1 /*
2 * configparser.y -- yacc grammar for unbound configuration files
3 *
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5 *
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
7 *
8 * This software is open source.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 *
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
20 *
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 %{
39 #include "config.h"
40
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60
61 #if 0
62 #define OUTYY(s) printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66
67 %}
68 %union {
69 char* str;
70 };
71
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
141 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
142 %token VAR_IP_DSCP
143 %token VAR_DISABLE_DNSSEC_LAME_CHECK
144 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
145 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
146 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
147 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
148 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
149 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
150 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
151 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
152 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
153 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
154 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
155 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
156 %token VAR_CACHE_MIN_NEGATIVE_TTL
157 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
158 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
159 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
160 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
161 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
162 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
163 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
164 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
165 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
166 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
167 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
168 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
169 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
170 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
171 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
172 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
173 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
174 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
175 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
176 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
177 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
178 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
179 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
180 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
181 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
182 %token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
183 %token VAR_CACHEDB_REDISLOGICALDB
184 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
185 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
186 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
187 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
188 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
189 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
190 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
191 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
192 %token VAR_DISCARD_TIMEOUT VAR_WAIT_LIMIT VAR_WAIT_LIMIT_COOKIE
193 %token VAR_WAIT_LIMIT_NETBLOCK VAR_WAIT_LIMIT_COOKIE_NETBLOCK
194 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
195 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
196 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
197 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
198 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
199 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
200 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
201 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
202 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
203 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
204 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
205 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
206 %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
207
208 %%
209 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
210 toplevelvar: serverstart contents_server | stubstart contents_stub |
211 forwardstart contents_forward | pythonstart contents_py |
212 rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
213 dnscstart contents_dnsc | cachedbstart contents_cachedb |
214 ipsetstart contents_ipset | authstart contents_auth |
215 rpzstart contents_rpz | dynlibstart contents_dl |
216 force_toplevel
217 ;
218 force_toplevel: VAR_FORCE_TOPLEVEL
219 {
220 OUTYY(("\nP(force-toplevel)\n"));
221 cfg_parser->started_toplevel = 0;
222 }
223 ;
224 /* server: declaration */
225 serverstart: VAR_SERVER
226 {
227 OUTYY(("\nP(server:)\n"));
228 cfg_parser->started_toplevel = 1;
229 }
230 ;
231 contents_server: contents_server content_server
232 | ;
233 content_server: server_num_threads | server_verbosity | server_port |
234 server_outgoing_range | server_do_ip4 |
235 server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
236 server_prefer_ip6 | server_do_udp | server_do_tcp |
237 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
238 server_tcp_keepalive | server_tcp_keepalive_timeout |
239 server_sock_queue_timeout |
240 server_interface | server_chroot | server_username |
241 server_directory | server_logfile | server_pidfile |
242 server_msg_cache_size | server_msg_cache_slabs |
243 server_num_queries_per_thread | server_rrset_cache_size |
244 server_rrset_cache_slabs | server_outgoing_num_tcp |
245 server_infra_host_ttl | server_infra_lame_ttl |
246 server_infra_cache_slabs | server_infra_cache_numhosts |
247 server_infra_cache_lame_size | server_target_fetch_policy |
248 server_harden_short_bufsize | server_harden_large_queries |
249 server_do_not_query_address | server_hide_identity |
250 server_hide_version | server_identity | server_version |
251 server_hide_http_user_agent | server_http_user_agent |
252 server_harden_glue | server_module_conf | server_trust_anchor_file |
253 server_trust_anchor | server_val_override_date | server_bogus_ttl |
254 server_val_clean_additional | server_val_permissive_mode |
255 server_incoming_num_tcp | server_msg_buffer_size |
256 server_key_cache_size | server_key_cache_slabs |
257 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
258 server_use_syslog | server_outgoing_interface | server_root_hints |
259 server_do_not_query_localhost | server_cache_max_ttl |
260 server_harden_dnssec_stripped | server_access_control |
261 server_local_zone | server_local_data | server_interface_automatic |
262 server_statistics_interval | server_do_daemonize |
263 server_use_caps_for_id | server_statistics_cumulative |
264 server_outgoing_port_permit | server_outgoing_port_avoid |
265 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
266 server_harden_referral_path | server_private_address |
267 server_private_domain | server_extended_statistics |
268 server_local_data_ptr | server_jostle_timeout |
269 server_unwanted_reply_threshold | server_log_time_ascii |
270 server_domain_insecure | server_val_sig_skew_min |
271 server_val_sig_skew_max | server_val_max_restart |
272 server_cache_min_ttl | server_val_log_level |
273 server_auto_trust_anchor_file | server_add_holddown |
274 server_del_holddown | server_keep_missing | server_so_rcvbuf |
275 server_edns_buffer_size | server_prefetch | server_prefetch_key |
276 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
277 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
278 server_log_local_actions |
279 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
280 server_https_port | server_http_endpoint | server_http_max_streams |
281 server_http_query_buffer_size | server_http_response_buffer_size |
282 server_http_nodelay | server_http_notls_downstream |
283 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
284 server_so_reuseport | server_delay_close | server_udp_connect |
285 server_unblock_lan_zones | server_insecure_lan_zones |
286 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
287 server_nat64_prefix |
288 server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
289 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
290 server_ip_dscp | server_infra_keep_probing |
291 server_ip_ratelimit_slabs | server_ratelimit_slabs |
292 server_ip_ratelimit_size | server_ratelimit_size |
293 server_ratelimit_for_domain |
294 server_ratelimit_below_domain | server_ratelimit_factor |
295 server_ip_ratelimit_factor | server_ratelimit_backoff |
296 server_ip_ratelimit_backoff | server_outbound_msg_retry |
297 server_max_sent_count | server_max_query_restarts |
298 server_send_client_subnet | server_client_subnet_zone |
299 server_client_subnet_always_forward | server_client_subnet_opcode |
300 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
301 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
302 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
303 server_caps_whitelist | server_cache_max_negative_ttl |
304 server_cache_min_negative_ttl |
305 server_permit_small_holddown | server_qname_minimisation |
306 server_ip_freebind | server_define_tag | server_local_zone_tag |
307 server_disable_dnssec_lame_check | server_access_control_tag |
308 server_local_zone_override | server_access_control_tag_action |
309 server_access_control_tag_data | server_access_control_view |
310 server_interface_action | server_interface_view | server_interface_tag |
311 server_interface_tag_action | server_interface_tag_data |
312 server_qname_minimisation_strict |
313 server_pad_responses | server_pad_responses_block_size |
314 server_pad_queries | server_pad_queries_block_size |
315 server_serve_expired |
316 server_serve_expired_ttl | server_serve_expired_ttl_reset |
317 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
318 server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
319 server_log_identity | server_use_systemd |
320 server_response_ip_tag | server_response_ip | server_response_ip_data |
321 server_shm_enable | server_shm_key | server_fake_sha1 |
322 server_hide_trustanchor | server_trust_anchor_signaling |
323 server_root_key_sentinel |
324 server_ipsecmod_enabled | server_ipsecmod_hook |
325 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
326 server_ipsecmod_whitelist | server_ipsecmod_strict |
327 server_udp_upstream_without_downstream | server_aggressive_nsec |
328 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
329 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
330 server_tcp_connection_limit | server_log_servfail | server_deny_any |
331 server_unknown_server_time_limit | server_log_tag_queryreply |
332 server_discard_timeout | server_wait_limit | server_wait_limit_cookie |
333 server_wait_limit_netblock | server_wait_limit_cookie_netblock |
334 server_stream_wait_size | server_tls_ciphers |
335 server_tls_ciphersuites | server_tls_session_ticket_keys |
336 server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
337 server_tls_use_sni | server_edns_client_string |
338 server_edns_client_string_opcode | server_nsid |
339 server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
340 server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
341 server_interface_automatic_ports | server_ede |
342 server_proxy_protocol_port | server_statistics_inhibit_zero |
343 server_harden_unknown_additional | server_disable_edns_do |
344 server_log_destaddr
345 ;
346 stubstart: VAR_STUB_ZONE
347 {
348 struct config_stub* s;
349 OUTYY(("\nP(stub_zone:)\n"));
350 cfg_parser->started_toplevel = 1;
351 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
352 if(s) {
353 s->next = cfg_parser->cfg->stubs;
354 cfg_parser->cfg->stubs = s;
355 } else {
356 yyerror("out of memory");
357 }
358 }
359 ;
360 contents_stub: contents_stub content_stub
361 | ;
362 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
363 stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
364 ;
365 forwardstart: VAR_FORWARD_ZONE
366 {
367 struct config_stub* s;
368 OUTYY(("\nP(forward_zone:)\n"));
369 cfg_parser->started_toplevel = 1;
370 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
371 if(s) {
372 s->next = cfg_parser->cfg->forwards;
373 cfg_parser->cfg->forwards = s;
374 } else {
375 yyerror("out of memory");
376 }
377 }
378 ;
379 contents_forward: contents_forward content_forward
380 | ;
381 content_forward: forward_name | forward_host | forward_addr | forward_first |
382 forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
383 ;
384 viewstart: VAR_VIEW
385 {
386 struct config_view* s;
387 OUTYY(("\nP(view:)\n"));
388 cfg_parser->started_toplevel = 1;
389 s = (struct config_view*)calloc(1, sizeof(struct config_view));
390 if(s) {
391 s->next = cfg_parser->cfg->views;
392 if(s->next && !s->next->name)
393 yyerror("view without name");
394 cfg_parser->cfg->views = s;
395 } else {
396 yyerror("out of memory");
397 }
398 }
399 ;
400 contents_view: contents_view content_view
401 | ;
402 content_view: view_name | view_local_zone | view_local_data | view_first |
403 view_response_ip | view_response_ip_data | view_local_data_ptr
404 ;
405 authstart: VAR_AUTH_ZONE
406 {
407 struct config_auth* s;
408 OUTYY(("\nP(auth_zone:)\n"));
409 cfg_parser->started_toplevel = 1;
410 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
411 if(s) {
412 s->next = cfg_parser->cfg->auths;
413 cfg_parser->cfg->auths = s;
414 /* defaults for auth zone */
415 s->for_downstream = 1;
416 s->for_upstream = 1;
417 s->fallback_enabled = 0;
418 s->zonemd_check = 0;
419 s->zonemd_reject_absence = 0;
420 s->isrpz = 0;
421 } else {
422 yyerror("out of memory");
423 }
424 }
425 ;
426 contents_auth: contents_auth content_auth
427 | ;
428 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
429 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
430 auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
431 ;
432
433 rpz_tag: VAR_TAGS STRING_ARG
434 {
435 uint8_t* bitlist;
436 size_t len = 0;
437 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
438 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
439 &len);
440 free($2);
441 if(!bitlist) {
442 yyerror("could not parse tags, (define-tag them first)");
443 }
444 if(bitlist) {
445 cfg_parser->cfg->auths->rpz_taglist = bitlist;
446 cfg_parser->cfg->auths->rpz_taglistlen = len;
447
448 }
449 }
450 ;
451
452 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
453 {
454 OUTYY(("P(rpz_action_override:%s)\n", $2));
455 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
456 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
457 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
458 yyerror("rpz-action-override action: expected nxdomain, "
459 "nodata, passthru, drop, cname or disabled");
460 free($2);
461 cfg_parser->cfg->auths->rpz_action_override = NULL;
462 }
463 else {
464 cfg_parser->cfg->auths->rpz_action_override = $2;
465 }
466 }
467 ;
468
469 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
470 {
471 OUTYY(("P(rpz_cname_override:%s)\n", $2));
472 free(cfg_parser->cfg->auths->rpz_cname);
473 cfg_parser->cfg->auths->rpz_cname = $2;
474 }
475 ;
476
477 rpz_log: VAR_RPZ_LOG STRING_ARG
478 {
479 OUTYY(("P(rpz_log:%s)\n", $2));
480 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
481 yyerror("expected yes or no.");
482 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
483 free($2);
484 }
485 ;
486
487 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
488 {
489 OUTYY(("P(rpz_log_name:%s)\n", $2));
490 free(cfg_parser->cfg->auths->rpz_log_name);
491 cfg_parser->cfg->auths->rpz_log_name = $2;
492 }
493 ;
494 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
495 {
496 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
497 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
498 yyerror("expected yes or no.");
499 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
500 free($2);
501 }
502 ;
503
504 rpzstart: VAR_RPZ
505 {
506 struct config_auth* s;
507 OUTYY(("\nP(rpz:)\n"));
508 cfg_parser->started_toplevel = 1;
509 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
510 if(s) {
511 s->next = cfg_parser->cfg->auths;
512 cfg_parser->cfg->auths = s;
513 /* defaults for RPZ auth zone */
514 s->for_downstream = 0;
515 s->for_upstream = 0;
516 s->fallback_enabled = 0;
517 s->isrpz = 1;
518 } else {
519 yyerror("out of memory");
520 }
521 }
522 ;
523 contents_rpz: contents_rpz content_rpz
524 | ;
525 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
526 auth_allow_notify | rpz_action_override | rpz_cname_override |
527 rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
528 ;
529 server_num_threads: VAR_NUM_THREADS STRING_ARG
530 {
531 OUTYY(("P(server_num_threads:%s)\n", $2));
532 if(atoi($2) == 0 && strcmp($2, "0") != 0)
533 yyerror("number expected");
534 else cfg_parser->cfg->num_threads = atoi($2);
535 free($2);
536 }
537 ;
538 server_verbosity: VAR_VERBOSITY STRING_ARG
539 {
540 OUTYY(("P(server_verbosity:%s)\n", $2));
541 if(atoi($2) == 0 && strcmp($2, "0") != 0)
542 yyerror("number expected");
543 else cfg_parser->cfg->verbosity = atoi($2);
544 free($2);
545 }
546 ;
547 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
548 {
549 OUTYY(("P(server_statistics_interval:%s)\n", $2));
550 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
551 cfg_parser->cfg->stat_interval = 0;
552 else if(atoi($2) == 0)
553 yyerror("number expected");
554 else cfg_parser->cfg->stat_interval = atoi($2);
555 free($2);
556 }
557 ;
558 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
559 {
560 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
561 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
562 yyerror("expected yes or no.");
563 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
564 free($2);
565 }
566 ;
567 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
568 {
569 OUTYY(("P(server_extended_statistics:%s)\n", $2));
570 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
571 yyerror("expected yes or no.");
572 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
573 free($2);
574 }
575 ;
576 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
577 {
578 OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
579 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
580 yyerror("expected yes or no.");
581 else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
582 free($2);
583 }
584 ;
585 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
586 {
587 OUTYY(("P(server_shm_enable:%s)\n", $2));
588 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
589 yyerror("expected yes or no.");
590 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
591 free($2);
592 }
593 ;
594 server_shm_key: VAR_SHM_KEY STRING_ARG
595 {
596 OUTYY(("P(server_shm_key:%s)\n", $2));
597 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
598 cfg_parser->cfg->shm_key = 0;
599 else if(atoi($2) == 0)
600 yyerror("number expected");
601 else cfg_parser->cfg->shm_key = atoi($2);
602 free($2);
603 }
604 ;
605 server_port: VAR_PORT STRING_ARG
606 {
607 OUTYY(("P(server_port:%s)\n", $2));
608 if(atoi($2) == 0)
609 yyerror("port number expected");
610 else cfg_parser->cfg->port = atoi($2);
611 free($2);
612 }
613 ;
614 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
615 {
616 #ifdef CLIENT_SUBNET
617 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
618 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
619 fatal_exit("out of memory adding client-subnet");
620 #else
621 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
622 free($2);
623 #endif
624 }
625 ;
626 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
627 {
628 #ifdef CLIENT_SUBNET
629 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
630 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
631 $2))
632 fatal_exit("out of memory adding client-subnet-zone");
633 #else
634 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
635 free($2);
636 #endif
637 }
638 ;
639 server_client_subnet_always_forward:
640 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
641 {
642 #ifdef CLIENT_SUBNET
643 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
644 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
645 yyerror("expected yes or no.");
646 else
647 cfg_parser->cfg->client_subnet_always_forward =
648 (strcmp($2, "yes")==0);
649 #else
650 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
651 #endif
652 free($2);
653 }
654 ;
655 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
656 {
657 #ifdef CLIENT_SUBNET
658 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
659 OUTYY(("P(Deprecated option, ignoring)\n"));
660 #else
661 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
662 #endif
663 free($2);
664 }
665 ;
666 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
667 {
668 #ifdef CLIENT_SUBNET
669 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
670 if(atoi($2) == 0 && strcmp($2, "0") != 0)
671 yyerror("IPv4 subnet length expected");
672 else if (atoi($2) > 32)
673 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
674 else if (atoi($2) < 0)
675 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
676 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
677 #else
678 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
679 #endif
680 free($2);
681 }
682 ;
683 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
684 {
685 #ifdef CLIENT_SUBNET
686 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
687 if(atoi($2) == 0 && strcmp($2, "0") != 0)
688 yyerror("Ipv6 subnet length expected");
689 else if (atoi($2) > 128)
690 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
691 else if (atoi($2) < 0)
692 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
693 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
694 #else
695 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
696 #endif
697 free($2);
698 }
699 ;
700 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
701 {
702 #ifdef CLIENT_SUBNET
703 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
704 if(atoi($2) == 0 && strcmp($2, "0") != 0)
705 yyerror("IPv4 subnet length expected");
706 else if (atoi($2) > 32)
707 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
708 else if (atoi($2) < 0)
709 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
710 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
711 #else
712 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
713 #endif
714 free($2);
715 }
716 ;
717 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
718 {
719 #ifdef CLIENT_SUBNET
720 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
721 if(atoi($2) == 0 && strcmp($2, "0") != 0)
722 yyerror("Ipv6 subnet length expected");
723 else if (atoi($2) > 128)
724 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
725 else if (atoi($2) < 0)
726 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
727 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
728 #else
729 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
730 #endif
731 free($2);
732 }
733 ;
734 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
735 {
736 #ifdef CLIENT_SUBNET
737 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
738 if(atoi($2) == 0 && strcmp($2, "0") != 0)
739 yyerror("IPv4 ECS tree size expected");
740 else if (atoi($2) < 0)
741 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
742 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
743 #else
744 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
745 #endif
746 free($2);
747 }
748 ;
749 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
750 {
751 #ifdef CLIENT_SUBNET
752 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
753 if(atoi($2) == 0 && strcmp($2, "0") != 0)
754 yyerror("IPv6 ECS tree size expected");
755 else if (atoi($2) < 0)
756 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
757 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
758 #else
759 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
760 #endif
761 free($2);
762 }
763 ;
764 server_interface: VAR_INTERFACE STRING_ARG
765 {
766 OUTYY(("P(server_interface:%s)\n", $2));
767 if(cfg_parser->cfg->num_ifs == 0)
768 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
769 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
770 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
771 if(!cfg_parser->cfg->ifs)
772 yyerror("out of memory");
773 else
774 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
775 }
776 ;
777 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
778 {
779 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
780 if(cfg_parser->cfg->num_out_ifs == 0)
781 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
782 else cfg_parser->cfg->out_ifs = realloc(
783 cfg_parser->cfg->out_ifs,
784 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
785 if(!cfg_parser->cfg->out_ifs)
786 yyerror("out of memory");
787 else
788 cfg_parser->cfg->out_ifs[
789 cfg_parser->cfg->num_out_ifs++] = $2;
790 }
791 ;
792 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
793 {
794 OUTYY(("P(server_outgoing_range:%s)\n", $2));
795 if(atoi($2) == 0)
796 yyerror("number expected");
797 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
798 free($2);
799 }
800 ;
801 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
802 {
803 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
804 if(!cfg_mark_ports($2, 1,
805 cfg_parser->cfg->outgoing_avail_ports, 65536))
806 yyerror("port number or range (\"low-high\") expected");
807 free($2);
808 }
809 ;
810 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
811 {
812 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
813 if(!cfg_mark_ports($2, 0,
814 cfg_parser->cfg->outgoing_avail_ports, 65536))
815 yyerror("port number or range (\"low-high\") expected");
816 free($2);
817 }
818 ;
819 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
820 {
821 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
822 if(atoi($2) == 0 && strcmp($2, "0") != 0)
823 yyerror("number expected");
824 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
825 free($2);
826 }
827 ;
828 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
829 {
830 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
831 if(atoi($2) == 0 && strcmp($2, "0") != 0)
832 yyerror("number expected");
833 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
834 free($2);
835 }
836 ;
837 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
838 {
839 OUTYY(("P(server_interface_automatic:%s)\n", $2));
840 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
841 yyerror("expected yes or no.");
842 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
843 free($2);
844 }
845 ;
846 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
847 {
848 OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
849 free(cfg_parser->cfg->if_automatic_ports);
850 cfg_parser->cfg->if_automatic_ports = $2;
851 }
852 ;
853 server_do_ip4: VAR_DO_IP4 STRING_ARG
854 {
855 OUTYY(("P(server_do_ip4:%s)\n", $2));
856 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
857 yyerror("expected yes or no.");
858 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
859 free($2);
860 }
861 ;
862 server_do_ip6: VAR_DO_IP6 STRING_ARG
863 {
864 OUTYY(("P(server_do_ip6:%s)\n", $2));
865 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
866 yyerror("expected yes or no.");
867 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
868 free($2);
869 }
870 ;
871 server_do_nat64: VAR_DO_NAT64 STRING_ARG
872 {
873 OUTYY(("P(server_do_nat64:%s)\n", $2));
874 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
875 yyerror("expected yes or no.");
876 else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
877 free($2);
878 }
879 ;
880 server_do_udp: VAR_DO_UDP STRING_ARG
881 {
882 OUTYY(("P(server_do_udp:%s)\n", $2));
883 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
884 yyerror("expected yes or no.");
885 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
886 free($2);
887 }
888 ;
889 server_do_tcp: VAR_DO_TCP STRING_ARG
890 {
891 OUTYY(("P(server_do_tcp:%s)\n", $2));
892 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
893 yyerror("expected yes or no.");
894 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
895 free($2);
896 }
897 ;
898 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
899 {
900 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
901 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
902 yyerror("expected yes or no.");
903 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
904 free($2);
905 }
906 ;
907 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
908 {
909 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
910 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
911 yyerror("expected yes or no.");
912 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
913 free($2);
914 }
915 ;
916 server_tcp_mss: VAR_TCP_MSS STRING_ARG
917 {
918 OUTYY(("P(server_tcp_mss:%s)\n", $2));
919 if(atoi($2) == 0 && strcmp($2, "0") != 0)
920 yyerror("number expected");
921 else cfg_parser->cfg->tcp_mss = atoi($2);
922 free($2);
923 }
924 ;
925 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
926 {
927 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
928 if(atoi($2) == 0 && strcmp($2, "0") != 0)
929 yyerror("number expected");
930 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
931 free($2);
932 }
933 ;
934 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
935 {
936 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
937 if(atoi($2) == 0 && strcmp($2, "0") != 0)
938 yyerror("number expected");
939 else if (atoi($2) > 120000)
940 cfg_parser->cfg->tcp_idle_timeout = 120000;
941 else if (atoi($2) < 1)
942 cfg_parser->cfg->tcp_idle_timeout = 1;
943 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
944 free($2);
945 }
946 ;
947 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
948 {
949 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
950 if(atoi($2) == 0 && strcmp($2, "0") != 0)
951 yyerror("number expected");
952 else if (atoi($2) < 1)
953 cfg_parser->cfg->max_reuse_tcp_queries = 0;
954 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
955 free($2);
956 }
957 ;
958 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
959 {
960 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
961 if(atoi($2) == 0 && strcmp($2, "0") != 0)
962 yyerror("number expected");
963 else if (atoi($2) < 1)
964 cfg_parser->cfg->tcp_reuse_timeout = 0;
965 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
966 free($2);
967 }
968 ;
969 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
970 {
971 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
972 if(atoi($2) == 0 && strcmp($2, "0") != 0)
973 yyerror("number expected");
974 else if (atoi($2) < 1)
975 cfg_parser->cfg->tcp_auth_query_timeout = 0;
976 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
977 free($2);
978 }
979 ;
980 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
981 {
982 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
983 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
984 yyerror("expected yes or no.");
985 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
986 free($2);
987 }
988 ;
989 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
990 {
991 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
992 if(atoi($2) == 0 && strcmp($2, "0") != 0)
993 yyerror("number expected");
994 else if (atoi($2) > 6553500)
995 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
996 else if (atoi($2) < 1)
997 cfg_parser->cfg->tcp_keepalive_timeout = 0;
998 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
999 free($2);
1000 }
1001 ;
1002 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
1003 {
1004 OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
1005 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1006 yyerror("number expected");
1007 else if (atoi($2) > 6553500)
1008 cfg_parser->cfg->sock_queue_timeout = 6553500;
1009 else if (atoi($2) < 1)
1010 cfg_parser->cfg->sock_queue_timeout = 0;
1011 else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1012 free($2);
1013 }
1014 ;
1015 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1016 {
1017 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1018 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1019 yyerror("expected yes or no.");
1020 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1021 free($2);
1022 }
1023 ;
1024 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1025 {
1026 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1027 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1028 yyerror("expected yes or no.");
1029 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1030 free($2);
1031 }
1032 ;
1033 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1034 {
1035 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1036 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1037 yyerror("expected yes or no.");
1038 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1039 free($2);
1040 }
1041 ;
1042 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1043 {
1044 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1045 free(cfg_parser->cfg->ssl_service_key);
1046 cfg_parser->cfg->ssl_service_key = $2;
1047 }
1048 ;
1049 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1050 {
1051 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1052 free(cfg_parser->cfg->ssl_service_pem);
1053 cfg_parser->cfg->ssl_service_pem = $2;
1054 }
1055 ;
1056 server_ssl_port: VAR_SSL_PORT STRING_ARG
1057 {
1058 OUTYY(("P(server_ssl_port:%s)\n", $2));
1059 if(atoi($2) == 0)
1060 yyerror("port number expected");
1061 else cfg_parser->cfg->ssl_port = atoi($2);
1062 free($2);
1063 }
1064 ;
1065 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1066 {
1067 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1068 free(cfg_parser->cfg->tls_cert_bundle);
1069 cfg_parser->cfg->tls_cert_bundle = $2;
1070 }
1071 ;
1072 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1073 {
1074 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1075 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1076 yyerror("expected yes or no.");
1077 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1078 free($2);
1079 }
1080 ;
1081 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1082 {
1083 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1084 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1085 $2))
1086 yyerror("out of memory");
1087 }
1088 ;
1089 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1090 {
1091 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1092 free(cfg_parser->cfg->tls_ciphers);
1093 cfg_parser->cfg->tls_ciphers = $2;
1094 }
1095 ;
1096 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1097 {
1098 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1099 free(cfg_parser->cfg->tls_ciphersuites);
1100 cfg_parser->cfg->tls_ciphersuites = $2;
1101 }
1102 ;
1103 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1104 {
1105 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1106 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1107 $2))
1108 yyerror("out of memory");
1109 }
1110 ;
1111 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1112 {
1113 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1114 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1115 yyerror("expected yes or no.");
1116 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1117 free($2);
1118 }
1119 ;
1120 server_https_port: VAR_HTTPS_PORT STRING_ARG
1121 {
1122 OUTYY(("P(server_https_port:%s)\n", $2));
1123 if(atoi($2) == 0)
1124 yyerror("port number expected");
1125 else cfg_parser->cfg->https_port = atoi($2);
1126 free($2);
1127 };
1128 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1129 {
1130 OUTYY(("P(server_http_endpoint:%s)\n", $2));
1131 free(cfg_parser->cfg->http_endpoint);
1132 if($2 && $2[0] != '/') {
1133 cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1134 if(!cfg_parser->cfg->http_endpoint)
1135 yyerror("out of memory");
1136 cfg_parser->cfg->http_endpoint[0] = '/';
1137 memmove(cfg_parser->cfg->http_endpoint+1, $2,
1138 strlen($2)+1);
1139 free($2);
1140 } else {
1141 cfg_parser->cfg->http_endpoint = $2;
1142 }
1143 };
1144 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1145 {
1146 OUTYY(("P(server_http_max_streams:%s)\n", $2));
1147 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1148 yyerror("number expected");
1149 else cfg_parser->cfg->http_max_streams = atoi($2);
1150 free($2);
1151 };
1152 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1153 {
1154 OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1155 if(!cfg_parse_memsize($2,
1156 &cfg_parser->cfg->http_query_buffer_size))
1157 yyerror("memory size expected");
1158 free($2);
1159 };
1160 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1161 {
1162 OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1163 if(!cfg_parse_memsize($2,
1164 &cfg_parser->cfg->http_response_buffer_size))
1165 yyerror("memory size expected");
1166 free($2);
1167 };
1168 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1169 {
1170 OUTYY(("P(server_http_nodelay:%s)\n", $2));
1171 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1172 yyerror("expected yes or no.");
1173 else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1174 free($2);
1175 };
1176 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1177 {
1178 OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1179 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180 yyerror("expected yes or no.");
1181 else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1182 free($2);
1183 };
1184 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1185 {
1186 OUTYY(("P(server_use_systemd:%s)\n", $2));
1187 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1188 yyerror("expected yes or no.");
1189 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1190 free($2);
1191 }
1192 ;
1193 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1194 {
1195 OUTYY(("P(server_do_daemonize:%s)\n", $2));
1196 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1197 yyerror("expected yes or no.");
1198 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1199 free($2);
1200 }
1201 ;
1202 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1203 {
1204 OUTYY(("P(server_use_syslog:%s)\n", $2));
1205 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1206 yyerror("expected yes or no.");
1207 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1208 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1209 if(strcmp($2, "yes") == 0)
1210 yyerror("no syslog services are available. "
1211 "(reconfigure and compile to add)");
1212 #endif
1213 free($2);
1214 }
1215 ;
1216 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1217 {
1218 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1219 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1220 yyerror("expected yes or no.");
1221 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1222 free($2);
1223 }
1224 ;
1225 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1226 {
1227 OUTYY(("P(server_log_queries:%s)\n", $2));
1228 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1229 yyerror("expected yes or no.");
1230 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1231 free($2);
1232 }
1233 ;
1234 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1235 {
1236 OUTYY(("P(server_log_replies:%s)\n", $2));
1237 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1238 yyerror("expected yes or no.");
1239 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1240 free($2);
1241 }
1242 ;
1243 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1244 {
1245 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1246 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1247 yyerror("expected yes or no.");
1248 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1249 free($2);
1250 }
1251 ;
1252 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1253 {
1254 OUTYY(("P(server_log_servfail:%s)\n", $2));
1255 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1256 yyerror("expected yes or no.");
1257 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1258 free($2);
1259 }
1260 ;
1261 server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG
1262 {
1263 OUTYY(("P(server_log_destaddr:%s)\n", $2));
1264 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1265 yyerror("expected yes or no.");
1266 else cfg_parser->cfg->log_destaddr = (strcmp($2, "yes")==0);
1267 free($2);
1268 }
1269 ;
1270 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1271 {
1272 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1273 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1274 yyerror("expected yes or no.");
1275 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1276 free($2);
1277 }
1278 ;
1279 server_chroot: VAR_CHROOT STRING_ARG
1280 {
1281 OUTYY(("P(server_chroot:%s)\n", $2));
1282 free(cfg_parser->cfg->chrootdir);
1283 cfg_parser->cfg->chrootdir = $2;
1284 }
1285 ;
1286 server_username: VAR_USERNAME STRING_ARG
1287 {
1288 OUTYY(("P(server_username:%s)\n", $2));
1289 free(cfg_parser->cfg->username);
1290 cfg_parser->cfg->username = $2;
1291 }
1292 ;
1293 server_directory: VAR_DIRECTORY STRING_ARG
1294 {
1295 OUTYY(("P(server_directory:%s)\n", $2));
1296 free(cfg_parser->cfg->directory);
1297 cfg_parser->cfg->directory = $2;
1298 /* change there right away for includes relative to this */
1299 if($2[0]) {
1300 char* d;
1301 #ifdef UB_ON_WINDOWS
1302 w_config_adjust_directory(cfg_parser->cfg);
1303 #endif
1304 d = cfg_parser->cfg->directory;
1305 /* adjust directory if we have already chroot,
1306 * like, we reread after sighup */
1307 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1308 strncmp(d, cfg_parser->chroot, strlen(
1309 cfg_parser->chroot)) == 0)
1310 d += strlen(cfg_parser->chroot);
1311 if(d[0]) {
1312 if(chdir(d))
1313 log_err("cannot chdir to directory: %s (%s)",
1314 d, strerror(errno));
1315 }
1316 }
1317 }
1318 ;
1319 server_logfile: VAR_LOGFILE STRING_ARG
1320 {
1321 OUTYY(("P(server_logfile:%s)\n", $2));
1322 free(cfg_parser->cfg->logfile);
1323 cfg_parser->cfg->logfile = $2;
1324 cfg_parser->cfg->use_syslog = 0;
1325 }
1326 ;
1327 server_pidfile: VAR_PIDFILE STRING_ARG
1328 {
1329 OUTYY(("P(server_pidfile:%s)\n", $2));
1330 free(cfg_parser->cfg->pidfile);
1331 cfg_parser->cfg->pidfile = $2;
1332 }
1333 ;
1334 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1335 {
1336 OUTYY(("P(server_root_hints:%s)\n", $2));
1337 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1338 yyerror("out of memory");
1339 }
1340 ;
1341 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1342 {
1343 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1344 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1345 free($2);
1346 }
1347 ;
1348 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1349 {
1350 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1351 log_warn("option dlv-anchor ignored: DLV is decommissioned");
1352 free($2);
1353 }
1354 ;
1355 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1356 {
1357 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1358 if(!cfg_strlist_insert(&cfg_parser->cfg->
1359 auto_trust_anchor_file_list, $2))
1360 yyerror("out of memory");
1361 }
1362 ;
1363 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1364 {
1365 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1366 if(!cfg_strlist_insert(&cfg_parser->cfg->
1367 trust_anchor_file_list, $2))
1368 yyerror("out of memory");
1369 }
1370 ;
1371 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1372 {
1373 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1374 if(!cfg_strlist_insert(&cfg_parser->cfg->
1375 trusted_keys_file_list, $2))
1376 yyerror("out of memory");
1377 }
1378 ;
1379 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1380 {
1381 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1382 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1383 yyerror("out of memory");
1384 }
1385 ;
1386 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1387 {
1388 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1389 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1390 yyerror("expected yes or no.");
1391 else
1392 cfg_parser->cfg->trust_anchor_signaling =
1393 (strcmp($2, "yes")==0);
1394 free($2);
1395 }
1396 ;
1397 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1398 {
1399 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1400 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1401 yyerror("expected yes or no.");
1402 else
1403 cfg_parser->cfg->root_key_sentinel =
1404 (strcmp($2, "yes")==0);
1405 free($2);
1406 }
1407 ;
1408 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1409 {
1410 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1411 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1412 yyerror("out of memory");
1413 }
1414 ;
1415 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1416 {
1417 OUTYY(("P(server_hide_identity:%s)\n", $2));
1418 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1419 yyerror("expected yes or no.");
1420 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1421 free($2);
1422 }
1423 ;
1424 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1425 {
1426 OUTYY(("P(server_hide_version:%s)\n", $2));
1427 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1428 yyerror("expected yes or no.");
1429 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1430 free($2);
1431 }
1432 ;
1433 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1434 {
1435 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1436 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1437 yyerror("expected yes or no.");
1438 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1439 free($2);
1440 }
1441 ;
1442 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1443 {
1444 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1445 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1446 yyerror("expected yes or no.");
1447 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1448 free($2);
1449 }
1450 ;
1451 server_identity: VAR_IDENTITY STRING_ARG
1452 {
1453 OUTYY(("P(server_identity:%s)\n", $2));
1454 free(cfg_parser->cfg->identity);
1455 cfg_parser->cfg->identity = $2;
1456 }
1457 ;
1458 server_version: VAR_VERSION STRING_ARG
1459 {
1460 OUTYY(("P(server_version:%s)\n", $2));
1461 free(cfg_parser->cfg->version);
1462 cfg_parser->cfg->version = $2;
1463 }
1464 ;
1465 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1466 {
1467 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1468 free(cfg_parser->cfg->http_user_agent);
1469 cfg_parser->cfg->http_user_agent = $2;
1470 }
1471 ;
1472 server_nsid: VAR_NSID STRING_ARG
1473 {
1474 OUTYY(("P(server_nsid:%s)\n", $2));
1475 free(cfg_parser->cfg->nsid_cfg_str);
1476 cfg_parser->cfg->nsid_cfg_str = $2;
1477 free(cfg_parser->cfg->nsid);
1478 cfg_parser->cfg->nsid = NULL;
1479 cfg_parser->cfg->nsid_len = 0;
1480 if (*$2 == 0)
1481 ; /* pass; empty string is not setting nsid */
1482 else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1483 $2, &cfg_parser->cfg->nsid_len)))
1484 yyerror("the NSID must be either a hex string or an "
1485 "ascii character string prepended with ascii_.");
1486 }
1487 ;
1488 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1489 {
1490 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1491 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1492 yyerror("buffer size expected");
1493 free($2);
1494 }
1495 ;
1496 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1497 {
1498 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1499 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1500 yyerror("buffer size expected");
1501 free($2);
1502 }
1503 ;
1504 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1505 {
1506 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1507 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1508 yyerror("expected yes or no.");
1509 else cfg_parser->cfg->so_reuseport =
1510 (strcmp($2, "yes")==0);
1511 free($2);
1512 }
1513 ;
1514 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1515 {
1516 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1517 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1518 yyerror("expected yes or no.");
1519 else cfg_parser->cfg->ip_transparent =
1520 (strcmp($2, "yes")==0);
1521 free($2);
1522 }
1523 ;
1524 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1525 {
1526 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1527 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1528 yyerror("expected yes or no.");
1529 else cfg_parser->cfg->ip_freebind =
1530 (strcmp($2, "yes")==0);
1531 free($2);
1532 }
1533 ;
1534 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1535 {
1536 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1537 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1538 yyerror("number expected");
1539 else if (atoi($2) > 63)
1540 yyerror("value too large (max 63)");
1541 else if (atoi($2) < 0)
1542 yyerror("value too small (min 0)");
1543 else
1544 cfg_parser->cfg->ip_dscp = atoi($2);
1545 free($2);
1546 }
1547 ;
1548 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1549 {
1550 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1551 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1552 yyerror("memory size expected");
1553 free($2);
1554 }
1555 ;
1556 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1557 {
1558 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1559 if(atoi($2) == 0)
1560 yyerror("number expected");
1561 else if (atoi($2) < 12)
1562 yyerror("edns buffer size too small");
1563 else if (atoi($2) > 65535)
1564 cfg_parser->cfg->edns_buffer_size = 65535;
1565 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1566 free($2);
1567 }
1568 ;
1569 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1570 {
1571 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1572 if(atoi($2) == 0)
1573 yyerror("number expected");
1574 else if (atoi($2) < 4096)
1575 yyerror("message buffer size too small (use 4096)");
1576 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1577 free($2);
1578 }
1579 ;
1580 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1581 {
1582 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1583 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1584 yyerror("memory size expected");
1585 free($2);
1586 }
1587 ;
1588 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1589 {
1590 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1591 if(atoi($2) == 0) {
1592 yyerror("number expected");
1593 } else {
1594 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1595 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1596 yyerror("must be a power of 2");
1597 }
1598 free($2);
1599 }
1600 ;
1601 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1602 {
1603 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1604 if(atoi($2) == 0)
1605 yyerror("number expected");
1606 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1607 free($2);
1608 }
1609 ;
1610 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1611 {
1612 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1613 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1614 yyerror("number expected");
1615 else cfg_parser->cfg->jostle_time = atoi($2);
1616 free($2);
1617 }
1618 ;
1619 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1620 {
1621 OUTYY(("P(server_delay_close:%s)\n", $2));
1622 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1623 yyerror("number expected");
1624 else cfg_parser->cfg->delay_close = atoi($2);
1625 free($2);
1626 }
1627 ;
1628 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1629 {
1630 OUTYY(("P(server_udp_connect:%s)\n", $2));
1631 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1632 yyerror("expected yes or no.");
1633 else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1634 free($2);
1635 }
1636 ;
1637 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1638 {
1639 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1640 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1641 yyerror("expected yes or no.");
1642 else cfg_parser->cfg->unblock_lan_zones =
1643 (strcmp($2, "yes")==0);
1644 free($2);
1645 }
1646 ;
1647 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1648 {
1649 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1650 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1651 yyerror("expected yes or no.");
1652 else cfg_parser->cfg->insecure_lan_zones =
1653 (strcmp($2, "yes")==0);
1654 free($2);
1655 }
1656 ;
1657 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1658 {
1659 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1660 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1661 yyerror("memory size expected");
1662 free($2);
1663 }
1664 ;
1665 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1666 {
1667 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1668 if(atoi($2) == 0) {
1669 yyerror("number expected");
1670 } else {
1671 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1672 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1673 yyerror("must be a power of 2");
1674 }
1675 free($2);
1676 }
1677 ;
1678 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1679 {
1680 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1681 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1682 yyerror("number expected");
1683 else cfg_parser->cfg->host_ttl = atoi($2);
1684 free($2);
1685 }
1686 ;
1687 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1688 {
1689 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1690 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1691 "removed, use infra-host-ttl)", $2);
1692 free($2);
1693 }
1694 ;
1695 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1696 {
1697 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1698 if(atoi($2) == 0)
1699 yyerror("number expected");
1700 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1701 free($2);
1702 }
1703 ;
1704 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1705 {
1706 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1707 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1708 "(option removed, use infra-cache-numhosts)", $2);
1709 free($2);
1710 }
1711 ;
1712 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1713 {
1714 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1715 if(atoi($2) == 0) {
1716 yyerror("number expected");
1717 } else {
1718 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1719 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1720 yyerror("must be a power of 2");
1721 }
1722 free($2);
1723 }
1724 ;
1725 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1726 {
1727 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1728 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1729 yyerror("number expected");
1730 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1731 free($2);
1732 }
1733 ;
1734 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1735 {
1736 OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1737 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1738 yyerror("number expected");
1739 else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1740 free($2);
1741 }
1742 ;
1743 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1744 {
1745 OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1746 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1747 yyerror("expected yes or no.");
1748 else cfg_parser->cfg->infra_keep_probing =
1749 (strcmp($2, "yes")==0);
1750 free($2);
1751 }
1752 ;
1753 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1754 {
1755 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1756 free(cfg_parser->cfg->target_fetch_policy);
1757 cfg_parser->cfg->target_fetch_policy = $2;
1758 }
1759 ;
1760 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1761 {
1762 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1763 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1764 yyerror("expected yes or no.");
1765 else cfg_parser->cfg->harden_short_bufsize =
1766 (strcmp($2, "yes")==0);
1767 free($2);
1768 }
1769 ;
1770 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1771 {
1772 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1773 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1774 yyerror("expected yes or no.");
1775 else cfg_parser->cfg->harden_large_queries =
1776 (strcmp($2, "yes")==0);
1777 free($2);
1778 }
1779 ;
1780 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1781 {
1782 OUTYY(("P(server_harden_glue:%s)\n", $2));
1783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1784 yyerror("expected yes or no.");
1785 else cfg_parser->cfg->harden_glue =
1786 (strcmp($2, "yes")==0);
1787 free($2);
1788 }
1789 ;
1790 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1791 {
1792 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1793 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1794 yyerror("expected yes or no.");
1795 else cfg_parser->cfg->harden_dnssec_stripped =
1796 (strcmp($2, "yes")==0);
1797 free($2);
1798 }
1799 ;
1800 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1801 {
1802 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1803 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1804 yyerror("expected yes or no.");
1805 else cfg_parser->cfg->harden_below_nxdomain =
1806 (strcmp($2, "yes")==0);
1807 free($2);
1808 }
1809 ;
1810 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1811 {
1812 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1813 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1814 yyerror("expected yes or no.");
1815 else cfg_parser->cfg->harden_referral_path =
1816 (strcmp($2, "yes")==0);
1817 free($2);
1818 }
1819 ;
1820 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1821 {
1822 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1823 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1824 yyerror("expected yes or no.");
1825 else cfg_parser->cfg->harden_algo_downgrade =
1826 (strcmp($2, "yes")==0);
1827 free($2);
1828 }
1829 ;
1830 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1831 {
1832 OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1833 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1834 yyerror("expected yes or no.");
1835 else cfg_parser->cfg->harden_unknown_additional =
1836 (strcmp($2, "yes")==0);
1837 free($2);
1838 }
1839 ;
1840 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1841 {
1842 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1843 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1844 yyerror("expected yes or no.");
1845 else cfg_parser->cfg->use_caps_bits_for_id =
1846 (strcmp($2, "yes")==0);
1847 free($2);
1848 }
1849 ;
1850 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1851 {
1852 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1853 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1854 yyerror("out of memory");
1855 }
1856 ;
1857 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1858 {
1859 OUTYY(("P(server_private_address:%s)\n", $2));
1860 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1861 yyerror("out of memory");
1862 }
1863 ;
1864 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1865 {
1866 OUTYY(("P(server_private_domain:%s)\n", $2));
1867 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1868 yyerror("out of memory");
1869 }
1870 ;
1871 server_prefetch: VAR_PREFETCH STRING_ARG
1872 {
1873 OUTYY(("P(server_prefetch:%s)\n", $2));
1874 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1875 yyerror("expected yes or no.");
1876 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1877 free($2);
1878 }
1879 ;
1880 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1881 {
1882 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1883 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1884 yyerror("expected yes or no.");
1885 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1886 free($2);
1887 }
1888 ;
1889 server_deny_any: VAR_DENY_ANY STRING_ARG
1890 {
1891 OUTYY(("P(server_deny_any:%s)\n", $2));
1892 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1893 yyerror("expected yes or no.");
1894 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1895 free($2);
1896 }
1897 ;
1898 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1899 {
1900 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1901 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1902 yyerror("number expected");
1903 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1904 free($2);
1905 }
1906 ;
1907 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1908 {
1909 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1910 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1911 yyerror("out of memory");
1912 }
1913 ;
1914 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1915 {
1916 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1917 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1918 yyerror("expected yes or no.");
1919 else cfg_parser->cfg->donotquery_localhost =
1920 (strcmp($2, "yes")==0);
1921 free($2);
1922 }
1923 ;
1924 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1925 {
1926 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1927 validate_acl_action($3);
1928 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1929 fatal_exit("out of memory adding acl");
1930 }
1931 ;
1932 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
1933 {
1934 OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
1935 validate_acl_action($3);
1936 if(!cfg_str2list_insert(
1937 &cfg_parser->cfg->interface_actions, $2, $3))
1938 fatal_exit("out of memory adding acl");
1939 }
1940 ;
1941 server_module_conf: VAR_MODULE_CONF STRING_ARG
1942 {
1943 OUTYY(("P(server_module_conf:%s)\n", $2));
1944 free(cfg_parser->cfg->module_conf);
1945 cfg_parser->cfg->module_conf = $2;
1946 }
1947 ;
1948 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1949 {
1950 OUTYY(("P(server_val_override_date:%s)\n", $2));
1951 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1952 cfg_parser->cfg->val_date_override = 0;
1953 } else if(strlen($2) == 14) {
1954 cfg_parser->cfg->val_date_override =
1955 cfg_convert_timeval($2);
1956 if(!cfg_parser->cfg->val_date_override)
1957 yyerror("bad date/time specification");
1958 } else {
1959 if(atoi($2) == 0)
1960 yyerror("number expected");
1961 cfg_parser->cfg->val_date_override = atoi($2);
1962 }
1963 free($2);
1964 }
1965 ;
1966 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1967 {
1968 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1969 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1970 cfg_parser->cfg->val_sig_skew_min = 0;
1971 } else {
1972 cfg_parser->cfg->val_sig_skew_min = atoi($2);
1973 if(!cfg_parser->cfg->val_sig_skew_min)
1974 yyerror("number expected");
1975 }
1976 free($2);
1977 }
1978 ;
1979 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1980 {
1981 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1982 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1983 cfg_parser->cfg->val_sig_skew_max = 0;
1984 } else {
1985 cfg_parser->cfg->val_sig_skew_max = atoi($2);
1986 if(!cfg_parser->cfg->val_sig_skew_max)
1987 yyerror("number expected");
1988 }
1989 free($2);
1990 }
1991 ;
1992 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1993 {
1994 OUTYY(("P(server_val_max_restart:%s)\n", $2));
1995 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1996 cfg_parser->cfg->val_max_restart = 0;
1997 } else {
1998 cfg_parser->cfg->val_max_restart = atoi($2);
1999 if(!cfg_parser->cfg->val_max_restart)
2000 yyerror("number expected");
2001 }
2002 free($2);
2003 }
2004 ;
2005 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
2006 {
2007 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
2008 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2009 yyerror("number expected");
2010 else cfg_parser->cfg->max_ttl = atoi($2);
2011 free($2);
2012 }
2013 ;
2014 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
2015 {
2016 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2017 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2018 yyerror("number expected");
2019 else cfg_parser->cfg->max_negative_ttl = atoi($2);
2020 free($2);
2021 }
2022 ;
2023 server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG
2024 {
2025 OUTYY(("P(server_cache_min_negative_ttl:%s)\n", $2));
2026 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2027 yyerror("number expected");
2028 else cfg_parser->cfg->min_negative_ttl = atoi($2);
2029 free($2);
2030 }
2031 ;
2032 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2033 {
2034 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2035 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2036 yyerror("number expected");
2037 else cfg_parser->cfg->min_ttl = atoi($2);
2038 free($2);
2039 }
2040 ;
2041 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2042 {
2043 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2044 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2045 yyerror("number expected");
2046 else cfg_parser->cfg->bogus_ttl = atoi($2);
2047 free($2);
2048 }
2049 ;
2050 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2051 {
2052 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2053 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2054 yyerror("expected yes or no.");
2055 else cfg_parser->cfg->val_clean_additional =
2056 (strcmp($2, "yes")==0);
2057 free($2);
2058 }
2059 ;
2060 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2061 {
2062 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2063 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2064 yyerror("expected yes or no.");
2065 else cfg_parser->cfg->val_permissive_mode =
2066 (strcmp($2, "yes")==0);
2067 free($2);
2068 }
2069 ;
2070 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2071 {
2072 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2073 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2074 yyerror("expected yes or no.");
2075 else
2076 cfg_parser->cfg->aggressive_nsec =
2077 (strcmp($2, "yes")==0);
2078 free($2);
2079 }
2080 ;
2081 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2082 {
2083 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2084 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2085 yyerror("expected yes or no.");
2086 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2087 free($2);
2088 }
2089 ;
2090 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2091 {
2092 OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2093 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2094 yyerror("expected yes or no.");
2095 else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2096 free($2);
2097 }
2098 ;
2099 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2100 {
2101 OUTYY(("P(server_serve_expired:%s)\n", $2));
2102 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2103 yyerror("expected yes or no.");
2104 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2105 free($2);
2106 }
2107 ;
2108 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2109 {
2110 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2111 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2112 yyerror("number expected");
2113 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2114 free($2);
2115 }
2116 ;
2117 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2118 {
2119 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2120 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2121 yyerror("expected yes or no.");
2122 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2123 free($2);
2124 }
2125 ;
2126 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2127 {
2128 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2129 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2130 yyerror("number expected");
2131 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2132 free($2);
2133 }
2134 ;
2135 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2136 {
2137 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2138 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2139 yyerror("number expected");
2140 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2141 free($2);
2142 }
2143 ;
2144 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2145 {
2146 OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2147 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2148 yyerror("expected yes or no.");
2149 else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2150 free($2);
2151 }
2152 ;
2153 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2154 {
2155 OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2156 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2157 yyerror("expected yes or no.");
2158 else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2159 free($2);
2160 }
2161 ;
2162 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2163 {
2164 OUTYY(("P(server_fake_dsa:%s)\n", $2));
2165 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2166 yyerror("expected yes or no.");
2167 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2168 else fake_dsa = (strcmp($2, "yes")==0);
2169 if(fake_dsa)
2170 log_warn("test option fake_dsa is enabled");
2171 #endif
2172 free($2);
2173 }
2174 ;
2175 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2176 {
2177 OUTYY(("P(server_fake_sha1:%s)\n", $2));
2178 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2179 yyerror("expected yes or no.");
2180 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2181 else fake_sha1 = (strcmp($2, "yes")==0);
2182 if(fake_sha1)
2183 log_warn("test option fake_sha1 is enabled");
2184 #endif
2185 free($2);
2186 }
2187 ;
2188 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2189 {
2190 OUTYY(("P(server_val_log_level:%s)\n", $2));
2191 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2192 yyerror("number expected");
2193 else cfg_parser->cfg->val_log_level = atoi($2);
2194 free($2);
2195 }
2196 ;
2197 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2198 {
2199 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2200 free(cfg_parser->cfg->val_nsec3_key_iterations);
2201 cfg_parser->cfg->val_nsec3_key_iterations = $2;
2202 }
2203 ;
2204 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2205 {
2206 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2207 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2208 yyerror("expected yes or no.");
2209 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2210 free($2);
2211 }
2212 ;
2213 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2214 {
2215 OUTYY(("P(server_add_holddown:%s)\n", $2));
2216 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2217 yyerror("number expected");
2218 else cfg_parser->cfg->add_holddown = atoi($2);
2219 free($2);
2220 }
2221 ;
2222 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2223 {
2224 OUTYY(("P(server_del_holddown:%s)\n", $2));
2225 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2226 yyerror("number expected");
2227 else cfg_parser->cfg->del_holddown = atoi($2);
2228 free($2);
2229 }
2230 ;
2231 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2232 {
2233 OUTYY(("P(server_keep_missing:%s)\n", $2));
2234 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2235 yyerror("number expected");
2236 else cfg_parser->cfg->keep_missing = atoi($2);
2237 free($2);
2238 }
2239 ;
2240 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2241 {
2242 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2243 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2244 yyerror("expected yes or no.");
2245 else cfg_parser->cfg->permit_small_holddown =
2246 (strcmp($2, "yes")==0);
2247 free($2);
2248 }
2249 ;
2250 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2251 {
2252 OUTYY(("P(server_key_cache_size:%s)\n", $2));
2253 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2254 yyerror("memory size expected");
2255 free($2);
2256 }
2257 ;
2258 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2259 {
2260 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2261 if(atoi($2) == 0) {
2262 yyerror("number expected");
2263 } else {
2264 cfg_parser->cfg->key_cache_slabs = atoi($2);
2265 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2266 yyerror("must be a power of 2");
2267 }
2268 free($2);
2269 }
2270 ;
2271 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2272 {
2273 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2274 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2275 yyerror("memory size expected");
2276 free($2);
2277 }
2278 ;
2279 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2280 {
2281 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2282 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2283 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2284 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2285 && strcmp($3, "typetransparent")!=0
2286 && strcmp($3, "always_transparent")!=0
2287 && strcmp($3, "block_a")!=0
2288 && strcmp($3, "always_refuse")!=0
2289 && strcmp($3, "always_nxdomain")!=0
2290 && strcmp($3, "always_nodata")!=0
2291 && strcmp($3, "always_deny")!=0
2292 && strcmp($3, "always_null")!=0
2293 && strcmp($3, "noview")!=0
2294 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2295 && strcmp($3, "inform_redirect") != 0
2296 && strcmp($3, "ipset") != 0) {
2297 yyerror("local-zone type: expected static, deny, "
2298 "refuse, redirect, transparent, "
2299 "typetransparent, inform, inform_deny, "
2300 "inform_redirect, always_transparent, block_a,"
2301 "always_refuse, always_nxdomain, "
2302 "always_nodata, always_deny, always_null, "
2303 "noview, nodefault or ipset");
2304 free($2);
2305 free($3);
2306 } else if(strcmp($3, "nodefault")==0) {
2307 if(!cfg_strlist_insert(&cfg_parser->cfg->
2308 local_zones_nodefault, $2))
2309 fatal_exit("out of memory adding local-zone");
2310 free($3);
2311 #ifdef USE_IPSET
2312 } else if(strcmp($3, "ipset")==0) {
2313 size_t len = strlen($2);
2314 /* Make sure to add the trailing dot.
2315 * These are str compared to domain names. */
2316 if($2[len-1] != '.') {
2317 if(!($2 = realloc($2, len+2))) {
2318 fatal_exit("out of memory adding local-zone");
2319 }
2320 $2[len] = '.';
2321 $2[len+1] = 0;
2322 }
2323 if(!cfg_strlist_insert(&cfg_parser->cfg->
2324 local_zones_ipset, $2))
2325 fatal_exit("out of memory adding local-zone");
2326 free($3);
2327 #endif
2328 } else {
2329 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2330 $2, $3))
2331 fatal_exit("out of memory adding local-zone");
2332 }
2333 }
2334 ;
2335 server_local_data: VAR_LOCAL_DATA STRING_ARG
2336 {
2337 OUTYY(("P(server_local_data:%s)\n", $2));
2338 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2339 fatal_exit("out of memory adding local-data");
2340 }
2341 ;
2342 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2343 {
2344 char* ptr;
2345 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2346 ptr = cfg_ptr_reverse($2);
2347 free($2);
2348 if(ptr) {
2349 if(!cfg_strlist_insert(&cfg_parser->cfg->
2350 local_data, ptr))
2351 fatal_exit("out of memory adding local-data");
2352 } else {
2353 yyerror("local-data-ptr could not be reversed");
2354 }
2355 }
2356 ;
2357 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2358 {
2359 OUTYY(("P(server_minimal_responses:%s)\n", $2));
2360 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2361 yyerror("expected yes or no.");
2362 else cfg_parser->cfg->minimal_responses =
2363 (strcmp($2, "yes")==0);
2364 free($2);
2365 }
2366 ;
2367 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2368 {
2369 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2370 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2371 yyerror("expected yes or no.");
2372 else cfg_parser->cfg->rrset_roundrobin =
2373 (strcmp($2, "yes")==0);
2374 free($2);
2375 }
2376 ;
2377 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2378 {
2379 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2380 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2381 free($2);
2382 }
2383 ;
2384 server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG
2385 {
2386 OUTYY(("P(server_discard_timeout:%s)\n", $2));
2387 cfg_parser->cfg->discard_timeout = atoi($2);
2388 free($2);
2389 }
2390 ;
2391 server_wait_limit: VAR_WAIT_LIMIT STRING_ARG
2392 {
2393 OUTYY(("P(server_wait_limit:%s)\n", $2));
2394 cfg_parser->cfg->wait_limit = atoi($2);
2395 free($2);
2396 }
2397 ;
2398 server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG
2399 {
2400 OUTYY(("P(server_wait_limit_cookie:%s)\n", $2));
2401 cfg_parser->cfg->wait_limit_cookie = atoi($2);
2402 free($2);
2403 }
2404 ;
2405 server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG
2406 {
2407 OUTYY(("P(server_wait_limit_netblock:%s %s)\n", $2, $3));
2408 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2409 yyerror("number expected");
2410 free($2);
2411 free($3);
2412 } else {
2413 if(!cfg_str2list_insert(&cfg_parser->cfg->
2414 wait_limit_netblock, $2, $3))
2415 fatal_exit("out of memory adding "
2416 "wait-limit-netblock");
2417 }
2418 }
2419 ;
2420 server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG
2421 {
2422 OUTYY(("P(server_wait_limit_cookie_netblock:%s %s)\n", $2, $3));
2423 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2424 yyerror("number expected");
2425 free($2);
2426 free($3);
2427 } else {
2428 if(!cfg_str2list_insert(&cfg_parser->cfg->
2429 wait_limit_cookie_netblock, $2, $3))
2430 fatal_exit("out of memory adding "
2431 "wait-limit-cookie-netblock");
2432 }
2433 }
2434 ;
2435 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2436 {
2437 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2438 cfg_parser->cfg->max_udp_size = atoi($2);
2439 free($2);
2440 }
2441 ;
2442 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2443 {
2444 OUTYY(("P(dns64_prefix:%s)\n", $2));
2445 free(cfg_parser->cfg->dns64_prefix);
2446 cfg_parser->cfg->dns64_prefix = $2;
2447 }
2448 ;
2449 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2450 {
2451 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2452 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2453 yyerror("expected yes or no.");
2454 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2455 free($2);
2456 }
2457 ;
2458 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2459 {
2460 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2461 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2462 $2))
2463 fatal_exit("out of memory adding dns64-ignore-aaaa");
2464 }
2465 ;
2466 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2467 {
2468 OUTYY(("P(nat64_prefix:%s)\n", $2));
2469 free(cfg_parser->cfg->nat64_prefix);
2470 cfg_parser->cfg->nat64_prefix = $2;
2471 }
2472 ;
2473 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2474 {
2475 char* p, *s = $2;
2476 OUTYY(("P(server_define_tag:%s)\n", $2));
2477 while((p=strsep(&s, " \t\n")) != NULL) {
2478 if(*p) {
2479 if(!config_add_tag(cfg_parser->cfg, p))
2480 yyerror("could not define-tag, "
2481 "out of memory");
2482 }
2483 }
2484 free($2);
2485 }
2486 ;
2487 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2488 {
2489 size_t len = 0;
2490 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2491 &len);
2492 free($3);
2493 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2494 if(!bitlist) {
2495 yyerror("could not parse tags, (define-tag them first)");
2496 free($2);
2497 }
2498 if(bitlist) {
2499 if(!cfg_strbytelist_insert(
2500 &cfg_parser->cfg->local_zone_tags,
2501 $2, bitlist, len)) {
2502 yyerror("out of memory");
2503 free($2);
2504 }
2505 }
2506 }
2507 ;
2508 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2509 {
2510 size_t len = 0;
2511 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2512 &len);
2513 free($3);
2514 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2515 if(!bitlist) {
2516 yyerror("could not parse tags, (define-tag them first)");
2517 free($2);
2518 }
2519 if(bitlist) {
2520 if(!cfg_strbytelist_insert(
2521 &cfg_parser->cfg->acl_tags,
2522 $2, bitlist, len)) {
2523 yyerror("out of memory");
2524 free($2);
2525 }
2526 }
2527 }
2528 ;
2529 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2530 {
2531 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2532 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2533 $2, $3, $4)) {
2534 yyerror("out of memory");
2535 free($2);
2536 free($3);
2537 free($4);
2538 }
2539 }
2540 ;
2541 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2542 {
2543 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2544 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2545 $2, $3, $4)) {
2546 yyerror("out of memory");
2547 free($2);
2548 free($3);
2549 free($4);
2550 }
2551 }
2552 ;
2553 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2554 {
2555 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2556 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2557 $2, $3, $4)) {
2558 yyerror("out of memory");
2559 free($2);
2560 free($3);
2561 free($4);
2562 }
2563 }
2564 ;
2565 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2566 {
2567 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2568 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2569 $2, $3)) {
2570 yyerror("out of memory");
2571 }
2572 }
2573 ;
2574 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2575 {
2576 size_t len = 0;
2577 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2578 &len);
2579 free($3);
2580 OUTYY(("P(server_interface_tag:%s)\n", $2));
2581 if(!bitlist) {
2582 yyerror("could not parse tags, (define-tag them first)");
2583 free($2);
2584 }
2585 if(bitlist) {
2586 if(!cfg_strbytelist_insert(
2587 &cfg_parser->cfg->interface_tags,
2588 $2, bitlist, len)) {
2589 yyerror("out of memory");
2590 free($2);
2591 }
2592 }
2593 }
2594 ;
2595 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2596 {
2597 OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2598 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2599 $2, $3, $4)) {
2600 yyerror("out of memory");
2601 free($2);
2602 free($3);
2603 free($4);
2604 }
2605 }
2606 ;
2607 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2608 {
2609 OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2610 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2611 $2, $3, $4)) {
2612 yyerror("out of memory");
2613 free($2);
2614 free($3);
2615 free($4);
2616 }
2617 }
2618 ;
2619 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2620 {
2621 OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2622 if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2623 $2, $3)) {
2624 yyerror("out of memory");
2625 }
2626 }
2627 ;
2628 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2629 {
2630 size_t len = 0;
2631 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2632 &len);
2633 free($3);
2634 OUTYY(("P(response_ip_tag:%s)\n", $2));
2635 if(!bitlist) {
2636 yyerror("could not parse tags, (define-tag them first)");
2637 free($2);
2638 }
2639 if(bitlist) {
2640 if(!cfg_strbytelist_insert(
2641 &cfg_parser->cfg->respip_tags,
2642 $2, bitlist, len)) {
2643 yyerror("out of memory");
2644 free($2);
2645 }
2646 }
2647 }
2648 ;
2649 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2650 {
2651 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2652 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2653 yyerror("number expected");
2654 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2655 free($2);
2656 }
2657 ;
2658 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2659 {
2660 OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2661 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2662 yyerror("number expected");
2663 else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2664 free($2);
2665 }
2666 ;
2667 server_ratelimit: VAR_RATELIMIT STRING_ARG
2668 {
2669 OUTYY(("P(server_ratelimit:%s)\n", $2));
2670 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2671 yyerror("number expected");
2672 else cfg_parser->cfg->ratelimit = atoi($2);
2673 free($2);
2674 }
2675 ;
2676 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2677 {
2678 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2679 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2680 yyerror("memory size expected");
2681 free($2);
2682 }
2683 ;
2684 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2685 {
2686 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2687 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2688 yyerror("memory size expected");
2689 free($2);
2690 }
2691 ;
2692 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2693 {
2694 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2695 if(atoi($2) == 0) {
2696 yyerror("number expected");
2697 } else {
2698 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2699 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2700 yyerror("must be a power of 2");
2701 }
2702 free($2);
2703 }
2704 ;
2705 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2706 {
2707 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2708 if(atoi($2) == 0) {
2709 yyerror("number expected");
2710 } else {
2711 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2712 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2713 yyerror("must be a power of 2");
2714 }
2715 free($2);
2716 }
2717 ;
2718 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2719 {
2720 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2721 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2722 yyerror("number expected");
2723 free($2);
2724 free($3);
2725 } else {
2726 if(!cfg_str2list_insert(&cfg_parser->cfg->
2727 ratelimit_for_domain, $2, $3))
2728 fatal_exit("out of memory adding "
2729 "ratelimit-for-domain");
2730 }
2731 }
2732 ;
2733 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2734 {
2735 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2736 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2737 yyerror("number expected");
2738 free($2);
2739 free($3);
2740 } else {
2741 if(!cfg_str2list_insert(&cfg_parser->cfg->
2742 ratelimit_below_domain, $2, $3))
2743 fatal_exit("out of memory adding "
2744 "ratelimit-below-domain");
2745 }
2746 }
2747 ;
2748 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2749 {
2750 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2751 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2752 yyerror("number expected");
2753 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2754 free($2);
2755 }
2756 ;
2757 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2758 {
2759 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2760 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2761 yyerror("number expected");
2762 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2763 free($2);
2764 }
2765 ;
2766 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2767 {
2768 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2769 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2770 yyerror("expected yes or no.");
2771 else cfg_parser->cfg->ip_ratelimit_backoff =
2772 (strcmp($2, "yes")==0);
2773 free($2);
2774 }
2775 ;
2776 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2777 {
2778 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2779 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2780 yyerror("expected yes or no.");
2781 else cfg_parser->cfg->ratelimit_backoff =
2782 (strcmp($2, "yes")==0);
2783 free($2);
2784 }
2785 ;
2786 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2787 {
2788 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2789 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2790 yyerror("number expected");
2791 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2792 free($2);
2793 }
2794 ;
2795 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2796 {
2797 OUTYY(("P(server_max_sent_count:%s)\n", $2));
2798 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2799 yyerror("number expected");
2800 else cfg_parser->cfg->max_sent_count = atoi($2);
2801 free($2);
2802 }
2803 ;
2804 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2805 {
2806 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2807 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2808 yyerror("number expected");
2809 else cfg_parser->cfg->max_query_restarts = atoi($2);
2810 free($2);
2811 }
2812 ;
2813 server_low_rtt: VAR_LOW_RTT STRING_ARG
2814 {
2815 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2816 free($2);
2817 }
2818 ;
2819 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2820 {
2821 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2822 if(atoi($2) <= 0)
2823 yyerror("number expected");
2824 else cfg_parser->cfg->fast_server_num = atoi($2);
2825 free($2);
2826 }
2827 ;
2828 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2829 {
2830 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2831 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2832 yyerror("number expected");
2833 else cfg_parser->cfg->fast_server_permil = atoi($2);
2834 free($2);
2835 }
2836 ;
2837 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2838 {
2839 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2840 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2841 yyerror("expected yes or no.");
2842 else cfg_parser->cfg->qname_minimisation =
2843 (strcmp($2, "yes")==0);
2844 free($2);
2845 }
2846 ;
2847 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2848 {
2849 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2850 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2851 yyerror("expected yes or no.");
2852 else cfg_parser->cfg->qname_minimisation_strict =
2853 (strcmp($2, "yes")==0);
2854 free($2);
2855 }
2856 ;
2857 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2858 {
2859 OUTYY(("P(server_pad_responses:%s)\n", $2));
2860 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2861 yyerror("expected yes or no.");
2862 else cfg_parser->cfg->pad_responses =
2863 (strcmp($2, "yes")==0);
2864 free($2);
2865 }
2866 ;
2867 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2868 {
2869 OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2870 if(atoi($2) == 0)
2871 yyerror("number expected");
2872 else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2873 free($2);
2874 }
2875 ;
2876 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2877 {
2878 OUTYY(("P(server_pad_queries:%s)\n", $2));
2879 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2880 yyerror("expected yes or no.");
2881 else cfg_parser->cfg->pad_queries =
2882 (strcmp($2, "yes")==0);
2883 free($2);
2884 }
2885 ;
2886 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2887 {
2888 OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2889 if(atoi($2) == 0)
2890 yyerror("number expected");
2891 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2892 free($2);
2893 }
2894 ;
2895 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2896 {
2897 #ifdef USE_IPSECMOD
2898 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2899 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2900 yyerror("expected yes or no.");
2901 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2902 #else
2903 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2904 #endif
2905 free($2);
2906 }
2907 ;
2908 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2909 {
2910 #ifdef USE_IPSECMOD
2911 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2912 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2913 yyerror("expected yes or no.");
2914 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2915 #else
2916 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2917 #endif
2918 free($2);
2919 }
2920 ;
2921 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2922 {
2923 #ifdef USE_IPSECMOD
2924 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2925 free(cfg_parser->cfg->ipsecmod_hook);
2926 cfg_parser->cfg->ipsecmod_hook = $2;
2927 #else
2928 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2929 free($2);
2930 #endif
2931 }
2932 ;
2933 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2934 {
2935 #ifdef USE_IPSECMOD
2936 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2937 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2938 yyerror("number expected");
2939 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2940 free($2);
2941 #else
2942 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2943 free($2);
2944 #endif
2945 }
2946 ;
2947 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2948 {
2949 #ifdef USE_IPSECMOD
2950 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2951 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2952 yyerror("out of memory");
2953 #else
2954 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2955 free($2);
2956 #endif
2957 }
2958 ;
2959 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2960 {
2961 #ifdef USE_IPSECMOD
2962 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2963 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2964 yyerror("expected yes or no.");
2965 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2966 free($2);
2967 #else
2968 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2969 free($2);
2970 #endif
2971 }
2972 ;
2973 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2974 {
2975 OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2976 if(!cfg_str2list_insert(
2977 &cfg_parser->cfg->edns_client_strings, $2, $3))
2978 fatal_exit("out of memory adding "
2979 "edns-client-string");
2980 }
2981 ;
2982 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2983 {
2984 OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2985 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2986 yyerror("option code expected");
2987 else if(atoi($2) > 65535 || atoi($2) < 0)
2988 yyerror("option code must be in interval [0, 65535]");
2989 else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2990 free($2);
2991 }
2992 ;
2993 server_ede: VAR_EDE STRING_ARG
2994 {
2995 OUTYY(("P(server_ede:%s)\n", $2));
2996 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2997 yyerror("expected yes or no.");
2998 else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2999 free($2);
3000 }
3001 ;
3002 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
3003 {
3004 OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
3005 if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
3006 yyerror("out of memory");
3007 }
3008 ;
3009 stub_name: VAR_NAME STRING_ARG
3010 {
3011 OUTYY(("P(name:%s)\n", $2));
3012 if(cfg_parser->cfg->stubs->name)
3013 yyerror("stub name override, there must be one name "
3014 "for one stub-zone");
3015 free(cfg_parser->cfg->stubs->name);
3016 cfg_parser->cfg->stubs->name = $2;
3017 }
3018 ;
3019 stub_host: VAR_STUB_HOST STRING_ARG
3020 {
3021 OUTYY(("P(stub-host:%s)\n", $2));
3022 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
3023 yyerror("out of memory");
3024 }
3025 ;
3026 stub_addr: VAR_STUB_ADDR STRING_ARG
3027 {
3028 OUTYY(("P(stub-addr:%s)\n", $2));
3029 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
3030 yyerror("out of memory");
3031 }
3032 ;
3033 stub_first: VAR_STUB_FIRST STRING_ARG
3034 {
3035 OUTYY(("P(stub-first:%s)\n", $2));
3036 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3037 yyerror("expected yes or no.");
3038 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
3039 free($2);
3040 }
3041 ;
3042 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
3043 {
3044 OUTYY(("P(stub-no-cache:%s)\n", $2));
3045 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3046 yyerror("expected yes or no.");
3047 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
3048 free($2);
3049 }
3050 ;
3051 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
3052 {
3053 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
3054 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3055 yyerror("expected yes or no.");
3056 else cfg_parser->cfg->stubs->ssl_upstream =
3057 (strcmp($2, "yes")==0);
3058 free($2);
3059 }
3060 ;
3061 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
3062 {
3063 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
3064 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3065 yyerror("expected yes or no.");
3066 else cfg_parser->cfg->stubs->tcp_upstream =
3067 (strcmp($2, "yes")==0);
3068 free($2);
3069 }
3070 ;
3071 stub_prime: VAR_STUB_PRIME STRING_ARG
3072 {
3073 OUTYY(("P(stub-prime:%s)\n", $2));
3074 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3075 yyerror("expected yes or no.");
3076 else cfg_parser->cfg->stubs->isprime =
3077 (strcmp($2, "yes")==0);
3078 free($2);
3079 }
3080 ;
3081 forward_name: VAR_NAME STRING_ARG
3082 {
3083 OUTYY(("P(name:%s)\n", $2));
3084 if(cfg_parser->cfg->forwards->name)
3085 yyerror("forward name override, there must be one "
3086 "name for one forward-zone");
3087 free(cfg_parser->cfg->forwards->name);
3088 cfg_parser->cfg->forwards->name = $2;
3089 }
3090 ;
3091 forward_host: VAR_FORWARD_HOST STRING_ARG
3092 {
3093 OUTYY(("P(forward-host:%s)\n", $2));
3094 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3095 yyerror("out of memory");
3096 }
3097 ;
3098 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3099 {
3100 OUTYY(("P(forward-addr:%s)\n", $2));
3101 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3102 yyerror("out of memory");
3103 }
3104 ;
3105 forward_first: VAR_FORWARD_FIRST STRING_ARG
3106 {
3107 OUTYY(("P(forward-first:%s)\n", $2));
3108 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3109 yyerror("expected yes or no.");
3110 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3111 free($2);
3112 }
3113 ;
3114 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3115 {
3116 OUTYY(("P(forward-no-cache:%s)\n", $2));
3117 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3118 yyerror("expected yes or no.");
3119 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3120 free($2);
3121 }
3122 ;
3123 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3124 {
3125 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3126 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3127 yyerror("expected yes or no.");
3128 else cfg_parser->cfg->forwards->ssl_upstream =
3129 (strcmp($2, "yes")==0);
3130 free($2);
3131 }
3132 ;
3133 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3134 {
3135 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3136 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3137 yyerror("expected yes or no.");
3138 else cfg_parser->cfg->forwards->tcp_upstream =
3139 (strcmp($2, "yes")==0);
3140 free($2);
3141 }
3142 ;
3143 auth_name: VAR_NAME STRING_ARG
3144 {
3145 OUTYY(("P(name:%s)\n", $2));
3146 if(cfg_parser->cfg->auths->name)
3147 yyerror("auth name override, there must be one name "
3148 "for one auth-zone");
3149 free(cfg_parser->cfg->auths->name);
3150 cfg_parser->cfg->auths->name = $2;
3151 }
3152 ;
3153 auth_zonefile: VAR_ZONEFILE STRING_ARG
3154 {
3155 OUTYY(("P(zonefile:%s)\n", $2));
3156 free(cfg_parser->cfg->auths->zonefile);
3157 cfg_parser->cfg->auths->zonefile = $2;
3158 }
3159 ;
3160 auth_master: VAR_MASTER STRING_ARG
3161 {
3162 OUTYY(("P(master:%s)\n", $2));
3163 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3164 yyerror("out of memory");
3165 }
3166 ;
3167 auth_url: VAR_URL STRING_ARG
3168 {
3169 OUTYY(("P(url:%s)\n", $2));
3170 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3171 yyerror("out of memory");
3172 }
3173 ;
3174 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3175 {
3176 OUTYY(("P(allow-notify:%s)\n", $2));
3177 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3178 $2))
3179 yyerror("out of memory");
3180 }
3181 ;
3182 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3183 {
3184 OUTYY(("P(zonemd-check:%s)\n", $2));
3185 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3186 yyerror("expected yes or no.");
3187 else cfg_parser->cfg->auths->zonemd_check =
3188 (strcmp($2, "yes")==0);
3189 free($2);
3190 }
3191 ;
3192 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3193 {
3194 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3195 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3196 yyerror("expected yes or no.");
3197 else cfg_parser->cfg->auths->zonemd_reject_absence =
3198 (strcmp($2, "yes")==0);
3199 free($2);
3200 }
3201 ;
3202 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3203 {
3204 OUTYY(("P(for-downstream:%s)\n", $2));
3205 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3206 yyerror("expected yes or no.");
3207 else cfg_parser->cfg->auths->for_downstream =
3208 (strcmp($2, "yes")==0);
3209 free($2);
3210 }
3211 ;
3212 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3213 {
3214 OUTYY(("P(for-upstream:%s)\n", $2));
3215 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3216 yyerror("expected yes or no.");
3217 else cfg_parser->cfg->auths->for_upstream =
3218 (strcmp($2, "yes")==0);
3219 free($2);
3220 }
3221 ;
3222 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3223 {
3224 OUTYY(("P(fallback-enabled:%s)\n", $2));
3225 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3226 yyerror("expected yes or no.");
3227 else cfg_parser->cfg->auths->fallback_enabled =
3228 (strcmp($2, "yes")==0);
3229 free($2);
3230 }
3231 ;
3232 view_name: VAR_NAME STRING_ARG
3233 {
3234 OUTYY(("P(name:%s)\n", $2));
3235 if(cfg_parser->cfg->views->name)
3236 yyerror("view name override, there must be one "
3237 "name for one view");
3238 free(cfg_parser->cfg->views->name);
3239 cfg_parser->cfg->views->name = $2;
3240 }
3241 ;
3242 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3243 {
3244 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3245 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3246 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3247 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3248 && strcmp($3, "typetransparent")!=0
3249 && strcmp($3, "always_transparent")!=0
3250 && strcmp($3, "always_refuse")!=0
3251 && strcmp($3, "always_nxdomain")!=0
3252 && strcmp($3, "always_nodata")!=0
3253 && strcmp($3, "always_deny")!=0
3254 && strcmp($3, "always_null")!=0
3255 && strcmp($3, "noview")!=0
3256 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3257 && strcmp($3, "inform_redirect") != 0
3258 && strcmp($3, "ipset") != 0) {
3259 yyerror("local-zone type: expected static, deny, "
3260 "refuse, redirect, transparent, "
3261 "typetransparent, inform, inform_deny, "
3262 "inform_redirect, always_transparent, "
3263 "always_refuse, always_nxdomain, "
3264 "always_nodata, always_deny, always_null, "
3265 "noview, nodefault or ipset");
3266 free($2);
3267 free($3);
3268 } else if(strcmp($3, "nodefault")==0) {
3269 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3270 local_zones_nodefault, $2))
3271 fatal_exit("out of memory adding local-zone");
3272 free($3);
3273 #ifdef USE_IPSET
3274 } else if(strcmp($3, "ipset")==0) {
3275 size_t len = strlen($2);
3276 /* Make sure to add the trailing dot.
3277 * These are str compared to domain names. */
3278 if($2[len-1] != '.') {
3279 if(!($2 = realloc($2, len+2))) {
3280 fatal_exit("out of memory adding local-zone");
3281 }
3282 $2[len] = '.';
3283 $2[len+1] = 0;
3284 }
3285 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3286 local_zones_ipset, $2))
3287 fatal_exit("out of memory adding local-zone");
3288 free($3);
3289 #endif
3290 } else {
3291 if(!cfg_str2list_insert(
3292 &cfg_parser->cfg->views->local_zones,
3293 $2, $3))
3294 fatal_exit("out of memory adding local-zone");
3295 }
3296 }
3297 ;
3298 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3299 {
3300 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3301 validate_respip_action($3);
3302 if(!cfg_str2list_insert(
3303 &cfg_parser->cfg->views->respip_actions, $2, $3))
3304 fatal_exit("out of memory adding per-view "
3305 "response-ip action");
3306 }
3307 ;
3308 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3309 {
3310 OUTYY(("P(view_response_ip_data:%s)\n", $2));
3311 if(!cfg_str2list_insert(
3312 &cfg_parser->cfg->views->respip_data, $2, $3))
3313 fatal_exit("out of memory adding response-ip-data");
3314 }
3315 ;
3316 view_local_data: VAR_LOCAL_DATA STRING_ARG
3317 {
3318 OUTYY(("P(view_local_data:%s)\n", $2));
3319 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3320 fatal_exit("out of memory adding local-data");
3321 }
3322 }
3323 ;
3324 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3325 {
3326 char* ptr;
3327 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3328 ptr = cfg_ptr_reverse($2);
3329 free($2);
3330 if(ptr) {
3331 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3332 local_data, ptr))
3333 fatal_exit("out of memory adding local-data");
3334 } else {
3335 yyerror("local-data-ptr could not be reversed");
3336 }
3337 }
3338 ;
3339 view_first: VAR_VIEW_FIRST STRING_ARG
3340 {
3341 OUTYY(("P(view-first:%s)\n", $2));
3342 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3343 yyerror("expected yes or no.");
3344 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3345 free($2);
3346 }
3347 ;
3348 rcstart: VAR_REMOTE_CONTROL
3349 {
3350 OUTYY(("\nP(remote-control:)\n"));
3351 cfg_parser->started_toplevel = 1;
3352 }
3353 ;
3354 contents_rc: contents_rc content_rc
3355 | ;
3356 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3357 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3358 rc_control_cert_file | rc_control_use_cert
3359 ;
3360 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3361 {
3362 OUTYY(("P(control_enable:%s)\n", $2));
3363 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3364 yyerror("expected yes or no.");
3365 else cfg_parser->cfg->remote_control_enable =
3366 (strcmp($2, "yes")==0);
3367 free($2);
3368 }
3369 ;
3370 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3371 {
3372 OUTYY(("P(control_port:%s)\n", $2));
3373 if(atoi($2) == 0)
3374 yyerror("control port number expected");
3375 else cfg_parser->cfg->control_port = atoi($2);
3376 free($2);
3377 }
3378 ;
3379 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3380 {
3381 OUTYY(("P(control_interface:%s)\n", $2));
3382 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3383 yyerror("out of memory");
3384 }
3385 ;
3386 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3387 {
3388 OUTYY(("P(control_use_cert:%s)\n", $2));
3389 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3390 free($2);
3391 }
3392 ;
3393 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3394 {
3395 OUTYY(("P(rc_server_key_file:%s)\n", $2));
3396 free(cfg_parser->cfg->server_key_file);
3397 cfg_parser->cfg->server_key_file = $2;
3398 }
3399 ;
3400 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3401 {
3402 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3403 free(cfg_parser->cfg->server_cert_file);
3404 cfg_parser->cfg->server_cert_file = $2;
3405 }
3406 ;
3407 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3408 {
3409 OUTYY(("P(rc_control_key_file:%s)\n", $2));
3410 free(cfg_parser->cfg->control_key_file);
3411 cfg_parser->cfg->control_key_file = $2;
3412 }
3413 ;
3414 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3415 {
3416 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3417 free(cfg_parser->cfg->control_cert_file);
3418 cfg_parser->cfg->control_cert_file = $2;
3419 }
3420 ;
3421 dtstart: VAR_DNSTAP
3422 {
3423 OUTYY(("\nP(dnstap:)\n"));
3424 cfg_parser->started_toplevel = 1;
3425 }
3426 ;
3427 contents_dt: contents_dt content_dt
3428 | ;
3429 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3430 dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3431 dt_dnstap_tls_cert_bundle |
3432 dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3433 dt_dnstap_send_identity | dt_dnstap_send_version |
3434 dt_dnstap_identity | dt_dnstap_version |
3435 dt_dnstap_log_resolver_query_messages |
3436 dt_dnstap_log_resolver_response_messages |
3437 dt_dnstap_log_client_query_messages |
3438 dt_dnstap_log_client_response_messages |
3439 dt_dnstap_log_forwarder_query_messages |
3440 dt_dnstap_log_forwarder_response_messages
3441 ;
3442 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3443 {
3444 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3445 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3446 yyerror("expected yes or no.");
3447 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3448 free($2);
3449 }
3450 ;
3451 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3452 {
3453 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3454 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3455 yyerror("expected yes or no.");
3456 else cfg_parser->cfg->dnstap_bidirectional =
3457 (strcmp($2, "yes")==0);
3458 free($2);
3459 }
3460 ;
3461 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3462 {
3463 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3464 free(cfg_parser->cfg->dnstap_socket_path);
3465 cfg_parser->cfg->dnstap_socket_path = $2;
3466 }
3467 ;
3468 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3469 {
3470 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3471 free(cfg_parser->cfg->dnstap_ip);
3472 cfg_parser->cfg->dnstap_ip = $2;
3473 }
3474 ;
3475 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3476 {
3477 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3478 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3479 yyerror("expected yes or no.");
3480 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3481 free($2);
3482 }
3483 ;
3484 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3485 {
3486 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3487 free(cfg_parser->cfg->dnstap_tls_server_name);
3488 cfg_parser->cfg->dnstap_tls_server_name = $2;
3489 }
3490 ;
3491 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3492 {
3493 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3494 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3495 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3496 }
3497 ;
3498 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3499 {
3500 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3501 free(cfg_parser->cfg->dnstap_tls_client_key_file);
3502 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3503 }
3504 ;
3505 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3506 {
3507 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3508 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3509 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3510 }
3511 ;
3512 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3513 {
3514 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3515 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3516 yyerror("expected yes or no.");
3517 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3518 free($2);
3519 }
3520 ;
3521 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3522 {
3523 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3524 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3525 yyerror("expected yes or no.");
3526 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3527 free($2);
3528 }
3529 ;
3530 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3531 {
3532 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3533 free(cfg_parser->cfg->dnstap_identity);
3534 cfg_parser->cfg->dnstap_identity = $2;
3535 }
3536 ;
3537 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3538 {
3539 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3540 free(cfg_parser->cfg->dnstap_version);
3541 cfg_parser->cfg->dnstap_version = $2;
3542 }
3543 ;
3544 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3545 {
3546 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3547 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3548 yyerror("expected yes or no.");
3549 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3550 (strcmp($2, "yes")==0);
3551 free($2);
3552 }
3553 ;
3554 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3555 {
3556 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3557 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3558 yyerror("expected yes or no.");
3559 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3560 (strcmp($2, "yes")==0);
3561 free($2);
3562 }
3563 ;
3564 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3565 {
3566 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3567 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3568 yyerror("expected yes or no.");
3569 else cfg_parser->cfg->dnstap_log_client_query_messages =
3570 (strcmp($2, "yes")==0);
3571 free($2);
3572 }
3573 ;
3574 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3575 {
3576 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3577 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3578 yyerror("expected yes or no.");
3579 else cfg_parser->cfg->dnstap_log_client_response_messages =
3580 (strcmp($2, "yes")==0);
3581 free($2);
3582 }
3583 ;
3584 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3585 {
3586 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3587 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3588 yyerror("expected yes or no.");
3589 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3590 (strcmp($2, "yes")==0);
3591 free($2);
3592 }
3593 ;
3594 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3595 {
3596 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3597 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3598 yyerror("expected yes or no.");
3599 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3600 (strcmp($2, "yes")==0);
3601 free($2);
3602 }
3603 ;
3604 pythonstart: VAR_PYTHON
3605 {
3606 OUTYY(("\nP(python:)\n"));
3607 cfg_parser->started_toplevel = 1;
3608 }
3609 ;
3610 contents_py: contents_py content_py
3611 | ;
3612 content_py: py_script
3613 ;
3614 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3615 {
3616 OUTYY(("P(python-script:%s)\n", $2));
3617 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3618 yyerror("out of memory");
3619 }
3620 ;
3621 dynlibstart: VAR_DYNLIB
3622 {
3623 OUTYY(("\nP(dynlib:)\n"));
3624 cfg_parser->started_toplevel = 1;
3625 }
3626 ;
3627 contents_dl: contents_dl content_dl
3628 | ;
3629 content_dl: dl_file
3630 ;
3631 dl_file: VAR_DYNLIB_FILE STRING_ARG
3632 {
3633 OUTYY(("P(dynlib-file:%s)\n", $2));
3634 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3635 yyerror("out of memory");
3636 }
3637 ;
3638 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3639 {
3640 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3641 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3642 yyerror("expected yes or no.");
3643 else cfg_parser->cfg->disable_dnssec_lame_check =
3644 (strcmp($2, "yes")==0);
3645 free($2);
3646 }
3647 ;
3648 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3649 {
3650 OUTYY(("P(server_log_identity:%s)\n", $2));
3651 free(cfg_parser->cfg->log_identity);
3652 cfg_parser->cfg->log_identity = $2;
3653 }
3654 ;
3655 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3656 {
3657 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3658 validate_respip_action($3);
3659 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3660 $2, $3))
3661 fatal_exit("out of memory adding response-ip");
3662 }
3663 ;
3664 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3665 {
3666 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3667 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3668 $2, $3))
3669 fatal_exit("out of memory adding response-ip-data");
3670 }
3671 ;
3672 dnscstart: VAR_DNSCRYPT
3673 {
3674 OUTYY(("\nP(dnscrypt:)\n"));
3675 cfg_parser->started_toplevel = 1;
3676 }
3677 ;
3678 contents_dnsc: contents_dnsc content_dnsc
3679 | ;
3680 content_dnsc:
3681 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3682 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3683 dnsc_dnscrypt_provider_cert_rotated |
3684 dnsc_dnscrypt_shared_secret_cache_size |
3685 dnsc_dnscrypt_shared_secret_cache_slabs |
3686 dnsc_dnscrypt_nonce_cache_size |
3687 dnsc_dnscrypt_nonce_cache_slabs
3688 ;
3689 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3690 {
3691 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3692 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3693 yyerror("expected yes or no.");
3694 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3695 free($2);
3696 }
3697 ;
3698 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3699 {
3700 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3701 if(atoi($2) == 0)
3702 yyerror("port number expected");
3703 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3704 free($2);
3705 }
3706 ;
3707 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3708 {
3709 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3710 free(cfg_parser->cfg->dnscrypt_provider);
3711 cfg_parser->cfg->dnscrypt_provider = $2;
3712 }
3713 ;
3714 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3715 {
3716 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3717 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3718 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3719 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3720 fatal_exit("out of memory adding dnscrypt-provider-cert");
3721 }
3722 ;
3723 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3724 {
3725 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3726 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3727 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3728 }
3729 ;
3730 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3731 {
3732 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3733 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3734 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3735 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3736 fatal_exit("out of memory adding dnscrypt-secret-key");
3737 }
3738 ;
3739 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3740 {
3741 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3742 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3743 yyerror("memory size expected");
3744 free($2);
3745 }
3746 ;
3747 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3748 {
3749 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3750 if(atoi($2) == 0) {
3751 yyerror("number expected");
3752 } else {
3753 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3754 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3755 yyerror("must be a power of 2");
3756 }
3757 free($2);
3758 }
3759 ;
3760 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3761 {
3762 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3763 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3764 yyerror("memory size expected");
3765 free($2);
3766 }
3767 ;
3768 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3769 {
3770 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3771 if(atoi($2) == 0) {
3772 yyerror("number expected");
3773 } else {
3774 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3775 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3776 yyerror("must be a power of 2");
3777 }
3778 free($2);
3779 }
3780 ;
3781 cachedbstart: VAR_CACHEDB
3782 {
3783 OUTYY(("\nP(cachedb:)\n"));
3784 cfg_parser->started_toplevel = 1;
3785 }
3786 ;
3787 contents_cachedb: contents_cachedb content_cachedb
3788 | ;
3789 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3790 redis_server_host | redis_server_port | redis_timeout |
3791 redis_expire_records | redis_server_path | redis_server_password |
3792 cachedb_no_store | redis_logical_db | cachedb_check_when_serve_expired
3793 ;
3794 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3795 {
3796 #ifdef USE_CACHEDB
3797 OUTYY(("P(backend:%s)\n", $2));
3798 free(cfg_parser->cfg->cachedb_backend);
3799 cfg_parser->cfg->cachedb_backend = $2;
3800 #else
3801 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3802 free($2);
3803 #endif
3804 }
3805 ;
3806 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3807 {
3808 #ifdef USE_CACHEDB
3809 OUTYY(("P(secret-seed:%s)\n", $2));
3810 free(cfg_parser->cfg->cachedb_secret);
3811 cfg_parser->cfg->cachedb_secret = $2;
3812 #else
3813 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3814 free($2);
3815 #endif
3816 }
3817 ;
3818 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3819 {
3820 #ifdef USE_CACHEDB
3821 OUTYY(("P(cachedb_no_store:%s)\n", $2));
3822 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3823 yyerror("expected yes or no.");
3824 else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3825 #else
3826 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3827 #endif
3828 free($2);
3829 }
3830 ;
3831 cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG
3832 {
3833 #ifdef USE_CACHEDB
3834 OUTYY(("P(cachedb_check_when_serve_expired:%s)\n", $2));
3835 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3836 yyerror("expected yes or no.");
3837 else cfg_parser->cfg->cachedb_check_when_serve_expired = (strcmp($2, "yes")==0);
3838 #else
3839 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3840 #endif
3841 free($2);
3842 }
3843 ;
3844 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3845 {
3846 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3847 OUTYY(("P(redis_server_host:%s)\n", $2));
3848 free(cfg_parser->cfg->redis_server_host);
3849 cfg_parser->cfg->redis_server_host = $2;
3850 #else
3851 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3852 free($2);
3853 #endif
3854 }
3855 ;
3856 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3857 {
3858 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3859 int port;
3860 OUTYY(("P(redis_server_port:%s)\n", $2));
3861 port = atoi($2);
3862 if(port == 0 || port < 0 || port > 65535)
3863 yyerror("valid redis server port number expected");
3864 else cfg_parser->cfg->redis_server_port = port;
3865 #else
3866 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3867 #endif
3868 free($2);
3869 }
3870 ;
3871 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
3872 {
3873 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3874 OUTYY(("P(redis_server_path:%s)\n", $2));
3875 free(cfg_parser->cfg->redis_server_path);
3876 cfg_parser->cfg->redis_server_path = $2;
3877 #else
3878 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3879 free($2);
3880 #endif
3881 }
3882 ;
3883 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
3884 {
3885 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3886 OUTYY(("P(redis_server_password:%s)\n", $2));
3887 free(cfg_parser->cfg->redis_server_password);
3888 cfg_parser->cfg->redis_server_password = $2;
3889 #else
3890 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3891 free($2);
3892 #endif
3893 }
3894 ;
3895 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3896 {
3897 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3898 OUTYY(("P(redis_timeout:%s)\n", $2));
3899 if(atoi($2) == 0)
3900 yyerror("redis timeout value expected");
3901 else cfg_parser->cfg->redis_timeout = atoi($2);
3902 #else
3903 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3904 #endif
3905 free($2);
3906 }
3907 ;
3908 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3909 {
3910 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3911 OUTYY(("P(redis_expire_records:%s)\n", $2));
3912 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3913 yyerror("expected yes or no.");
3914 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3915 #else
3916 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3917 #endif
3918 free($2);
3919 }
3920 ;
3921 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
3922 {
3923 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3924 int db;
3925 OUTYY(("P(redis_logical_db:%s)\n", $2));
3926 db = atoi($2);
3927 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
3928 yyerror("valid redis logical database index expected");
3929 else cfg_parser->cfg->redis_logical_db = db;
3930 #else
3931 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3932 #endif
3933 free($2);
3934 }
3935 ;
3936 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3937 {
3938 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3939 if (atoi($3) < 0)
3940 yyerror("positive number expected");
3941 else {
3942 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3943 fatal_exit("out of memory adding tcp connection limit");
3944 }
3945 }
3946 ;
3947 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
3948 {
3949 OUTYY(("P(server_answer_cookie:%s)\n", $2));
3950 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3951 yyerror("expected yes or no.");
3952 else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
3953 free($2);
3954 }
3955 ;
3956 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
3957 {
3958 uint8_t secret[32];
3959 size_t secret_len = sizeof(secret);
3960
3961 OUTYY(("P(server_cookie_secret:%s)\n", $2));
3962 if(sldns_str2wire_hex_buf($2, secret, &secret_len)
3963 || (secret_len != 16))
3964 yyerror("expected 128 bit hex string");
3965 else {
3966 cfg_parser->cfg->cookie_secret_len = secret_len;
3967 memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
3968 }
3969 free($2);
3970 }
3971 ;
3972 ipsetstart: VAR_IPSET
3973 {
3974 OUTYY(("\nP(ipset:)\n"));
3975 cfg_parser->started_toplevel = 1;
3976 }
3977 ;
3978 contents_ipset: contents_ipset content_ipset
3979 | ;
3980 content_ipset: ipset_name_v4 | ipset_name_v6
3981 ;
3982 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3983 {
3984 #ifdef USE_IPSET
3985 OUTYY(("P(name-v4:%s)\n", $2));
3986 if(cfg_parser->cfg->ipset_name_v4)
3987 yyerror("ipset name v4 override, there must be one "
3988 "name for ip v4");
3989 free(cfg_parser->cfg->ipset_name_v4);
3990 cfg_parser->cfg->ipset_name_v4 = $2;
3991 #else
3992 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3993 free($2);
3994 #endif
3995 }
3996 ;
3997 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3998 {
3999 #ifdef USE_IPSET
4000 OUTYY(("P(name-v6:%s)\n", $2));
4001 if(cfg_parser->cfg->ipset_name_v6)
4002 yyerror("ipset name v6 override, there must be one "
4003 "name for ip v6");
4004 free(cfg_parser->cfg->ipset_name_v6);
4005 cfg_parser->cfg->ipset_name_v6 = $2;
4006 #else
4007 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4008 free($2);
4009 #endif
4010 }
4011 ;
4012 %%
4013
4014 /* parse helper routines could be here */
4015 static void
4016 validate_respip_action(const char* action)
4017 {
4018 if(strcmp(action, "deny")!=0 &&
4019 strcmp(action, "redirect")!=0 &&
4020 strcmp(action, "inform")!=0 &&
4021 strcmp(action, "inform_deny")!=0 &&
4022 strcmp(action, "always_transparent")!=0 &&
4023 strcmp(action, "always_refuse")!=0 &&
4024 strcmp(action, "always_nxdomain")!=0)
4025 {
4026 yyerror("response-ip action: expected deny, redirect, "
4027 "inform, inform_deny, always_transparent, "
4028 "always_refuse or always_nxdomain");
4029 }
4030 }
4031
4032 static void
validate_acl_action(const char * action)4033 validate_acl_action(const char* action)
4034 {
4035 if(strcmp(action, "deny")!=0 &&
4036 strcmp(action, "refuse")!=0 &&
4037 strcmp(action, "deny_non_local")!=0 &&
4038 strcmp(action, "refuse_non_local")!=0 &&
4039 strcmp(action, "allow_setrd")!=0 &&
4040 strcmp(action, "allow")!=0 &&
4041 strcmp(action, "allow_snoop")!=0 &&
4042 strcmp(action, "allow_cookie")!=0)
4043 {
4044 yyerror("expected deny, refuse, deny_non_local, "
4045 "refuse_non_local, allow, allow_setrd, "
4046 "allow_snoop or allow_cookie as access control action");
4047 }
4048 }
4049