = atoi($2);
1338 		free($2);
1339 	}
1340 	;
1341 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1342 	{
1343 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1344 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1345 			yyerror("number expected");
1346 		else cfg_parser->cfg->bogus_ttl = atoi($2);
1347 		free($2);
1348 	}
1349 	;
1350 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1351 	{
1352 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1353 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1354 			yyerror("expected yes or no.");
1355 		else cfg_parser->cfg->val_clean_additional =
1356 			(strcmp($2, "yes")==0);
1357 		free($2);
1358 	}
1359 	;
1360 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1361 	{
1362 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1363 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1364 			yyerror("expected yes or no.");
1365 		else cfg_parser->cfg->val_permissive_mode =
1366 			(strcmp($2, "yes")==0);
1367 		free($2);
1368 	}
1369 	;
1370 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1371 	{
1372 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1373 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1374 			yyerror("expected yes or no.");
1375 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1376 		free($2);
1377 	}
1378 	;
1379 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1380 	{
1381 		OUTYY(("P(server_serve_expired:%s)\n", $2));
1382 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1383 			yyerror("expected yes or no.");
1384 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1385 		free($2);
1386 	}
1387 	;
1388 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1389 	{
1390 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
1391 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1392 			yyerror("expected yes or no.");
1393 #ifdef HAVE_SSL
1394 		else fake_dsa = (strcmp($2, "yes")==0);
1395 		if(fake_dsa)
1396 			log_warn("test option fake_dsa is enabled");
1397 #endif
1398 		free($2);
1399 	}
1400 	;
1401 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1402 	{
1403 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
1404 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1405 			yyerror("expected yes or no.");
1406 #ifdef HAVE_SSL
1407 		else fake_sha1 = (strcmp($2, "yes")==0);
1408 		if(fake_sha1)
1409 			log_warn("test option fake_sha1 is enabled");
1410 #endif
1411 		free($2);
1412 	}
1413 	;
1414 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1415 	{
1416 		OUTYY(("P(server_val_log_level:%s)\n", $2));
1417 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1418 			yyerror("number expected");
1419 		else cfg_parser->cfg->val_log_level = atoi($2);
1420 		free($2);
1421 	}
1422 	;
1423 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1424 	{
1425 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1426 		free(cfg_parser->cfg->val_nsec3_key_iterations);
1427 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
1428 	}
1429 	;
1430 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1431 	{
1432 		OUTYY(("P(server_add_holddown:%s)\n", $2));
1433 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1434 			yyerror("number expected");
1435 		else cfg_parser->cfg->add_holddown = atoi($2);
1436 		free($2);
1437 	}
1438 	;
1439 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1440 	{
1441 		OUTYY(("P(server_del_holddown:%s)\n", $2));
1442 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1443 			yyerror("number expected");
1444 		else cfg_parser->cfg->del_holddown = atoi($2);
1445 		free($2);
1446 	}
1447 	;
1448 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1449 	{
1450 		OUTYY(("P(server_keep_missing:%s)\n", $2));
1451 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1452 			yyerror("number expected");
1453 		else cfg_parser->cfg->keep_missing = atoi($2);
1454 		free($2);
1455 	}
1456 	;
1457 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1458 	{
1459 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1460 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1461 			yyerror("expected yes or no.");
1462 		else cfg_parser->cfg->permit_small_holddown =
1463 			(strcmp($2, "yes")==0);
1464 		free($2);
1465 	}
1466 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1467 	{
1468 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
1469 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1470 			yyerror("memory size expected");
1471 		free($2);
1472 	}
1473 	;
1474 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1475 	{
1476 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1477 		if(atoi($2) == 0)
1478 			yyerror("number expected");
1479 		else {
1480 			cfg_parser->cfg->key_cache_slabs = atoi($2);
1481 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1482 				yyerror("must be a power of 2");
1483 		}
1484 		free($2);
1485 	}
1486 	;
1487 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1488 	{
1489 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1490 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1491 			yyerror("memory size expected");
1492 		free($2);
1493 	}
1494 	;
1495 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1496 	{
1497 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1498 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1499 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1500 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1501 		   && strcmp($3, "typetransparent")!=0
1502 		   && strcmp($3, "always_transparent")!=0
1503 		   && strcmp($3, "always_refuse")!=0
1504 		   && strcmp($3, "always_nxdomain")!=0
1505 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
1506 			yyerror("local-zone type: expected static, deny, "
1507 				"refuse, redirect, transparent, "
1508 				"typetransparent, inform, inform_deny, "
1509 				"always_transparent, always_refuse, "
1510 				"always_nxdomain or nodefault");
1511 		else if(strcmp($3, "nodefault")==0) {
1512 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1513 				local_zones_nodefault, $2))
1514 				fatal_exit("out of memory adding local-zone");
1515 			free($3);
1516 		} else {
1517 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1518 				$2, $3))
1519 				fatal_exit("out of memory adding local-zone");
1520 		}
1521 	}
1522 	;
1523 server_local_data: VAR_LOCAL_DATA STRING_ARG
1524 	{
1525 		OUTYY(("P(server_local_data:%s)\n", $2));
1526 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1527 			fatal_exit("out of memory adding local-data");
1528 	}
1529 	;
1530 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1531 	{
1532 		char* ptr;
1533 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1534 		ptr = cfg_ptr_reverse($2);
1535 		free($2);
1536 		if(ptr) {
1537 			if(!cfg_strlist_insert(&cfg_parser->cfg->
1538 				local_data, ptr))
1539 				fatal_exit("out of memory adding local-data");
1540 		} else {
1541 			yyerror("local-data-ptr could not be reversed");
1542 		}
1543 	}
1544 	;
1545 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1546 	{
1547 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
1548 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1549 			yyerror("expected yes or no.");
1550 		else cfg_parser->cfg->minimal_responses =
1551 			(strcmp($2, "yes")==0);
1552 		free($2);
1553 	}
1554 	;
1555 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1556 	{
1557 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1558 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1559 			yyerror("expected yes or no.");
1560 		else cfg_parser->cfg->rrset_roundrobin =
1561 			(strcmp($2, "yes")==0);
1562 		free($2);
1563 	}
1564 	;
1565 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1566 	{
1567 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
1568 		cfg_parser->cfg->max_udp_size = atoi($2);
1569 		free($2);
1570 	}
1571 	;
1572 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1573 	{
1574 		OUTYY(("P(dns64_prefix:%s)\n", $2));
1575 		free(cfg_parser->cfg->dns64_prefix);
1576 		cfg_parser->cfg->dns64_prefix = $2;
1577 	}
1578 	;
1579 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1580 	{
1581 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1582 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1583 			yyerror("expected yes or no.");
1584 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1585 		free($2);
1586 	}
1587 	;
1588 server_define_tag: VAR_DEFINE_TAG STRING_ARG
1589 	{
1590 		char* p, *s = $2;
1591 		OUTYY(("P(server_define_tag:%s)\n", $2));
1592 		while((p=strsep(&s, " \t\n")) != NULL) {
1593 			if(*p) {
1594 				if(!config_add_tag(cfg_parser->cfg, p))
1595 					yyerror("could not define-tag, "
1596 						"out of memory");
1597 			}
1598 		}
1599 		free($2);
1600 	}
1601 	;
1602 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
1603 	{
1604 		size_t len = 0;
1605 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1606 			&len);
1607 		free($3);
1608 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
1609 		if(!bitlist)
1610 			yyerror("could not parse tags, (define-tag them first)");
1611 		if(bitlist) {
1612 			if(!cfg_strbytelist_insert(
1613 				&cfg_parser->cfg->local_zone_tags,
1614 				$2, bitlist, len)) {
1615 				yyerror("out of memory");
1616 				free($2);
1617 			}
1618 		}
1619 	}
1620 	;
1621 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
1622 	{
1623 		size_t len = 0;
1624 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1625 			&len);
1626 		free($3);
1627 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
1628 		if(!bitlist)
1629 			yyerror("could not parse tags, (define-tag them first)");
1630 		if(bitlist) {
1631 			if(!cfg_strbytelist_insert(
1632 				&cfg_parser->cfg->acl_tags,
1633 				$2, bitlist, len)) {
1634 				yyerror("out of memory");
1635 				free($2);
1636 			}
1637 		}
1638 	}
1639 	;
1640 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
1641 	{
1642 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
1643 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
1644 			$2, $3, $4)) {
1645 			yyerror("out of memory");
1646 			free($2);
1647 			free($3);
1648 			free($4);
1649 		}
1650 	}
1651 	;
1652 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
1653 	{
1654 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
1655 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
1656 			$2, $3, $4)) {
1657 			yyerror("out of memory");
1658 			free($2);
1659 			free($3);
1660 			free($4);
1661 		}
1662 	}
1663 	;
1664 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
1665 	{
1666 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
1667 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
1668 			$2, $3, $4)) {
1669 			yyerror("out of memory");
1670 			free($2);
1671 			free($3);
1672 			free($4);
1673 		}
1674 	}
1675 	;
1676 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
1677 	{
1678 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
1679 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
1680 			$2, $3)) {
1681 			yyerror("out of memory");
1682 			free($2);
1683 			free($3);
1684 		}
1685 	}
1686 	;
1687 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
1688 	{
1689 		size_t len = 0;
1690 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1691 			&len);
1692 		free($3);
1693 		OUTYY(("P(response_ip_tag:%s)\n", $2));
1694 		if(!bitlist)
1695 			yyerror("could not parse tags, (define-tag them first)");
1696 		if(bitlist) {
1697 			if(!cfg_strbytelist_insert(
1698 				&cfg_parser->cfg->respip_tags,
1699 				$2, bitlist, len)) {
1700 				yyerror("out of memory");
1701 				free($2);
1702 			}
1703 		}
1704 	}
1705 	;
1706 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
1707 	{
1708 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
1709 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1710 			yyerror("number expected");
1711 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
1712 		free($2);
1713 	}
1714 	;
1715 
1716 server_ratelimit: VAR_RATELIMIT STRING_ARG
1717 	{
1718 		OUTYY(("P(server_ratelimit:%s)\n", $2));
1719 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1720 			yyerror("number expected");
1721 		else cfg_parser->cfg->ratelimit = atoi($2);
1722 		free($2);
1723 	}
1724 	;
1725 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
1726   {
1727   	OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
1728   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
1729   		yyerror("memory size expected");
1730   	free($2);
1731   }
1732   ;
1733 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
1734 	{
1735 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
1736 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
1737 			yyerror("memory size expected");
1738 		free($2);
1739 	}
1740 	;
1741 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
1742   {
1743   	OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
1744   	if(atoi($2) == 0)
1745   		yyerror("number expected");
1746   	else {
1747   		cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
1748   		if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
1749   			yyerror("must be a power of 2");
1750   	}
1751   	free($2);
1752   }
1753   ;
1754 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
1755 	{
1756 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
1757 		if(atoi($2) == 0)
1758 			yyerror("number expected");
1759 		else {
1760 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
1761 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
1762 				yyerror("must be a power of 2");
1763 		}
1764 		free($2);
1765 	}
1766 	;
1767 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
1768 	{
1769 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
1770 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1771 			yyerror("number expected");
1772 		} else {
1773 			if(!cfg_str2list_insert(&cfg_parser->cfg->
1774 				ratelimit_for_domain, $2, $3))
1775 				fatal_exit("out of memory adding "
1776 					"ratelimit-for-domain");
1777 		}
1778 	}
1779 	;
1780 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
1781 	{
1782 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
1783 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1784 			yyerror("number expected");
1785 		} else {
1786 			if(!cfg_str2list_insert(&cfg_parser->cfg->
1787 				ratelimit_below_domain, $2, $3))
1788 				fatal_exit("out of memory adding "
1789 					"ratelimit-below-domain");
1790 		}
1791 	}
1792 	;
1793 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
1794   {
1795   	OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
1796   	if(atoi($2) == 0 && strcmp($2, "0") != 0)
1797   		yyerror("number expected");
1798   	else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
1799   	free($2);
1800 	}
1801 	;
1802 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
1803 	{
1804 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
1805 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1806 			yyerror("number expected");
1807 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
1808 		free($2);
1809 	}
1810 	;
1811 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
1812 	{
1813 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
1814 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1815 			yyerror("expected yes or no.");
1816 		else cfg_parser->cfg->qname_minimisation =
1817 			(strcmp($2, "yes")==0);
1818 		free($2);
1819 	}
1820 	;
1821 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
1822 	{
1823 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
1824 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1825 			yyerror("expected yes or no.");
1826 		else cfg_parser->cfg->qname_minimisation_strict =
1827 			(strcmp($2, "yes")==0);
1828 		free($2);
1829 	}
1830 	;
1831 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
1832 	{
1833 	#ifdef USE_IPSECMOD
1834 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
1835 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1836 			yyerror("expected yes or no.");
1837 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
1838 		free($2);
1839 	#else
1840 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1841 	#endif
1842 	}
1843 	;
1844 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
1845 	{
1846 	#ifdef USE_IPSECMOD
1847 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
1848 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1849 			yyerror("expected yes or no.");
1850 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
1851 		free($2);
1852 	#else
1853 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1854 	#endif
1855 	}
1856 	;
1857 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
1858 	{
1859 	#ifdef USE_IPSECMOD
1860 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
1861 		free(cfg_parser->cfg->ipsecmod_hook);
1862 		cfg_parser->cfg->ipsecmod_hook = $2;
1863 	#else
1864 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1865 	#endif
1866 	}
1867 	;
1868 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
1869 	{
1870 	#ifdef USE_IPSECMOD
1871 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
1872 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1873 			yyerror("number expected");
1874 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
1875 		free($2);
1876 	#else
1877 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1878 	#endif
1879 	}
1880 	;
1881 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
1882 	{
1883 	#ifdef USE_IPSECMOD
1884 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
1885 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
1886 			yyerror("out of memory");
1887 	#else
1888 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1889 	#endif
1890 	}
1891 	;
1892 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
1893 	{
1894 	#ifdef USE_IPSECMOD
1895 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
1896 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1897 			yyerror("expected yes or no.");
1898 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
1899 		free($2);
1900 	#else
1901 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1902 	#endif
1903 	}
1904 	;
1905 stub_name: VAR_NAME STRING_ARG
1906 	{
1907 		OUTYY(("P(name:%s)\n", $2));
1908 		if(cfg_parser->cfg->stubs->name)
1909 			yyerror("stub name override, there must be one name "
1910 				"for one stub-zone");
1911 		free(cfg_parser->cfg->stubs->name);
1912 		cfg_parser->cfg->stubs->name = $2;
1913 	}
1914 	;
1915 stub_host: VAR_STUB_HOST STRING_ARG
1916 	{
1917 		OUTYY(("P(stub-host:%s)\n", $2));
1918 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
1919 			yyerror("out of memory");
1920 	}
1921 	;
1922 stub_addr: VAR_STUB_ADDR STRING_ARG
1923 	{
1924 		OUTYY(("P(stub-addr:%s)\n", $2));
1925 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
1926 			yyerror("out of memory");
1927 	}
1928 	;
1929 stub_first: VAR_STUB_FIRST STRING_ARG
1930 	{
1931 		OUTYY(("P(stub-first:%s)\n", $2));
1932 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1933 			yyerror("expected yes or no.");
1934 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
1935 		free($2);
1936 	}
1937 	;
1938 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
1939 	{
1940 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
1941 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1942 			yyerror("expected yes or no.");
1943 		else cfg_parser->cfg->stubs->ssl_upstream =
1944 			(strcmp($2, "yes")==0);
1945 		free($2);
1946 	}
1947 	;
1948 stub_prime: VAR_STUB_PRIME STRING_ARG
1949 	{
1950 		OUTYY(("P(stub-prime:%s)\n", $2));
1951 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1952 			yyerror("expected yes or no.");
1953 		else cfg_parser->cfg->stubs->isprime =
1954 			(strcmp($2, "yes")==0);
1955 		free($2);
1956 	}
1957 	;
1958 forward_name: VAR_NAME STRING_ARG
1959 	{
1960 		OUTYY(("P(name:%s)\n", $2));
1961 		if(cfg_parser->cfg->forwards->name)
1962 			yyerror("forward name override, there must be one "
1963 				"name for one forward-zone");
1964 		free(cfg_parser->cfg->forwards->name);
1965 		cfg_parser->cfg->forwards->name = $2;
1966 	}
1967 	;
1968 forward_host: VAR_FORWARD_HOST STRING_ARG
1969 	{
1970 		OUTYY(("P(forward-host:%s)\n", $2));
1971 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
1972 			yyerror("out of memory");
1973 	}
1974 	;
1975 forward_addr: VAR_FORWARD_ADDR STRING_ARG
1976 	{
1977 		OUTYY(("P(forward-addr:%s)\n", $2));
1978 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
1979 			yyerror("out of memory");
1980 	}
1981 	;
1982 forward_first: VAR_FORWARD_FIRST STRING_ARG
1983 	{
1984 		OUTYY(("P(forward-first:%s)\n", $2));
1985 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1986 			yyerror("expected yes or no.");
1987 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
1988 		free($2);
1989 	}
1990 	;
1991 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
1992 	{
1993 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
1994 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1995 			yyerror("expected yes or no.");
1996 		else cfg_parser->cfg->forwards->ssl_upstream =
1997 			(strcmp($2, "yes")==0);
1998 		free($2);
1999 	}
2000 	;
2001 view_name: VAR_NAME STRING_ARG
2002 	{
2003 		OUTYY(("P(name:%s)\n", $2));
2004 		if(cfg_parser->cfg->views->name)
2005 			yyerror("view name override, there must be one "
2006 				"name for one view");
2007 		free(cfg_parser->cfg->views->name);
2008 		cfg_parser->cfg->views->name = $2;
2009 	}
2010 	;
2011 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2012 	{
2013 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2014 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2015 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2016 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2017 		   && strcmp($3, "typetransparent")!=0
2018 		   && strcmp($3, "always_transparent")!=0
2019 		   && strcmp($3, "always_refuse")!=0
2020 		   && strcmp($3, "always_nxdomain")!=0
2021 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
2022 			yyerror("local-zone type: expected static, deny, "
2023 				"refuse, redirect, transparent, "
2024 				"typetransparent, inform, inform_deny, "
2025 				"always_transparent, always_refuse, "
2026 				"always_nxdomain or nodefault");
2027 		else if(strcmp($3, "nodefault")==0) {
2028 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2029 				local_zones_nodefault, $2))
2030 				fatal_exit("out of memory adding local-zone");
2031 			free($3);
2032 		} else {
2033 			if(!cfg_str2list_insert(
2034 				&cfg_parser->cfg->views->local_zones,
2035 				$2, $3))
2036 				fatal_exit("out of memory adding local-zone");
2037 		}
2038 	}
2039 	;
2040 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2041 	{
2042 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2043 		validate_respip_action($3);
2044 		if(!cfg_str2list_insert(
2045 			&cfg_parser->cfg->views->respip_actions, $2, $3))
2046 			fatal_exit("out of memory adding per-view "
2047 				"response-ip action");
2048 	}
2049 	;
2050 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2051 	{
2052 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
2053 		if(!cfg_str2list_insert(
2054 			&cfg_parser->cfg->views->respip_data, $2, $3))
2055 			fatal_exit("out of memory adding response-ip-data");
2056 	}
2057 	;
2058 view_local_data: VAR_LOCAL_DATA STRING_ARG
2059 	{
2060 		OUTYY(("P(view_local_data:%s)\n", $2));
2061 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2062 			fatal_exit("out of memory adding local-data");
2063 			free($2);
2064 		}
2065 	}
2066 	;
2067 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2068 	{
2069 		char* ptr;
2070 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2071 		ptr = cfg_ptr_reverse($2);
2072 		free($2);
2073 		if(ptr) {
2074 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2075 				local_data, ptr))
2076 				fatal_exit("out of memory adding local-data");
2077 		} else {
2078 			yyerror("local-data-ptr could not be reversed");
2079 		}
2080 	}
2081 	;
2082 view_first: VAR_VIEW_FIRST STRING_ARG
2083 	{
2084 		OUTYY(("P(view-first:%s)\n", $2));
2085 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2086 			yyerror("expected yes or no.");
2087 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2088 		free($2);
2089 	}
2090 	;
2091 rcstart: VAR_REMOTE_CONTROL
2092 	{
2093 		OUTYY(("\nP(remote-control:)\n"));
2094 	}
2095 	;
2096 contents_rc: contents_rc content_rc
2097 	| ;
2098 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2099 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2100 	rc_control_cert_file | rc_control_use_cert
2101 	;
2102 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2103 	{
2104 		OUTYY(("P(control_enable:%s)\n", $2));
2105 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2106 			yyerror("expected yes or no.");
2107 		else cfg_parser->cfg->remote_control_enable =
2108 			(strcmp($2, "yes")==0);
2109 		free($2);
2110 	}
2111 	;
2112 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2113 	{
2114 		OUTYY(("P(control_port:%s)\n", $2));
2115 		if(atoi($2) == 0)
2116 			yyerror("control port number expected");
2117 		else cfg_parser->cfg->control_port = atoi($2);
2118 		free($2);
2119 	}
2120 	;
2121 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2122 	{
2123 		OUTYY(("P(control_interface:%s)\n", $2));
2124 		if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
2125 			yyerror("out of memory");
2126 	}
2127 	;
2128 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2129 	{
2130 		OUTYY(("P(control_use_cert:%s)\n", $2));
2131 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2132 			yyerror("expected yes or no.");
2133 		else cfg_parser->cfg->remote_control_use_cert =
2134 			(strcmp($2, "yes")==0);
2135 		free($2);
2136 	}
2137 	;
2138 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2139 	{
2140 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
2141 		free(cfg_parser->cfg->server_key_file);
2142 		cfg_parser->cfg->server_key_file = $2;
2143 	}
2144 	;
2145 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2146 	{
2147 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2148 		free(cfg_parser->cfg->server_cert_file);
2149 		cfg_parser->cfg->server_cert_file = $2;
2150 	}
2151 	;
2152 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2153 	{
2154 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
2155 		free(cfg_parser->cfg->control_key_file);
2156 		cfg_parser->cfg->control_key_file = $2;
2157 	}
2158 	;
2159 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2160 	{
2161 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2162 		free(cfg_parser->cfg->control_cert_file);
2163 		cfg_parser->cfg->control_cert_file = $2;
2164 	}
2165 	;
2166 dtstart: VAR_DNSTAP
2167 	{
2168 		OUTYY(("\nP(dnstap:)\n"));
2169 	}
2170 	;
2171 contents_dt: contents_dt content_dt
2172 	| ;
2173 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2174 	dt_dnstap_send_identity | dt_dnstap_send_version |
2175 	dt_dnstap_identity | dt_dnstap_version |
2176 	dt_dnstap_log_resolver_query_messages |
2177 	dt_dnstap_log_resolver_response_messages |
2178 	dt_dnstap_log_client_query_messages |
2179 	dt_dnstap_log_client_response_messages |
2180 	dt_dnstap_log_forwarder_query_messages |
2181 	dt_dnstap_log_forwarder_response_messages
2182 	;
2183 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2184 	{
2185 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2186 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2187 			yyerror("expected yes or no.");
2188 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2189 	}
2190 	;
2191 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2192 	{
2193 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2194 		free(cfg_parser->cfg->dnstap_socket_path);
2195 		cfg_parser->cfg->dnstap_socket_path = $2;
2196 	}
2197 	;
2198 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2199 	{
2200 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2201 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2202 			yyerror("expected yes or no.");
2203 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2204 	}
2205 	;
2206 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2207 	{
2208 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2209 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2210 			yyerror("expected yes or no.");
2211 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2212 	}
2213 	;
2214 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2215 	{
2216 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2217 		free(cfg_parser->cfg->dnstap_identity);
2218 		cfg_parser->cfg->dnstap_identity = $2;
2219 	}
2220 	;
2221 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2222 	{
2223 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2224 		free(cfg_parser->cfg->dnstap_version);
2225 		cfg_parser->cfg->dnstap_version = $2;
2226 	}
2227 	;
2228 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2229 	{
2230 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2231 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2232 			yyerror("expected yes or no.");
2233 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2234 			(strcmp($2, "yes")==0);
2235 	}
2236 	;
2237 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2238 	{
2239 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2240 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2241 			yyerror("expected yes or no.");
2242 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2243 			(strcmp($2, "yes")==0);
2244 	}
2245 	;
2246 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2247 	{
2248 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2249 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2250 			yyerror("expected yes or no.");
2251 		else cfg_parser->cfg->dnstap_log_client_query_messages =
2252 			(strcmp($2, "yes")==0);
2253 	}
2254 	;
2255 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2256 	{
2257 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2258 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2259 			yyerror("expected yes or no.");
2260 		else cfg_parser->cfg->dnstap_log_client_response_messages =
2261 			(strcmp($2, "yes")==0);
2262 	}
2263 	;
2264 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2265 	{
2266 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2267 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2268 			yyerror("expected yes or no.");
2269 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2270 			(strcmp($2, "yes")==0);
2271 	}
2272 	;
2273 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2274 	{
2275 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2276 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2277 			yyerror("expected yes or no.");
2278 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2279 			(strcmp($2, "yes")==0);
2280 	}
2281 	;
2282 pythonstart: VAR_PYTHON
2283 	{
2284 		OUTYY(("\nP(python:)\n"));
2285 	}
2286 	;
2287 contents_py: contents_py content_py
2288 	| ;
2289 content_py: py_script
2290 	;
2291 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2292 	{
2293 		OUTYY(("P(python-script:%s)\n", $2));
2294 		free(cfg_parser->cfg->python_script);
2295 		cfg_parser->cfg->python_script = $2;
2296 	}
2297 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2298 	{
2299 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2300 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2301 			yyerror("expected yes or no.");
2302 		else cfg_parser->cfg->disable_dnssec_lame_check =
2303 			(strcmp($2, "yes")==0);
2304 		free($2);
2305 	}
2306 	;
2307 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2308 	{
2309 		OUTYY(("P(server_log_identity:%s)\n", $2));
2310 		free(cfg_parser->cfg->log_identity);
2311 		cfg_parser->cfg->log_identity = $2;
2312 	}
2313 	;
2314 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2315 	{
2316 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2317 		validate_respip_action($3);
2318 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2319 			$2, $3))
2320 			fatal_exit("out of memory adding response-ip");
2321 	}
2322 	;
2323 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2324 	{
2325 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
2326 			if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2327 				$2, $3))
2328 				fatal_exit("out of memory adding response-ip-data");
2329 	}
2330 	;
2331 dnscstart: VAR_DNSCRYPT
2332 	{
2333 		OUTYY(("\nP(dnscrypt:)\n"));
2334 		OUTYY(("\nP(dnscrypt:)\n"));
2335 	}
2336 	;
2337 contents_dnsc: contents_dnsc content_dnsc
2338 	| ;
2339 content_dnsc:
2340 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2341 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2342 	dnsc_dnscrypt_shared_secret_cache_size |
2343 	dnsc_dnscrypt_shared_secret_cache_slabs |
2344 	dnsc_dnscrypt_nonce_cache_size |
2345 	dnsc_dnscrypt_nonce_cache_slabs
2346 	;
2347 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2348 	{
2349 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2350 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2351 			yyerror("expected yes or no.");
2352 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2353 		free($2);
2354 	}
2355 	;
2356 
2357 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2358 	{
2359 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2360 
2361 		if(atoi($2) == 0)
2362 			yyerror("port number expected");
2363 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
2364 		free($2);
2365 	}
2366 	;
2367 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2368 	{
2369 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2370 		free(cfg_parser->cfg->dnscrypt_provider);
2371 		cfg_parser->cfg->dnscrypt_provider = $2;
2372 	}
2373 	;
2374 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2375 	{
2376 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2377 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2378 			fatal_exit("out of memory adding dnscrypt-provider-cert");
2379 	}
2380 	;
2381 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2382 	{
2383 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2384 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2385 			fatal_exit("out of memory adding dnscrypt-secret-key");
2386 	}
2387 	;
2388 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2389   {
2390   	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2391   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2392   		yyerror("memory size expected");
2393   	free($2);
2394   }
2395   ;
2396 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2397   {
2398   	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2399   	if(atoi($2) == 0)
2400   		yyerror("number expected");
2401   	else {
2402   		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2403   		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2404   			yyerror("must be a power of 2");
2405   	}
2406   	free($2);
2407   }
2408   ;
2409 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2410   {
2411   	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2412   	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2413   		yyerror("memory size expected");
2414   	free($2);
2415   }
2416   ;
2417 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2418   {
2419   	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2420   	if(atoi($2) == 0)
2421   		yyerror("number expected");
2422   	else {
2423   		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2424   		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2425   			yyerror("must be a power of 2");
2426   	}
2427   	free($2);
2428   }
2429   ;
2430 cachedbstart: VAR_CACHEDB
2431 	{
2432 		OUTYY(("\nP(cachedb:)\n"));
2433 	}
2434 	;
2435 contents_cachedb: contents_cachedb content_cachedb
2436 	| ;
2437 content_cachedb: cachedb_backend_name | cachedb_secret_seed
2438 	;
2439 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
2440 	{
2441 	#ifdef USE_CACHEDB
2442 		OUTYY(("P(backend:%s)\n", $2));
2443 		if(cfg_parser->cfg->cachedb_backend)
2444 			yyerror("cachedb backend override, there must be one "
2445 				"backend");
2446 		free(cfg_parser->cfg->cachedb_backend);
2447 		cfg_parser->cfg->cachedb_backend = $2;
2448 	#else
2449 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2450 	#endif
2451 	}
2452 	;
2453 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
2454 	{
2455 	#ifdef USE_CACHEDB
2456 		OUTYY(("P(secret-seed:%s)\n", $2));
2457 		if(cfg_parser->cfg->cachedb_secret)
2458 			yyerror("cachedb secret-seed override, there must be "
2459 				"only one secret");
2460 		free(cfg_parser->cfg->cachedb_secret);
2461 		cfg_parser->cfg->cachedb_secret = $2;
2462 	#else
2463 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2464 		free($2);
2465 	#endif
2466 	}
2467 	;
2468 %%
2469 
2470 /* parse helper routines could be here */
2471 static void
2472 validate_respip_action(const char* action)
2473 {
2474 	if(strcmp(action, "deny")!=0 &&
2475 		strcmp(action, "redirect")!=0 &&
2476 		strcmp(action, "inform")!=0 &&
2477 		strcmp(action, "inform_deny")!=0 &&
2478 		strcmp(action, "always_transparent")!=0 &&
2479 		strcmp(action, "always_refuse")!=0 &&
2480 		strcmp(action, "always_nxdomain")!=0)
2481 	{
2482 		yyerror("response-ip action: expected deny, redirect, "
2483 			"inform, inform_deny, always_transparent, "
2484 			"always_refuse or always_nxdomain");
2485 	}
2486 }
2487