xref: /freebsd/contrib/unbound/util/configparser.y (revision 4b9d6057)
1 /*
2  * configparser.y -- yacc grammar for unbound configuration files
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
7  *
8  * This software is open source.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  *
17  * Redistributions in binary form must reproduce the above copyright notice,
18  * this list of conditions and the following disclaimer in the documentation
19  * and/or other materials provided with the distribution.
20  *
21  * Neither the name of the NLNET LABS nor the names of its contributors may
22  * be used to endorse or promote products derived from this software without
23  * specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 %{
39 #include "config.h"
40 
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46 
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51 
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54 
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57 
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60 
61 #if 0
62 #define OUTYY(s)  printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66 
67 %}
68 %union {
69 	char*	str;
70 };
71 
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
141 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
142 %token VAR_IP_DSCP
143 %token VAR_DISABLE_DNSSEC_LAME_CHECK
144 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
145 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
146 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
147 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
148 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
149 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
150 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
151 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
152 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
153 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
154 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
155 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
156 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
157 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
158 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
159 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
160 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
161 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
162 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
163 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
164 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
165 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
166 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
167 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
168 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
169 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
170 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
171 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
172 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
173 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
174 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
175 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
176 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
177 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
178 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
179 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
180 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
181 %token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
182 %token VAR_CACHEDB_REDISLOGICALDB
183 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
184 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
185 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
186 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
187 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
188 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
189 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
190 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
191 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
192 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
193 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
194 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
195 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
196 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
197 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
198 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
199 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
200 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
201 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
202 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
203 
204 %%
205 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
206 toplevelvar: serverstart contents_server | stubstart contents_stub |
207 	forwardstart contents_forward | pythonstart contents_py |
208 	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
209 	dnscstart contents_dnsc | cachedbstart contents_cachedb |
210 	ipsetstart contents_ipset | authstart contents_auth |
211 	rpzstart contents_rpz | dynlibstart contents_dl |
212 	force_toplevel
213 	;
214 force_toplevel: VAR_FORCE_TOPLEVEL
215 	{
216 		OUTYY(("\nP(force-toplevel)\n"));
217 		cfg_parser->started_toplevel = 0;
218 	}
219 	;
220 /* server: declaration */
221 serverstart: VAR_SERVER
222 	{
223 		OUTYY(("\nP(server:)\n"));
224 		cfg_parser->started_toplevel = 1;
225 	}
226 	;
227 contents_server: contents_server content_server
228 	| ;
229 content_server: server_num_threads | server_verbosity | server_port |
230 	server_outgoing_range | server_do_ip4 |
231 	server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
232 	server_prefer_ip6 | server_do_udp | server_do_tcp |
233 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
234 	server_tcp_keepalive | server_tcp_keepalive_timeout |
235 	server_sock_queue_timeout |
236 	server_interface | server_chroot | server_username |
237 	server_directory | server_logfile | server_pidfile |
238 	server_msg_cache_size | server_msg_cache_slabs |
239 	server_num_queries_per_thread | server_rrset_cache_size |
240 	server_rrset_cache_slabs | server_outgoing_num_tcp |
241 	server_infra_host_ttl | server_infra_lame_ttl |
242 	server_infra_cache_slabs | server_infra_cache_numhosts |
243 	server_infra_cache_lame_size | server_target_fetch_policy |
244 	server_harden_short_bufsize | server_harden_large_queries |
245 	server_do_not_query_address | server_hide_identity |
246 	server_hide_version | server_identity | server_version |
247 	server_hide_http_user_agent | server_http_user_agent |
248 	server_harden_glue | server_module_conf | server_trust_anchor_file |
249 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
250 	server_val_clean_additional | server_val_permissive_mode |
251 	server_incoming_num_tcp | server_msg_buffer_size |
252 	server_key_cache_size | server_key_cache_slabs |
253 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
254 	server_use_syslog | server_outgoing_interface | server_root_hints |
255 	server_do_not_query_localhost | server_cache_max_ttl |
256 	server_harden_dnssec_stripped | server_access_control |
257 	server_local_zone | server_local_data | server_interface_automatic |
258 	server_statistics_interval | server_do_daemonize |
259 	server_use_caps_for_id | server_statistics_cumulative |
260 	server_outgoing_port_permit | server_outgoing_port_avoid |
261 	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
262 	server_harden_referral_path | server_private_address |
263 	server_private_domain | server_extended_statistics |
264 	server_local_data_ptr | server_jostle_timeout |
265 	server_unwanted_reply_threshold | server_log_time_ascii |
266 	server_domain_insecure | server_val_sig_skew_min |
267 	server_val_sig_skew_max | server_val_max_restart |
268 	server_cache_min_ttl | server_val_log_level |
269 	server_auto_trust_anchor_file |	server_add_holddown |
270 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
271 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
272 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
273 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
274 	server_log_local_actions |
275 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
276 	server_https_port | server_http_endpoint | server_http_max_streams |
277 	server_http_query_buffer_size | server_http_response_buffer_size |
278 	server_http_nodelay | server_http_notls_downstream |
279 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
280 	server_so_reuseport | server_delay_close | server_udp_connect |
281 	server_unblock_lan_zones | server_insecure_lan_zones |
282 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
283 	server_nat64_prefix |
284 	server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
285 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
286 	server_ip_dscp | server_infra_keep_probing |
287 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
288 	server_ip_ratelimit_size | server_ratelimit_size |
289 	server_ratelimit_for_domain |
290 	server_ratelimit_below_domain | server_ratelimit_factor |
291 	server_ip_ratelimit_factor | server_ratelimit_backoff |
292 	server_ip_ratelimit_backoff | server_outbound_msg_retry |
293 	server_max_sent_count | server_max_query_restarts |
294 	server_send_client_subnet | server_client_subnet_zone |
295 	server_client_subnet_always_forward | server_client_subnet_opcode |
296 	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
297 	server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
298 	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
299 	server_caps_whitelist | server_cache_max_negative_ttl |
300 	server_permit_small_holddown | server_qname_minimisation |
301 	server_ip_freebind | server_define_tag | server_local_zone_tag |
302 	server_disable_dnssec_lame_check | server_access_control_tag |
303 	server_local_zone_override | server_access_control_tag_action |
304 	server_access_control_tag_data | server_access_control_view |
305 	server_interface_action | server_interface_view | server_interface_tag |
306 	server_interface_tag_action | server_interface_tag_data |
307 	server_qname_minimisation_strict |
308 	server_pad_responses | server_pad_responses_block_size |
309 	server_pad_queries | server_pad_queries_block_size |
310 	server_serve_expired |
311 	server_serve_expired_ttl | server_serve_expired_ttl_reset |
312 	server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
313 	server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
314 	server_log_identity | server_use_systemd |
315 	server_response_ip_tag | server_response_ip | server_response_ip_data |
316 	server_shm_enable | server_shm_key | server_fake_sha1 |
317 	server_hide_trustanchor | server_trust_anchor_signaling |
318 	server_root_key_sentinel |
319 	server_ipsecmod_enabled | server_ipsecmod_hook |
320 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
321 	server_ipsecmod_whitelist | server_ipsecmod_strict |
322 	server_udp_upstream_without_downstream | server_aggressive_nsec |
323 	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
324 	server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
325 	server_tcp_connection_limit | server_log_servfail | server_deny_any |
326 	server_unknown_server_time_limit | server_log_tag_queryreply |
327 	server_stream_wait_size | server_tls_ciphers |
328 	server_tls_ciphersuites | server_tls_session_ticket_keys |
329 	server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
330 	server_tls_use_sni | server_edns_client_string |
331 	server_edns_client_string_opcode | server_nsid |
332 	server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
333 	server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
334 	server_interface_automatic_ports | server_ede |
335 	server_proxy_protocol_port | server_statistics_inhibit_zero |
336 	server_harden_unknown_additional | server_disable_edns_do
337 	;
338 stubstart: VAR_STUB_ZONE
339 	{
340 		struct config_stub* s;
341 		OUTYY(("\nP(stub_zone:)\n"));
342 		cfg_parser->started_toplevel = 1;
343 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
344 		if(s) {
345 			s->next = cfg_parser->cfg->stubs;
346 			cfg_parser->cfg->stubs = s;
347 		} else {
348 			yyerror("out of memory");
349 		}
350 	}
351 	;
352 contents_stub: contents_stub content_stub
353 	| ;
354 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
355 	stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
356 	;
357 forwardstart: VAR_FORWARD_ZONE
358 	{
359 		struct config_stub* s;
360 		OUTYY(("\nP(forward_zone:)\n"));
361 		cfg_parser->started_toplevel = 1;
362 		s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
363 		if(s) {
364 			s->next = cfg_parser->cfg->forwards;
365 			cfg_parser->cfg->forwards = s;
366 		} else {
367 			yyerror("out of memory");
368 		}
369 	}
370 	;
371 contents_forward: contents_forward content_forward
372 	| ;
373 content_forward: forward_name | forward_host | forward_addr | forward_first |
374 	forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
375 	;
376 viewstart: VAR_VIEW
377 	{
378 		struct config_view* s;
379 		OUTYY(("\nP(view:)\n"));
380 		cfg_parser->started_toplevel = 1;
381 		s = (struct config_view*)calloc(1, sizeof(struct config_view));
382 		if(s) {
383 			s->next = cfg_parser->cfg->views;
384 			if(s->next && !s->next->name)
385 				yyerror("view without name");
386 			cfg_parser->cfg->views = s;
387 		} else {
388 			yyerror("out of memory");
389 		}
390 	}
391 	;
392 contents_view: contents_view content_view
393 	| ;
394 content_view: view_name | view_local_zone | view_local_data | view_first |
395 		view_response_ip | view_response_ip_data | view_local_data_ptr
396 	;
397 authstart: VAR_AUTH_ZONE
398 	{
399 		struct config_auth* s;
400 		OUTYY(("\nP(auth_zone:)\n"));
401 		cfg_parser->started_toplevel = 1;
402 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
403 		if(s) {
404 			s->next = cfg_parser->cfg->auths;
405 			cfg_parser->cfg->auths = s;
406 			/* defaults for auth zone */
407 			s->for_downstream = 1;
408 			s->for_upstream = 1;
409 			s->fallback_enabled = 0;
410 			s->zonemd_check = 0;
411 			s->zonemd_reject_absence = 0;
412 			s->isrpz = 0;
413 		} else {
414 			yyerror("out of memory");
415 		}
416 	}
417 	;
418 contents_auth: contents_auth content_auth
419 	| ;
420 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
421 	auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
422 	auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
423 	;
424 
425 rpz_tag: VAR_TAGS STRING_ARG
426 	{
427 		uint8_t* bitlist;
428 		size_t len = 0;
429 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
430 		bitlist = config_parse_taglist(cfg_parser->cfg, $2,
431 			&len);
432 		free($2);
433 		if(!bitlist) {
434 			yyerror("could not parse tags, (define-tag them first)");
435 		}
436 		if(bitlist) {
437 			cfg_parser->cfg->auths->rpz_taglist = bitlist;
438 			cfg_parser->cfg->auths->rpz_taglistlen = len;
439 
440 		}
441 	}
442 	;
443 
444 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
445 	{
446 		OUTYY(("P(rpz_action_override:%s)\n", $2));
447 		if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
448 		   strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
449 		   strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
450 			yyerror("rpz-action-override action: expected nxdomain, "
451 				"nodata, passthru, drop, cname or disabled");
452 			free($2);
453 			cfg_parser->cfg->auths->rpz_action_override = NULL;
454 		}
455 		else {
456 			cfg_parser->cfg->auths->rpz_action_override = $2;
457 		}
458 	}
459 	;
460 
461 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
462 	{
463 		OUTYY(("P(rpz_cname_override:%s)\n", $2));
464 		free(cfg_parser->cfg->auths->rpz_cname);
465 		cfg_parser->cfg->auths->rpz_cname = $2;
466 	}
467 	;
468 
469 rpz_log: VAR_RPZ_LOG STRING_ARG
470 	{
471 		OUTYY(("P(rpz_log:%s)\n", $2));
472 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
473 			yyerror("expected yes or no.");
474 		else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
475 		free($2);
476 	}
477 	;
478 
479 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
480 	{
481 		OUTYY(("P(rpz_log_name:%s)\n", $2));
482 		free(cfg_parser->cfg->auths->rpz_log_name);
483 		cfg_parser->cfg->auths->rpz_log_name = $2;
484 	}
485 	;
486 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
487 	{
488 		OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
489 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
490 			yyerror("expected yes or no.");
491 		else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
492 		free($2);
493 	}
494 	;
495 
496 rpzstart: VAR_RPZ
497 	{
498 		struct config_auth* s;
499 		OUTYY(("\nP(rpz:)\n"));
500 		cfg_parser->started_toplevel = 1;
501 		s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
502 		if(s) {
503 			s->next = cfg_parser->cfg->auths;
504 			cfg_parser->cfg->auths = s;
505 			/* defaults for RPZ auth zone */
506 			s->for_downstream = 0;
507 			s->for_upstream = 0;
508 			s->fallback_enabled = 0;
509 			s->isrpz = 1;
510 		} else {
511 			yyerror("out of memory");
512 		}
513 	}
514 	;
515 contents_rpz: contents_rpz content_rpz
516 	| ;
517 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
518 	   auth_allow_notify | rpz_action_override | rpz_cname_override |
519 	   rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
520 	;
521 server_num_threads: VAR_NUM_THREADS STRING_ARG
522 	{
523 		OUTYY(("P(server_num_threads:%s)\n", $2));
524 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
525 			yyerror("number expected");
526 		else cfg_parser->cfg->num_threads = atoi($2);
527 		free($2);
528 	}
529 	;
530 server_verbosity: VAR_VERBOSITY STRING_ARG
531 	{
532 		OUTYY(("P(server_verbosity:%s)\n", $2));
533 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
534 			yyerror("number expected");
535 		else cfg_parser->cfg->verbosity = atoi($2);
536 		free($2);
537 	}
538 	;
539 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
540 	{
541 		OUTYY(("P(server_statistics_interval:%s)\n", $2));
542 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
543 			cfg_parser->cfg->stat_interval = 0;
544 		else if(atoi($2) == 0)
545 			yyerror("number expected");
546 		else cfg_parser->cfg->stat_interval = atoi($2);
547 		free($2);
548 	}
549 	;
550 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
551 	{
552 		OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
553 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
554 			yyerror("expected yes or no.");
555 		else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
556 		free($2);
557 	}
558 	;
559 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
560 	{
561 		OUTYY(("P(server_extended_statistics:%s)\n", $2));
562 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
563 			yyerror("expected yes or no.");
564 		else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
565 		free($2);
566 	}
567 	;
568 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
569 	{
570 		OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
571 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
572 			yyerror("expected yes or no.");
573 		else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
574 		free($2);
575 	}
576 	;
577 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
578 	{
579 		OUTYY(("P(server_shm_enable:%s)\n", $2));
580 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
581 			yyerror("expected yes or no.");
582 		else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
583 		free($2);
584 	}
585 	;
586 server_shm_key: VAR_SHM_KEY STRING_ARG
587 	{
588 		OUTYY(("P(server_shm_key:%s)\n", $2));
589 		if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
590 			cfg_parser->cfg->shm_key = 0;
591 		else if(atoi($2) == 0)
592 			yyerror("number expected");
593 		else cfg_parser->cfg->shm_key = atoi($2);
594 		free($2);
595 	}
596 	;
597 server_port: VAR_PORT STRING_ARG
598 	{
599 		OUTYY(("P(server_port:%s)\n", $2));
600 		if(atoi($2) == 0)
601 			yyerror("port number expected");
602 		else cfg_parser->cfg->port = atoi($2);
603 		free($2);
604 	}
605 	;
606 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
607 	{
608 	#ifdef CLIENT_SUBNET
609 		OUTYY(("P(server_send_client_subnet:%s)\n", $2));
610 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
611 			fatal_exit("out of memory adding client-subnet");
612 	#else
613 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
614 		free($2);
615 	#endif
616 	}
617 	;
618 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
619 	{
620 	#ifdef CLIENT_SUBNET
621 		OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
622 		if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
623 			$2))
624 			fatal_exit("out of memory adding client-subnet-zone");
625 	#else
626 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
627 		free($2);
628 	#endif
629 	}
630 	;
631 server_client_subnet_always_forward:
632 	VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
633 	{
634 	#ifdef CLIENT_SUBNET
635 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
636 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
637 			yyerror("expected yes or no.");
638 		else
639 			cfg_parser->cfg->client_subnet_always_forward =
640 				(strcmp($2, "yes")==0);
641 	#else
642 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
643 	#endif
644 		free($2);
645 	}
646 	;
647 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
648 	{
649 	#ifdef CLIENT_SUBNET
650 		OUTYY(("P(client_subnet_opcode:%s)\n", $2));
651 		OUTYY(("P(Deprecated option, ignoring)\n"));
652 	#else
653 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
654 	#endif
655 		free($2);
656 	}
657 	;
658 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
659 	{
660 	#ifdef CLIENT_SUBNET
661 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
662 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
663 			yyerror("IPv4 subnet length expected");
664 		else if (atoi($2) > 32)
665 			cfg_parser->cfg->max_client_subnet_ipv4 = 32;
666 		else if (atoi($2) < 0)
667 			cfg_parser->cfg->max_client_subnet_ipv4 = 0;
668 		else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
669 	#else
670 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
671 	#endif
672 		free($2);
673 	}
674 	;
675 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
676 	{
677 	#ifdef CLIENT_SUBNET
678 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
679 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
680 			yyerror("Ipv6 subnet length expected");
681 		else if (atoi($2) > 128)
682 			cfg_parser->cfg->max_client_subnet_ipv6 = 128;
683 		else if (atoi($2) < 0)
684 			cfg_parser->cfg->max_client_subnet_ipv6 = 0;
685 		else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
686 	#else
687 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
688 	#endif
689 		free($2);
690 	}
691 	;
692 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
693 	{
694 	#ifdef CLIENT_SUBNET
695 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
696 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
697 			yyerror("IPv4 subnet length expected");
698 		else if (atoi($2) > 32)
699 			cfg_parser->cfg->min_client_subnet_ipv4 = 32;
700 		else if (atoi($2) < 0)
701 			cfg_parser->cfg->min_client_subnet_ipv4 = 0;
702 		else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
703 	#else
704 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
705 	#endif
706 		free($2);
707 	}
708 	;
709 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
710 	{
711 	#ifdef CLIENT_SUBNET
712 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
713 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
714 			yyerror("Ipv6 subnet length expected");
715 		else if (atoi($2) > 128)
716 			cfg_parser->cfg->min_client_subnet_ipv6 = 128;
717 		else if (atoi($2) < 0)
718 			cfg_parser->cfg->min_client_subnet_ipv6 = 0;
719 		else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
720 	#else
721 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
722 	#endif
723 		free($2);
724 	}
725 	;
726 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
727 	{
728 	#ifdef CLIENT_SUBNET
729 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
730 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
731 			yyerror("IPv4 ECS tree size expected");
732 		else if (atoi($2) < 0)
733 			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
734 		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
735 	#else
736 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
737 	#endif
738 		free($2);
739 	}
740 	;
741 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
742 	{
743 	#ifdef CLIENT_SUBNET
744 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
745 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
746 			yyerror("IPv6 ECS tree size expected");
747 		else if (atoi($2) < 0)
748 			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
749 		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
750 	#else
751 		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
752 	#endif
753 		free($2);
754 	}
755 	;
756 server_interface: VAR_INTERFACE STRING_ARG
757 	{
758 		OUTYY(("P(server_interface:%s)\n", $2));
759 		if(cfg_parser->cfg->num_ifs == 0)
760 			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
761 		else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
762 				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
763 		if(!cfg_parser->cfg->ifs)
764 			yyerror("out of memory");
765 		else
766 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
767 	}
768 	;
769 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
770 	{
771 		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
772 		if(cfg_parser->cfg->num_out_ifs == 0)
773 			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
774 		else cfg_parser->cfg->out_ifs = realloc(
775 			cfg_parser->cfg->out_ifs,
776 			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
777 		if(!cfg_parser->cfg->out_ifs)
778 			yyerror("out of memory");
779 		else
780 			cfg_parser->cfg->out_ifs[
781 				cfg_parser->cfg->num_out_ifs++] = $2;
782 	}
783 	;
784 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
785 	{
786 		OUTYY(("P(server_outgoing_range:%s)\n", $2));
787 		if(atoi($2) == 0)
788 			yyerror("number expected");
789 		else cfg_parser->cfg->outgoing_num_ports = atoi($2);
790 		free($2);
791 	}
792 	;
793 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
794 	{
795 		OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
796 		if(!cfg_mark_ports($2, 1,
797 			cfg_parser->cfg->outgoing_avail_ports, 65536))
798 			yyerror("port number or range (\"low-high\") expected");
799 		free($2);
800 	}
801 	;
802 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
803 	{
804 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
805 		if(!cfg_mark_ports($2, 0,
806 			cfg_parser->cfg->outgoing_avail_ports, 65536))
807 			yyerror("port number or range (\"low-high\") expected");
808 		free($2);
809 	}
810 	;
811 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
812 	{
813 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
814 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
815 			yyerror("number expected");
816 		else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
817 		free($2);
818 	}
819 	;
820 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
821 	{
822 		OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
823 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
824 			yyerror("number expected");
825 		else cfg_parser->cfg->incoming_num_tcp = atoi($2);
826 		free($2);
827 	}
828 	;
829 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
830 	{
831 		OUTYY(("P(server_interface_automatic:%s)\n", $2));
832 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
833 			yyerror("expected yes or no.");
834 		else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
835 		free($2);
836 	}
837 	;
838 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
839 	{
840 		OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
841 		free(cfg_parser->cfg->if_automatic_ports);
842 		cfg_parser->cfg->if_automatic_ports = $2;
843 	}
844 	;
845 server_do_ip4: VAR_DO_IP4 STRING_ARG
846 	{
847 		OUTYY(("P(server_do_ip4:%s)\n", $2));
848 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849 			yyerror("expected yes or no.");
850 		else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
851 		free($2);
852 	}
853 	;
854 server_do_ip6: VAR_DO_IP6 STRING_ARG
855 	{
856 		OUTYY(("P(server_do_ip6:%s)\n", $2));
857 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
858 			yyerror("expected yes or no.");
859 		else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
860 		free($2);
861 	}
862 	;
863 server_do_nat64: VAR_DO_NAT64 STRING_ARG
864 	{
865 		OUTYY(("P(server_do_nat64:%s)\n", $2));
866 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
867 			yyerror("expected yes or no.");
868 		else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
869 		free($2);
870 	}
871 	;
872 server_do_udp: VAR_DO_UDP STRING_ARG
873 	{
874 		OUTYY(("P(server_do_udp:%s)\n", $2));
875 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
876 			yyerror("expected yes or no.");
877 		else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
878 		free($2);
879 	}
880 	;
881 server_do_tcp: VAR_DO_TCP STRING_ARG
882 	{
883 		OUTYY(("P(server_do_tcp:%s)\n", $2));
884 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
885 			yyerror("expected yes or no.");
886 		else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
887 		free($2);
888 	}
889 	;
890 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
891 	{
892 		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
893 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
894 			yyerror("expected yes or no.");
895 		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
896 		free($2);
897 	}
898 	;
899 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
900 	{
901 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));
902 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
903 			yyerror("expected yes or no.");
904 		else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
905 		free($2);
906 	}
907 	;
908 server_tcp_mss: VAR_TCP_MSS STRING_ARG
909 	{
910 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
911 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
912 				yyerror("number expected");
913 		else cfg_parser->cfg->tcp_mss = atoi($2);
914 		free($2);
915 	}
916 	;
917 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
918 	{
919 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
920 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
921 			yyerror("number expected");
922 		else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
923 		free($2);
924 	}
925 	;
926 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
927 	{
928 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
929 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
930 			yyerror("number expected");
931 		else if (atoi($2) > 120000)
932 			cfg_parser->cfg->tcp_idle_timeout = 120000;
933 		else if (atoi($2) < 1)
934 			cfg_parser->cfg->tcp_idle_timeout = 1;
935 		else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
936 		free($2);
937 	}
938 	;
939 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
940 	{
941 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
942 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
943 			yyerror("number expected");
944 		else if (atoi($2) < 1)
945 			cfg_parser->cfg->max_reuse_tcp_queries = 0;
946 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
947 		free($2);
948 	}
949 	;
950 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
951 	{
952 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
953 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
954 			yyerror("number expected");
955 		else if (atoi($2) < 1)
956 			cfg_parser->cfg->tcp_reuse_timeout = 0;
957 		else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
958 		free($2);
959 	}
960 	;
961 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
962 	{
963 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
964 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
965 			yyerror("number expected");
966 		else if (atoi($2) < 1)
967 			cfg_parser->cfg->tcp_auth_query_timeout = 0;
968 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
969 		free($2);
970 	}
971 	;
972 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
973 	{
974 		OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
975 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
976 			yyerror("expected yes or no.");
977 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
978 		free($2);
979 	}
980 	;
981 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
982 	{
983 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
984 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
985 			yyerror("number expected");
986 		else if (atoi($2) > 6553500)
987 			cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
988 		else if (atoi($2) < 1)
989 			cfg_parser->cfg->tcp_keepalive_timeout = 0;
990 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
991 		free($2);
992 	}
993 	;
994 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
995 	{
996 		OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
997 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
998 			yyerror("number expected");
999 		else if (atoi($2) > 6553500)
1000 			cfg_parser->cfg->sock_queue_timeout = 6553500;
1001 		else if (atoi($2) < 1)
1002 			cfg_parser->cfg->sock_queue_timeout = 0;
1003 		else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1004 		free($2);
1005 	}
1006 	;
1007 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1008 	{
1009 		OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1010 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1011 			yyerror("expected yes or no.");
1012 		else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1013 		free($2);
1014 	}
1015 	;
1016 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1017 	{
1018 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1019 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1020 			yyerror("expected yes or no.");
1021 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1022 		free($2);
1023 	}
1024 	;
1025 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1026 	{
1027 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1028 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1029 			yyerror("expected yes or no.");
1030 		else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1031 		free($2);
1032 	}
1033 	;
1034 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1035 	{
1036 		OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1037 		free(cfg_parser->cfg->ssl_service_key);
1038 		cfg_parser->cfg->ssl_service_key = $2;
1039 	}
1040 	;
1041 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1042 	{
1043 		OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1044 		free(cfg_parser->cfg->ssl_service_pem);
1045 		cfg_parser->cfg->ssl_service_pem = $2;
1046 	}
1047 	;
1048 server_ssl_port: VAR_SSL_PORT STRING_ARG
1049 	{
1050 		OUTYY(("P(server_ssl_port:%s)\n", $2));
1051 		if(atoi($2) == 0)
1052 			yyerror("port number expected");
1053 		else cfg_parser->cfg->ssl_port = atoi($2);
1054 		free($2);
1055 	}
1056 	;
1057 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1058 	{
1059 		OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1060 		free(cfg_parser->cfg->tls_cert_bundle);
1061 		cfg_parser->cfg->tls_cert_bundle = $2;
1062 	}
1063 	;
1064 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1065 	{
1066 		OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1067 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1068 			yyerror("expected yes or no.");
1069 		else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1070 		free($2);
1071 	}
1072 	;
1073 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1074 	{
1075 		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1076 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1077 			$2))
1078 			yyerror("out of memory");
1079 	}
1080 	;
1081 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1082 	{
1083 		OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1084 		free(cfg_parser->cfg->tls_ciphers);
1085 		cfg_parser->cfg->tls_ciphers = $2;
1086 	}
1087 	;
1088 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1089 	{
1090 		OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1091 		free(cfg_parser->cfg->tls_ciphersuites);
1092 		cfg_parser->cfg->tls_ciphersuites = $2;
1093 	}
1094 	;
1095 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1096 	{
1097 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1098 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1099 			$2))
1100 			yyerror("out of memory");
1101 	}
1102 	;
1103 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1104 	{
1105 		OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1106 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1107 			yyerror("expected yes or no.");
1108 		else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1109 		free($2);
1110 	}
1111 	;
1112 server_https_port: VAR_HTTPS_PORT STRING_ARG
1113 	{
1114 		OUTYY(("P(server_https_port:%s)\n", $2));
1115 		if(atoi($2) == 0)
1116 			yyerror("port number expected");
1117 		else cfg_parser->cfg->https_port = atoi($2);
1118 		free($2);
1119 	};
1120 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1121 	{
1122 		OUTYY(("P(server_http_endpoint:%s)\n", $2));
1123 		free(cfg_parser->cfg->http_endpoint);
1124 		if($2 && $2[0] != '/') {
1125 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1126 			if(!cfg_parser->cfg->http_endpoint)
1127 				yyerror("out of memory");
1128 			cfg_parser->cfg->http_endpoint[0] = '/';
1129 			memmove(cfg_parser->cfg->http_endpoint+1, $2,
1130 				strlen($2)+1);
1131 			free($2);
1132 		} else {
1133 			cfg_parser->cfg->http_endpoint = $2;
1134 		}
1135 	};
1136 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1137 	{
1138 		OUTYY(("P(server_http_max_streams:%s)\n", $2));
1139 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1140 			yyerror("number expected");
1141 		else cfg_parser->cfg->http_max_streams = atoi($2);
1142 		free($2);
1143 	};
1144 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1145 	{
1146 		OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1147 		if(!cfg_parse_memsize($2,
1148 			&cfg_parser->cfg->http_query_buffer_size))
1149 			yyerror("memory size expected");
1150 		free($2);
1151 	};
1152 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1153 	{
1154 		OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1155 		if(!cfg_parse_memsize($2,
1156 			&cfg_parser->cfg->http_response_buffer_size))
1157 			yyerror("memory size expected");
1158 		free($2);
1159 	};
1160 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1161 	{
1162 		OUTYY(("P(server_http_nodelay:%s)\n", $2));
1163 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1164 			yyerror("expected yes or no.");
1165 		else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1166 		free($2);
1167 	};
1168 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1169 	{
1170 		OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1171 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1172 			yyerror("expected yes or no.");
1173 		else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1174 		free($2);
1175 	};
1176 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1177 	{
1178 		OUTYY(("P(server_use_systemd:%s)\n", $2));
1179 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1180 			yyerror("expected yes or no.");
1181 		else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1182 		free($2);
1183 	}
1184 	;
1185 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1186 	{
1187 		OUTYY(("P(server_do_daemonize:%s)\n", $2));
1188 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1189 			yyerror("expected yes or no.");
1190 		else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1191 		free($2);
1192 	}
1193 	;
1194 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1195 	{
1196 		OUTYY(("P(server_use_syslog:%s)\n", $2));
1197 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1198 			yyerror("expected yes or no.");
1199 		else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1200 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1201 		if(strcmp($2, "yes") == 0)
1202 			yyerror("no syslog services are available. "
1203 				"(reconfigure and compile to add)");
1204 #endif
1205 		free($2);
1206 	}
1207 	;
1208 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1209 	{
1210 		OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1211 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1212 			yyerror("expected yes or no.");
1213 		else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1214 		free($2);
1215 	}
1216 	;
1217 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1218 	{
1219 		OUTYY(("P(server_log_queries:%s)\n", $2));
1220 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1221 			yyerror("expected yes or no.");
1222 		else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1223 		free($2);
1224 	}
1225 	;
1226 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1227 	{
1228 		OUTYY(("P(server_log_replies:%s)\n", $2));
1229 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1230 			yyerror("expected yes or no.");
1231 		else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1232 		free($2);
1233 	}
1234 	;
1235 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1236 	{
1237 		OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1238 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1239 			yyerror("expected yes or no.");
1240 		else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1241 		free($2);
1242 	}
1243 	;
1244 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1245 	{
1246 		OUTYY(("P(server_log_servfail:%s)\n", $2));
1247 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1248 			yyerror("expected yes or no.");
1249 		else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1250 		free($2);
1251 	}
1252 	;
1253 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1254 	{
1255 		OUTYY(("P(server_log_local_actions:%s)\n", $2));
1256 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1257 			yyerror("expected yes or no.");
1258 		else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1259 		free($2);
1260 	}
1261 	;
1262 server_chroot: VAR_CHROOT STRING_ARG
1263 	{
1264 		OUTYY(("P(server_chroot:%s)\n", $2));
1265 		free(cfg_parser->cfg->chrootdir);
1266 		cfg_parser->cfg->chrootdir = $2;
1267 	}
1268 	;
1269 server_username: VAR_USERNAME STRING_ARG
1270 	{
1271 		OUTYY(("P(server_username:%s)\n", $2));
1272 		free(cfg_parser->cfg->username);
1273 		cfg_parser->cfg->username = $2;
1274 	}
1275 	;
1276 server_directory: VAR_DIRECTORY STRING_ARG
1277 	{
1278 		OUTYY(("P(server_directory:%s)\n", $2));
1279 		free(cfg_parser->cfg->directory);
1280 		cfg_parser->cfg->directory = $2;
1281 		/* change there right away for includes relative to this */
1282 		if($2[0]) {
1283 			char* d;
1284 #ifdef UB_ON_WINDOWS
1285 			w_config_adjust_directory(cfg_parser->cfg);
1286 #endif
1287 			d = cfg_parser->cfg->directory;
1288 			/* adjust directory if we have already chroot,
1289 			 * like, we reread after sighup */
1290 			if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1291 				strncmp(d, cfg_parser->chroot, strlen(
1292 				cfg_parser->chroot)) == 0)
1293 				d += strlen(cfg_parser->chroot);
1294 			if(d[0]) {
1295 				if(chdir(d))
1296 				log_err("cannot chdir to directory: %s (%s)",
1297 					d, strerror(errno));
1298 			}
1299 		}
1300 	}
1301 	;
1302 server_logfile: VAR_LOGFILE STRING_ARG
1303 	{
1304 		OUTYY(("P(server_logfile:%s)\n", $2));
1305 		free(cfg_parser->cfg->logfile);
1306 		cfg_parser->cfg->logfile = $2;
1307 		cfg_parser->cfg->use_syslog = 0;
1308 	}
1309 	;
1310 server_pidfile: VAR_PIDFILE STRING_ARG
1311 	{
1312 		OUTYY(("P(server_pidfile:%s)\n", $2));
1313 		free(cfg_parser->cfg->pidfile);
1314 		cfg_parser->cfg->pidfile = $2;
1315 	}
1316 	;
1317 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1318 	{
1319 		OUTYY(("P(server_root_hints:%s)\n", $2));
1320 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1321 			yyerror("out of memory");
1322 	}
1323 	;
1324 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1325 	{
1326 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1327 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1328 		free($2);
1329 	}
1330 	;
1331 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1332 	{
1333 		OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1334 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
1335 		free($2);
1336 	}
1337 	;
1338 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1339 	{
1340 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1341 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1342 			auto_trust_anchor_file_list, $2))
1343 			yyerror("out of memory");
1344 	}
1345 	;
1346 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1347 	{
1348 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1349 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1350 			trust_anchor_file_list, $2))
1351 			yyerror("out of memory");
1352 	}
1353 	;
1354 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1355 	{
1356 		OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1357 		if(!cfg_strlist_insert(&cfg_parser->cfg->
1358 			trusted_keys_file_list, $2))
1359 			yyerror("out of memory");
1360 	}
1361 	;
1362 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1363 	{
1364 		OUTYY(("P(server_trust_anchor:%s)\n", $2));
1365 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1366 			yyerror("out of memory");
1367 	}
1368 	;
1369 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1370 	{
1371 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1372 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1373 			yyerror("expected yes or no.");
1374 		else
1375 			cfg_parser->cfg->trust_anchor_signaling =
1376 				(strcmp($2, "yes")==0);
1377 		free($2);
1378 	}
1379 	;
1380 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1381 	{
1382 		OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1383 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1384 			yyerror("expected yes or no.");
1385 		else
1386 			cfg_parser->cfg->root_key_sentinel =
1387 				(strcmp($2, "yes")==0);
1388 		free($2);
1389 	}
1390 	;
1391 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1392 	{
1393 		OUTYY(("P(server_domain_insecure:%s)\n", $2));
1394 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1395 			yyerror("out of memory");
1396 	}
1397 	;
1398 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1399 	{
1400 		OUTYY(("P(server_hide_identity:%s)\n", $2));
1401 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1402 			yyerror("expected yes or no.");
1403 		else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1404 		free($2);
1405 	}
1406 	;
1407 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1408 	{
1409 		OUTYY(("P(server_hide_version:%s)\n", $2));
1410 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1411 			yyerror("expected yes or no.");
1412 		else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1413 		free($2);
1414 	}
1415 	;
1416 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1417 	{
1418 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1419 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1420 			yyerror("expected yes or no.");
1421 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1422 		free($2);
1423 	}
1424 	;
1425 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1426 	{
1427 		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1428 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1429 			yyerror("expected yes or no.");
1430 		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1431 		free($2);
1432 	}
1433 	;
1434 server_identity: VAR_IDENTITY STRING_ARG
1435 	{
1436 		OUTYY(("P(server_identity:%s)\n", $2));
1437 		free(cfg_parser->cfg->identity);
1438 		cfg_parser->cfg->identity = $2;
1439 	}
1440 	;
1441 server_version: VAR_VERSION STRING_ARG
1442 	{
1443 		OUTYY(("P(server_version:%s)\n", $2));
1444 		free(cfg_parser->cfg->version);
1445 		cfg_parser->cfg->version = $2;
1446 	}
1447 	;
1448 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1449 	{
1450 		OUTYY(("P(server_http_user_agent:%s)\n", $2));
1451 		free(cfg_parser->cfg->http_user_agent);
1452 		cfg_parser->cfg->http_user_agent = $2;
1453 	}
1454 	;
1455 server_nsid: VAR_NSID STRING_ARG
1456 	{
1457 		OUTYY(("P(server_nsid:%s)\n", $2));
1458 		free(cfg_parser->cfg->nsid_cfg_str);
1459 		cfg_parser->cfg->nsid_cfg_str = $2;
1460 		free(cfg_parser->cfg->nsid);
1461 		cfg_parser->cfg->nsid = NULL;
1462 		cfg_parser->cfg->nsid_len = 0;
1463 		if (*$2 == 0)
1464 			; /* pass; empty string is not setting nsid */
1465 		else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1466 					$2, &cfg_parser->cfg->nsid_len)))
1467 			yyerror("the NSID must be either a hex string or an "
1468 			    "ascii character string prepended with ascii_.");
1469 	}
1470 	;
1471 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1472 	{
1473 		OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1474 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1475 			yyerror("buffer size expected");
1476 		free($2);
1477 	}
1478 	;
1479 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1480 	{
1481 		OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1482 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1483 			yyerror("buffer size expected");
1484 		free($2);
1485 	}
1486 	;
1487 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1488 	{
1489 		OUTYY(("P(server_so_reuseport:%s)\n", $2));
1490 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1491 			yyerror("expected yes or no.");
1492 		else cfg_parser->cfg->so_reuseport =
1493 			(strcmp($2, "yes")==0);
1494 		free($2);
1495 	}
1496 	;
1497 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1498 	{
1499 		OUTYY(("P(server_ip_transparent:%s)\n", $2));
1500 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1501 			yyerror("expected yes or no.");
1502 		else cfg_parser->cfg->ip_transparent =
1503 			(strcmp($2, "yes")==0);
1504 		free($2);
1505 	}
1506 	;
1507 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1508 	{
1509 		OUTYY(("P(server_ip_freebind:%s)\n", $2));
1510 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1511 			yyerror("expected yes or no.");
1512 		else cfg_parser->cfg->ip_freebind =
1513 			(strcmp($2, "yes")==0);
1514 		free($2);
1515 	}
1516 	;
1517 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1518 	{
1519 		OUTYY(("P(server_ip_dscp:%s)\n", $2));
1520 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1521 			yyerror("number expected");
1522 		else if (atoi($2) > 63)
1523 			yyerror("value too large (max 63)");
1524 		else if (atoi($2) < 0)
1525 			yyerror("value too small (min 0)");
1526 		else
1527 			cfg_parser->cfg->ip_dscp = atoi($2);
1528 		free($2);
1529 	}
1530 	;
1531 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1532 	{
1533 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1534 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1535 			yyerror("memory size expected");
1536 		free($2);
1537 	}
1538 	;
1539 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1540 	{
1541 		OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1542 		if(atoi($2) == 0)
1543 			yyerror("number expected");
1544 		else if (atoi($2) < 12)
1545 			yyerror("edns buffer size too small");
1546 		else if (atoi($2) > 65535)
1547 			cfg_parser->cfg->edns_buffer_size = 65535;
1548 		else cfg_parser->cfg->edns_buffer_size = atoi($2);
1549 		free($2);
1550 	}
1551 	;
1552 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1553 	{
1554 		OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1555 		if(atoi($2) == 0)
1556 			yyerror("number expected");
1557 		else if (atoi($2) < 4096)
1558 			yyerror("message buffer size too small (use 4096)");
1559 		else cfg_parser->cfg->msg_buffer_size = atoi($2);
1560 		free($2);
1561 	}
1562 	;
1563 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1564 	{
1565 		OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1566 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1567 			yyerror("memory size expected");
1568 		free($2);
1569 	}
1570 	;
1571 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1572 	{
1573 		OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1574 		if(atoi($2) == 0) {
1575 			yyerror("number expected");
1576 		} else {
1577 			cfg_parser->cfg->msg_cache_slabs = atoi($2);
1578 			if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1579 				yyerror("must be a power of 2");
1580 		}
1581 		free($2);
1582 	}
1583 	;
1584 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1585 	{
1586 		OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1587 		if(atoi($2) == 0)
1588 			yyerror("number expected");
1589 		else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1590 		free($2);
1591 	}
1592 	;
1593 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1594 	{
1595 		OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1596 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1597 			yyerror("number expected");
1598 		else cfg_parser->cfg->jostle_time = atoi($2);
1599 		free($2);
1600 	}
1601 	;
1602 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1603 	{
1604 		OUTYY(("P(server_delay_close:%s)\n", $2));
1605 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1606 			yyerror("number expected");
1607 		else cfg_parser->cfg->delay_close = atoi($2);
1608 		free($2);
1609 	}
1610 	;
1611 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1612 	{
1613 		OUTYY(("P(server_udp_connect:%s)\n", $2));
1614 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1615 			yyerror("expected yes or no.");
1616 		else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1617 		free($2);
1618 	}
1619 	;
1620 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1621 	{
1622 		OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1623 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1624 			yyerror("expected yes or no.");
1625 		else cfg_parser->cfg->unblock_lan_zones =
1626 			(strcmp($2, "yes")==0);
1627 		free($2);
1628 	}
1629 	;
1630 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1631 	{
1632 		OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1633 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1634 			yyerror("expected yes or no.");
1635 		else cfg_parser->cfg->insecure_lan_zones =
1636 			(strcmp($2, "yes")==0);
1637 		free($2);
1638 	}
1639 	;
1640 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1641 	{
1642 		OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1643 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1644 			yyerror("memory size expected");
1645 		free($2);
1646 	}
1647 	;
1648 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1649 	{
1650 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1651 		if(atoi($2) == 0) {
1652 			yyerror("number expected");
1653 		} else {
1654 			cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1655 			if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1656 				yyerror("must be a power of 2");
1657 		}
1658 		free($2);
1659 	}
1660 	;
1661 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1662 	{
1663 		OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1664 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1665 			yyerror("number expected");
1666 		else cfg_parser->cfg->host_ttl = atoi($2);
1667 		free($2);
1668 	}
1669 	;
1670 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1671 	{
1672 		OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1673 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1674 			"removed, use infra-host-ttl)", $2);
1675 		free($2);
1676 	}
1677 	;
1678 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1679 	{
1680 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1681 		if(atoi($2) == 0)
1682 			yyerror("number expected");
1683 		else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1684 		free($2);
1685 	}
1686 	;
1687 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1688 	{
1689 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1690 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1691 			"(option removed, use infra-cache-numhosts)", $2);
1692 		free($2);
1693 	}
1694 	;
1695 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1696 	{
1697 		OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1698 		if(atoi($2) == 0) {
1699 			yyerror("number expected");
1700 		} else {
1701 			cfg_parser->cfg->infra_cache_slabs = atoi($2);
1702 			if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1703 				yyerror("must be a power of 2");
1704 		}
1705 		free($2);
1706 	}
1707 	;
1708 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1709 	{
1710 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1711 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1712 			yyerror("number expected");
1713 		else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1714 		free($2);
1715 	}
1716 	;
1717 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1718 	{
1719 		OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1720 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1721 			yyerror("number expected");
1722 		else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1723 		free($2);
1724 	}
1725 	;
1726 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1727 	{
1728 		OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1729 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1730 			yyerror("expected yes or no.");
1731 		else cfg_parser->cfg->infra_keep_probing =
1732 			(strcmp($2, "yes")==0);
1733 		free($2);
1734 	}
1735 	;
1736 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1737 	{
1738 		OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1739 		free(cfg_parser->cfg->target_fetch_policy);
1740 		cfg_parser->cfg->target_fetch_policy = $2;
1741 	}
1742 	;
1743 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1744 	{
1745 		OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1746 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1747 			yyerror("expected yes or no.");
1748 		else cfg_parser->cfg->harden_short_bufsize =
1749 			(strcmp($2, "yes")==0);
1750 		free($2);
1751 	}
1752 	;
1753 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1754 	{
1755 		OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1756 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1757 			yyerror("expected yes or no.");
1758 		else cfg_parser->cfg->harden_large_queries =
1759 			(strcmp($2, "yes")==0);
1760 		free($2);
1761 	}
1762 	;
1763 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1764 	{
1765 		OUTYY(("P(server_harden_glue:%s)\n", $2));
1766 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1767 			yyerror("expected yes or no.");
1768 		else cfg_parser->cfg->harden_glue =
1769 			(strcmp($2, "yes")==0);
1770 		free($2);
1771 	}
1772 	;
1773 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1774 	{
1775 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1776 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1777 			yyerror("expected yes or no.");
1778 		else cfg_parser->cfg->harden_dnssec_stripped =
1779 			(strcmp($2, "yes")==0);
1780 		free($2);
1781 	}
1782 	;
1783 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1784 	{
1785 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1786 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1787 			yyerror("expected yes or no.");
1788 		else cfg_parser->cfg->harden_below_nxdomain =
1789 			(strcmp($2, "yes")==0);
1790 		free($2);
1791 	}
1792 	;
1793 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1794 	{
1795 		OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1796 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1797 			yyerror("expected yes or no.");
1798 		else cfg_parser->cfg->harden_referral_path =
1799 			(strcmp($2, "yes")==0);
1800 		free($2);
1801 	}
1802 	;
1803 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1804 	{
1805 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1806 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1807 			yyerror("expected yes or no.");
1808 		else cfg_parser->cfg->harden_algo_downgrade =
1809 			(strcmp($2, "yes")==0);
1810 		free($2);
1811 	}
1812 	;
1813 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1814 	{
1815 		OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1816 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1817 			yyerror("expected yes or no.");
1818 		else cfg_parser->cfg->harden_unknown_additional =
1819 			(strcmp($2, "yes")==0);
1820 		free($2);
1821 	}
1822 	;
1823 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1824 	{
1825 		OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1826 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1827 			yyerror("expected yes or no.");
1828 		else cfg_parser->cfg->use_caps_bits_for_id =
1829 			(strcmp($2, "yes")==0);
1830 		free($2);
1831 	}
1832 	;
1833 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1834 	{
1835 		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1836 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1837 			yyerror("out of memory");
1838 	}
1839 	;
1840 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1841 	{
1842 		OUTYY(("P(server_private_address:%s)\n", $2));
1843 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1844 			yyerror("out of memory");
1845 	}
1846 	;
1847 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1848 	{
1849 		OUTYY(("P(server_private_domain:%s)\n", $2));
1850 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1851 			yyerror("out of memory");
1852 	}
1853 	;
1854 server_prefetch: VAR_PREFETCH STRING_ARG
1855 	{
1856 		OUTYY(("P(server_prefetch:%s)\n", $2));
1857 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1858 			yyerror("expected yes or no.");
1859 		else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1860 		free($2);
1861 	}
1862 	;
1863 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1864 	{
1865 		OUTYY(("P(server_prefetch_key:%s)\n", $2));
1866 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1867 			yyerror("expected yes or no.");
1868 		else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1869 		free($2);
1870 	}
1871 	;
1872 server_deny_any: VAR_DENY_ANY STRING_ARG
1873 	{
1874 		OUTYY(("P(server_deny_any:%s)\n", $2));
1875 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1876 			yyerror("expected yes or no.");
1877 		else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1878 		free($2);
1879 	}
1880 	;
1881 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1882 	{
1883 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1884 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1885 			yyerror("number expected");
1886 		else cfg_parser->cfg->unwanted_threshold = atoi($2);
1887 		free($2);
1888 	}
1889 	;
1890 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1891 	{
1892 		OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1893 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1894 			yyerror("out of memory");
1895 	}
1896 	;
1897 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1898 	{
1899 		OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1900 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1901 			yyerror("expected yes or no.");
1902 		else cfg_parser->cfg->donotquery_localhost =
1903 			(strcmp($2, "yes")==0);
1904 		free($2);
1905 	}
1906 	;
1907 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1908 	{
1909 		OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1910 		validate_acl_action($3);
1911 		if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1912 			fatal_exit("out of memory adding acl");
1913 	}
1914 	;
1915 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
1916 	{
1917 		OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
1918 		validate_acl_action($3);
1919 		if(!cfg_str2list_insert(
1920 			&cfg_parser->cfg->interface_actions, $2, $3))
1921 			fatal_exit("out of memory adding acl");
1922 	}
1923 	;
1924 server_module_conf: VAR_MODULE_CONF STRING_ARG
1925 	{
1926 		OUTYY(("P(server_module_conf:%s)\n", $2));
1927 		free(cfg_parser->cfg->module_conf);
1928 		cfg_parser->cfg->module_conf = $2;
1929 	}
1930 	;
1931 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1932 	{
1933 		OUTYY(("P(server_val_override_date:%s)\n", $2));
1934 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1935 			cfg_parser->cfg->val_date_override = 0;
1936 		} else if(strlen($2) == 14) {
1937 			cfg_parser->cfg->val_date_override =
1938 				cfg_convert_timeval($2);
1939 			if(!cfg_parser->cfg->val_date_override)
1940 				yyerror("bad date/time specification");
1941 		} else {
1942 			if(atoi($2) == 0)
1943 				yyerror("number expected");
1944 			cfg_parser->cfg->val_date_override = atoi($2);
1945 		}
1946 		free($2);
1947 	}
1948 	;
1949 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1950 	{
1951 		OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1952 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1953 			cfg_parser->cfg->val_sig_skew_min = 0;
1954 		} else {
1955 			cfg_parser->cfg->val_sig_skew_min = atoi($2);
1956 			if(!cfg_parser->cfg->val_sig_skew_min)
1957 				yyerror("number expected");
1958 		}
1959 		free($2);
1960 	}
1961 	;
1962 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1963 	{
1964 		OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1965 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1966 			cfg_parser->cfg->val_sig_skew_max = 0;
1967 		} else {
1968 			cfg_parser->cfg->val_sig_skew_max = atoi($2);
1969 			if(!cfg_parser->cfg->val_sig_skew_max)
1970 				yyerror("number expected");
1971 		}
1972 		free($2);
1973 	}
1974 	;
1975 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1976 	{
1977 		OUTYY(("P(server_val_max_restart:%s)\n", $2));
1978 		if(*$2 == '\0' || strcmp($2, "0") == 0) {
1979 			cfg_parser->cfg->val_max_restart = 0;
1980 		} else {
1981 			cfg_parser->cfg->val_max_restart = atoi($2);
1982 			if(!cfg_parser->cfg->val_max_restart)
1983 				yyerror("number expected");
1984 		}
1985 		free($2);
1986 	}
1987 	;
1988 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1989 	{
1990 		OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1991 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
1992 			yyerror("number expected");
1993 		else cfg_parser->cfg->max_ttl = atoi($2);
1994 		free($2);
1995 	}
1996 	;
1997 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1998 	{
1999 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2000 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2001 			yyerror("number expected");
2002 		else cfg_parser->cfg->max_negative_ttl = atoi($2);
2003 		free($2);
2004 	}
2005 	;
2006 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2007 	{
2008 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2009 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2010 			yyerror("number expected");
2011 		else cfg_parser->cfg->min_ttl = atoi($2);
2012 		free($2);
2013 	}
2014 	;
2015 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2016 	{
2017 		OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2018 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2019 			yyerror("number expected");
2020 		else cfg_parser->cfg->bogus_ttl = atoi($2);
2021 		free($2);
2022 	}
2023 	;
2024 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2025 	{
2026 		OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2027 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2028 			yyerror("expected yes or no.");
2029 		else cfg_parser->cfg->val_clean_additional =
2030 			(strcmp($2, "yes")==0);
2031 		free($2);
2032 	}
2033 	;
2034 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2035 	{
2036 		OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2037 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2038 			yyerror("expected yes or no.");
2039 		else cfg_parser->cfg->val_permissive_mode =
2040 			(strcmp($2, "yes")==0);
2041 		free($2);
2042 	}
2043 	;
2044 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2045 	{
2046 		OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2047 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2048 			yyerror("expected yes or no.");
2049 		else
2050 			cfg_parser->cfg->aggressive_nsec =
2051 				(strcmp($2, "yes")==0);
2052 		free($2);
2053 	}
2054 	;
2055 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2056 	{
2057 		OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2058 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2059 			yyerror("expected yes or no.");
2060 		else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2061 		free($2);
2062 	}
2063 	;
2064 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2065 	{
2066 		OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2067 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2068 			yyerror("expected yes or no.");
2069 		else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2070 		free($2);
2071 	}
2072 	;
2073 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2074 	{
2075 		OUTYY(("P(server_serve_expired:%s)\n", $2));
2076 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2077 			yyerror("expected yes or no.");
2078 		else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2079 		free($2);
2080 	}
2081 	;
2082 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2083 	{
2084 		OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2085 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2086 			yyerror("number expected");
2087 		else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2088 		free($2);
2089 	}
2090 	;
2091 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2092 	{
2093 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2094 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2095 			yyerror("expected yes or no.");
2096 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2097 		free($2);
2098 	}
2099 	;
2100 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2101 	{
2102 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2103 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2104 			yyerror("number expected");
2105 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2106 		free($2);
2107 	}
2108 	;
2109 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2110 	{
2111 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2112 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2113 			yyerror("number expected");
2114 		else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2115 		free($2);
2116 	}
2117 	;
2118 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2119 	{
2120 		OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2121 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2122 			yyerror("expected yes or no.");
2123 		else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2124 		free($2);
2125 	}
2126 	;
2127 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2128 	{
2129 		OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2130 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2131 			yyerror("expected yes or no.");
2132 		else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2133 		free($2);
2134 	}
2135 	;
2136 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2137 	{
2138 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
2139 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140 			yyerror("expected yes or no.");
2141 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2142 		else fake_dsa = (strcmp($2, "yes")==0);
2143 		if(fake_dsa)
2144 			log_warn("test option fake_dsa is enabled");
2145 #endif
2146 		free($2);
2147 	}
2148 	;
2149 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2150 	{
2151 		OUTYY(("P(server_fake_sha1:%s)\n", $2));
2152 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2153 			yyerror("expected yes or no.");
2154 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2155 		else fake_sha1 = (strcmp($2, "yes")==0);
2156 		if(fake_sha1)
2157 			log_warn("test option fake_sha1 is enabled");
2158 #endif
2159 		free($2);
2160 	}
2161 	;
2162 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2163 	{
2164 		OUTYY(("P(server_val_log_level:%s)\n", $2));
2165 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2166 			yyerror("number expected");
2167 		else cfg_parser->cfg->val_log_level = atoi($2);
2168 		free($2);
2169 	}
2170 	;
2171 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2172 	{
2173 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2174 		free(cfg_parser->cfg->val_nsec3_key_iterations);
2175 		cfg_parser->cfg->val_nsec3_key_iterations = $2;
2176 	}
2177 	;
2178 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2179 	{
2180 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2181 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2182 			yyerror("expected yes or no.");
2183 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2184 		free($2);
2185 	}
2186 	;
2187 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2188 	{
2189 		OUTYY(("P(server_add_holddown:%s)\n", $2));
2190 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2191 			yyerror("number expected");
2192 		else cfg_parser->cfg->add_holddown = atoi($2);
2193 		free($2);
2194 	}
2195 	;
2196 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2197 	{
2198 		OUTYY(("P(server_del_holddown:%s)\n", $2));
2199 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2200 			yyerror("number expected");
2201 		else cfg_parser->cfg->del_holddown = atoi($2);
2202 		free($2);
2203 	}
2204 	;
2205 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2206 	{
2207 		OUTYY(("P(server_keep_missing:%s)\n", $2));
2208 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2209 			yyerror("number expected");
2210 		else cfg_parser->cfg->keep_missing = atoi($2);
2211 		free($2);
2212 	}
2213 	;
2214 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2215 	{
2216 		OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2217 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2218 			yyerror("expected yes or no.");
2219 		else cfg_parser->cfg->permit_small_holddown =
2220 			(strcmp($2, "yes")==0);
2221 		free($2);
2222 	}
2223 	;
2224 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2225 	{
2226 		OUTYY(("P(server_key_cache_size:%s)\n", $2));
2227 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2228 			yyerror("memory size expected");
2229 		free($2);
2230 	}
2231 	;
2232 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2233 	{
2234 		OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2235 		if(atoi($2) == 0) {
2236 			yyerror("number expected");
2237 		} else {
2238 			cfg_parser->cfg->key_cache_slabs = atoi($2);
2239 			if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2240 				yyerror("must be a power of 2");
2241 		}
2242 		free($2);
2243 	}
2244 	;
2245 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2246 	{
2247 		OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2248 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2249 			yyerror("memory size expected");
2250 		free($2);
2251 	}
2252 	;
2253 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2254 	{
2255 		OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2256 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2257 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2258 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2259 		   && strcmp($3, "typetransparent")!=0
2260 		   && strcmp($3, "always_transparent")!=0
2261 		   && strcmp($3, "block_a")!=0
2262 		   && strcmp($3, "always_refuse")!=0
2263 		   && strcmp($3, "always_nxdomain")!=0
2264 		   && strcmp($3, "always_nodata")!=0
2265 		   && strcmp($3, "always_deny")!=0
2266 		   && strcmp($3, "always_null")!=0
2267 		   && strcmp($3, "noview")!=0
2268 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2269 		   && strcmp($3, "inform_redirect") != 0
2270 		   && strcmp($3, "ipset") != 0) {
2271 			yyerror("local-zone type: expected static, deny, "
2272 				"refuse, redirect, transparent, "
2273 				"typetransparent, inform, inform_deny, "
2274 				"inform_redirect, always_transparent, block_a,"
2275 				"always_refuse, always_nxdomain, "
2276 				"always_nodata, always_deny, always_null, "
2277 				"noview, nodefault or ipset");
2278 			free($2);
2279 			free($3);
2280 		} else if(strcmp($3, "nodefault")==0) {
2281 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2282 				local_zones_nodefault, $2))
2283 				fatal_exit("out of memory adding local-zone");
2284 			free($3);
2285 #ifdef USE_IPSET
2286 		} else if(strcmp($3, "ipset")==0) {
2287 			size_t len = strlen($2);
2288 			/* Make sure to add the trailing dot.
2289 			 * These are str compared to domain names. */
2290 			if($2[len-1] != '.') {
2291 				if(!($2 = realloc($2, len+2))) {
2292 					fatal_exit("out of memory adding local-zone");
2293 				}
2294 				$2[len] = '.';
2295 				$2[len+1] = 0;
2296 			}
2297 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2298 				local_zones_ipset, $2))
2299 				fatal_exit("out of memory adding local-zone");
2300 			free($3);
2301 #endif
2302 		} else {
2303 			if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2304 				$2, $3))
2305 				fatal_exit("out of memory adding local-zone");
2306 		}
2307 	}
2308 	;
2309 server_local_data: VAR_LOCAL_DATA STRING_ARG
2310 	{
2311 		OUTYY(("P(server_local_data:%s)\n", $2));
2312 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2313 			fatal_exit("out of memory adding local-data");
2314 	}
2315 	;
2316 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2317 	{
2318 		char* ptr;
2319 		OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2320 		ptr = cfg_ptr_reverse($2);
2321 		free($2);
2322 		if(ptr) {
2323 			if(!cfg_strlist_insert(&cfg_parser->cfg->
2324 				local_data, ptr))
2325 				fatal_exit("out of memory adding local-data");
2326 		} else {
2327 			yyerror("local-data-ptr could not be reversed");
2328 		}
2329 	}
2330 	;
2331 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2332 	{
2333 		OUTYY(("P(server_minimal_responses:%s)\n", $2));
2334 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2335 			yyerror("expected yes or no.");
2336 		else cfg_parser->cfg->minimal_responses =
2337 			(strcmp($2, "yes")==0);
2338 		free($2);
2339 	}
2340 	;
2341 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2342 	{
2343 		OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2344 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2345 			yyerror("expected yes or no.");
2346 		else cfg_parser->cfg->rrset_roundrobin =
2347 			(strcmp($2, "yes")==0);
2348 		free($2);
2349 	}
2350 	;
2351 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2352 	{
2353 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2354 		cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2355 		free($2);
2356 	}
2357 	;
2358 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2359 	{
2360 		OUTYY(("P(server_max_udp_size:%s)\n", $2));
2361 		cfg_parser->cfg->max_udp_size = atoi($2);
2362 		free($2);
2363 	}
2364 	;
2365 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2366 	{
2367 		OUTYY(("P(dns64_prefix:%s)\n", $2));
2368 		free(cfg_parser->cfg->dns64_prefix);
2369 		cfg_parser->cfg->dns64_prefix = $2;
2370 	}
2371 	;
2372 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2373 	{
2374 		OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2375 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2376 			yyerror("expected yes or no.");
2377 		else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2378 		free($2);
2379 	}
2380 	;
2381 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2382 	{
2383 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2384 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2385 			$2))
2386 			fatal_exit("out of memory adding dns64-ignore-aaaa");
2387 	}
2388 	;
2389 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2390 	{
2391 		OUTYY(("P(nat64_prefix:%s)\n", $2));
2392 		free(cfg_parser->cfg->nat64_prefix);
2393 		cfg_parser->cfg->nat64_prefix = $2;
2394 	}
2395 	;
2396 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2397 	{
2398 		char* p, *s = $2;
2399 		OUTYY(("P(server_define_tag:%s)\n", $2));
2400 		while((p=strsep(&s, " \t\n")) != NULL) {
2401 			if(*p) {
2402 				if(!config_add_tag(cfg_parser->cfg, p))
2403 					yyerror("could not define-tag, "
2404 						"out of memory");
2405 			}
2406 		}
2407 		free($2);
2408 	}
2409 	;
2410 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2411 	{
2412 		size_t len = 0;
2413 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2414 			&len);
2415 		free($3);
2416 		OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2417 		if(!bitlist) {
2418 			yyerror("could not parse tags, (define-tag them first)");
2419 			free($2);
2420 		}
2421 		if(bitlist) {
2422 			if(!cfg_strbytelist_insert(
2423 				&cfg_parser->cfg->local_zone_tags,
2424 				$2, bitlist, len)) {
2425 				yyerror("out of memory");
2426 				free($2);
2427 			}
2428 		}
2429 	}
2430 	;
2431 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2432 	{
2433 		size_t len = 0;
2434 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2435 			&len);
2436 		free($3);
2437 		OUTYY(("P(server_access_control_tag:%s)\n", $2));
2438 		if(!bitlist) {
2439 			yyerror("could not parse tags, (define-tag them first)");
2440 			free($2);
2441 		}
2442 		if(bitlist) {
2443 			if(!cfg_strbytelist_insert(
2444 				&cfg_parser->cfg->acl_tags,
2445 				$2, bitlist, len)) {
2446 				yyerror("out of memory");
2447 				free($2);
2448 			}
2449 		}
2450 	}
2451 	;
2452 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2453 	{
2454 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2455 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2456 			$2, $3, $4)) {
2457 			yyerror("out of memory");
2458 			free($2);
2459 			free($3);
2460 			free($4);
2461 		}
2462 	}
2463 	;
2464 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2465 	{
2466 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2467 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2468 			$2, $3, $4)) {
2469 			yyerror("out of memory");
2470 			free($2);
2471 			free($3);
2472 			free($4);
2473 		}
2474 	}
2475 	;
2476 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2477 	{
2478 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2479 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2480 			$2, $3, $4)) {
2481 			yyerror("out of memory");
2482 			free($2);
2483 			free($3);
2484 			free($4);
2485 		}
2486 	}
2487 	;
2488 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2489 	{
2490 		OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2491 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2492 			$2, $3)) {
2493 			yyerror("out of memory");
2494 		}
2495 	}
2496 	;
2497 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2498 	{
2499 		size_t len = 0;
2500 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2501 			&len);
2502 		free($3);
2503 		OUTYY(("P(server_interface_tag:%s)\n", $2));
2504 		if(!bitlist) {
2505 			yyerror("could not parse tags, (define-tag them first)");
2506 			free($2);
2507 		}
2508 		if(bitlist) {
2509 			if(!cfg_strbytelist_insert(
2510 				&cfg_parser->cfg->interface_tags,
2511 				$2, bitlist, len)) {
2512 				yyerror("out of memory");
2513 				free($2);
2514 			}
2515 		}
2516 	}
2517 	;
2518 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2519 	{
2520 		OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2521 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2522 			$2, $3, $4)) {
2523 			yyerror("out of memory");
2524 			free($2);
2525 			free($3);
2526 			free($4);
2527 		}
2528 	}
2529 	;
2530 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2531 	{
2532 		OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2533 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2534 			$2, $3, $4)) {
2535 			yyerror("out of memory");
2536 			free($2);
2537 			free($3);
2538 			free($4);
2539 		}
2540 	}
2541 	;
2542 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2543 	{
2544 		OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2545 		if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2546 			$2, $3)) {
2547 			yyerror("out of memory");
2548 		}
2549 	}
2550 	;
2551 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2552 	{
2553 		size_t len = 0;
2554 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2555 			&len);
2556 		free($3);
2557 		OUTYY(("P(response_ip_tag:%s)\n", $2));
2558 		if(!bitlist) {
2559 			yyerror("could not parse tags, (define-tag them first)");
2560 			free($2);
2561 		}
2562 		if(bitlist) {
2563 			if(!cfg_strbytelist_insert(
2564 				&cfg_parser->cfg->respip_tags,
2565 				$2, bitlist, len)) {
2566 				yyerror("out of memory");
2567 				free($2);
2568 			}
2569 		}
2570 	}
2571 	;
2572 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2573 	{
2574 		OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2575 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2576 			yyerror("number expected");
2577 		else cfg_parser->cfg->ip_ratelimit = atoi($2);
2578 		free($2);
2579 	}
2580 	;
2581 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2582 	{
2583 		OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2584 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2585 			yyerror("number expected");
2586 		else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2587 		free($2);
2588 	}
2589 	;
2590 server_ratelimit: VAR_RATELIMIT STRING_ARG
2591 	{
2592 		OUTYY(("P(server_ratelimit:%s)\n", $2));
2593 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2594 			yyerror("number expected");
2595 		else cfg_parser->cfg->ratelimit = atoi($2);
2596 		free($2);
2597 	}
2598 	;
2599 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2600 	{
2601 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2602 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2603 			yyerror("memory size expected");
2604 		free($2);
2605 	}
2606 	;
2607 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2608 	{
2609 		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2610 		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2611 			yyerror("memory size expected");
2612 		free($2);
2613 	}
2614 	;
2615 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2616 	{
2617 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2618 		if(atoi($2) == 0) {
2619 			yyerror("number expected");
2620 		} else {
2621 			cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2622 			if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2623 				yyerror("must be a power of 2");
2624 		}
2625 		free($2);
2626 	}
2627 	;
2628 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2629 	{
2630 		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2631 		if(atoi($2) == 0) {
2632 			yyerror("number expected");
2633 		} else {
2634 			cfg_parser->cfg->ratelimit_slabs = atoi($2);
2635 			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2636 				yyerror("must be a power of 2");
2637 		}
2638 		free($2);
2639 	}
2640 	;
2641 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2642 	{
2643 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2644 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2645 			yyerror("number expected");
2646 			free($2);
2647 			free($3);
2648 		} else {
2649 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2650 				ratelimit_for_domain, $2, $3))
2651 				fatal_exit("out of memory adding "
2652 					"ratelimit-for-domain");
2653 		}
2654 	}
2655 	;
2656 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2657 	{
2658 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2659 		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2660 			yyerror("number expected");
2661 			free($2);
2662 			free($3);
2663 		} else {
2664 			if(!cfg_str2list_insert(&cfg_parser->cfg->
2665 				ratelimit_below_domain, $2, $3))
2666 				fatal_exit("out of memory adding "
2667 					"ratelimit-below-domain");
2668 		}
2669 	}
2670 	;
2671 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2672 	{
2673 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2674 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2675 			yyerror("number expected");
2676 		else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2677 		free($2);
2678 	}
2679 	;
2680 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2681 	{
2682 		OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2683 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2684 			yyerror("number expected");
2685 		else cfg_parser->cfg->ratelimit_factor = atoi($2);
2686 		free($2);
2687 	}
2688 	;
2689 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2690 	{
2691 		OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2692 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2693 			yyerror("expected yes or no.");
2694 		else cfg_parser->cfg->ip_ratelimit_backoff =
2695 			(strcmp($2, "yes")==0);
2696 		free($2);
2697 	}
2698 	;
2699 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2700 	{
2701 		OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2702 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2703 			yyerror("expected yes or no.");
2704 		else cfg_parser->cfg->ratelimit_backoff =
2705 			(strcmp($2, "yes")==0);
2706 		free($2);
2707 	}
2708 	;
2709 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2710 	{
2711 		OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2712 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2713 			yyerror("number expected");
2714 		else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2715 		free($2);
2716 	}
2717 	;
2718 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2719 	{
2720 		OUTYY(("P(server_max_sent_count:%s)\n", $2));
2721 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2722 			yyerror("number expected");
2723 		else cfg_parser->cfg->max_sent_count = atoi($2);
2724 		free($2);
2725 	}
2726 	;
2727 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2728 	{
2729 		OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2730 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2731 			yyerror("number expected");
2732 		else cfg_parser->cfg->max_query_restarts = atoi($2);
2733 		free($2);
2734 	}
2735 	;
2736 server_low_rtt: VAR_LOW_RTT STRING_ARG
2737 	{
2738 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2739 		free($2);
2740 	}
2741 	;
2742 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2743 	{
2744 		OUTYY(("P(server_fast_server_num:%s)\n", $2));
2745 		if(atoi($2) <= 0)
2746 			yyerror("number expected");
2747 		else cfg_parser->cfg->fast_server_num = atoi($2);
2748 		free($2);
2749 	}
2750 	;
2751 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2752 	{
2753 		OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2754 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2755 			yyerror("number expected");
2756 		else cfg_parser->cfg->fast_server_permil = atoi($2);
2757 		free($2);
2758 	}
2759 	;
2760 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2761 	{
2762 		OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2763 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2764 			yyerror("expected yes or no.");
2765 		else cfg_parser->cfg->qname_minimisation =
2766 			(strcmp($2, "yes")==0);
2767 		free($2);
2768 	}
2769 	;
2770 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2771 	{
2772 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2773 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2774 			yyerror("expected yes or no.");
2775 		else cfg_parser->cfg->qname_minimisation_strict =
2776 			(strcmp($2, "yes")==0);
2777 		free($2);
2778 	}
2779 	;
2780 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2781 	{
2782 		OUTYY(("P(server_pad_responses:%s)\n", $2));
2783 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784 			yyerror("expected yes or no.");
2785 		else cfg_parser->cfg->pad_responses =
2786 			(strcmp($2, "yes")==0);
2787 		free($2);
2788 	}
2789 	;
2790 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2791 	{
2792 		OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2793 		if(atoi($2) == 0)
2794 			yyerror("number expected");
2795 		else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2796 		free($2);
2797 	}
2798 	;
2799 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2800 	{
2801 		OUTYY(("P(server_pad_queries:%s)\n", $2));
2802 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2803 			yyerror("expected yes or no.");
2804 		else cfg_parser->cfg->pad_queries =
2805 			(strcmp($2, "yes")==0);
2806 		free($2);
2807 	}
2808 	;
2809 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2810 	{
2811 		OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2812 		if(atoi($2) == 0)
2813 			yyerror("number expected");
2814 		else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2815 		free($2);
2816 	}
2817 	;
2818 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2819 	{
2820 	#ifdef USE_IPSECMOD
2821 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2822 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2823 			yyerror("expected yes or no.");
2824 		else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2825 	#else
2826 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2827 	#endif
2828 		free($2);
2829 	}
2830 	;
2831 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2832 	{
2833 	#ifdef USE_IPSECMOD
2834 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2835 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2836 			yyerror("expected yes or no.");
2837 		else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2838 	#else
2839 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2840 	#endif
2841 		free($2);
2842 	}
2843 	;
2844 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2845 	{
2846 	#ifdef USE_IPSECMOD
2847 		OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2848 		free(cfg_parser->cfg->ipsecmod_hook);
2849 		cfg_parser->cfg->ipsecmod_hook = $2;
2850 	#else
2851 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2852 		free($2);
2853 	#endif
2854 	}
2855 	;
2856 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2857 	{
2858 	#ifdef USE_IPSECMOD
2859 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2860 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2861 			yyerror("number expected");
2862 		else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2863 		free($2);
2864 	#else
2865 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2866 		free($2);
2867 	#endif
2868 	}
2869 	;
2870 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2871 	{
2872 	#ifdef USE_IPSECMOD
2873 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2874 		if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2875 			yyerror("out of memory");
2876 	#else
2877 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2878 		free($2);
2879 	#endif
2880 	}
2881 	;
2882 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2883 	{
2884 	#ifdef USE_IPSECMOD
2885 		OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2886 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2887 			yyerror("expected yes or no.");
2888 		else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2889 		free($2);
2890 	#else
2891 		OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2892 		free($2);
2893 	#endif
2894 	}
2895 	;
2896 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
2897 	{
2898 		OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
2899 		if(!cfg_str2list_insert(
2900 			&cfg_parser->cfg->edns_client_strings, $2, $3))
2901 			fatal_exit("out of memory adding "
2902 				"edns-client-string");
2903 	}
2904 	;
2905 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
2906 	{
2907 		OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
2908 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
2909 			yyerror("option code expected");
2910 		else if(atoi($2) > 65535 || atoi($2) < 0)
2911 			yyerror("option code must be in interval [0, 65535]");
2912 		else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
2913 		free($2);
2914 	}
2915 	;
2916 server_ede: VAR_EDE STRING_ARG
2917 	{
2918 		OUTYY(("P(server_ede:%s)\n", $2));
2919 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2920 			yyerror("expected yes or no.");
2921 		else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
2922 		free($2);
2923 	}
2924 	;
2925 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
2926 	{
2927 		OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
2928 		if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
2929 			yyerror("out of memory");
2930 	}
2931 	;
2932 stub_name: VAR_NAME STRING_ARG
2933 	{
2934 		OUTYY(("P(name:%s)\n", $2));
2935 		if(cfg_parser->cfg->stubs->name)
2936 			yyerror("stub name override, there must be one name "
2937 				"for one stub-zone");
2938 		free(cfg_parser->cfg->stubs->name);
2939 		cfg_parser->cfg->stubs->name = $2;
2940 	}
2941 	;
2942 stub_host: VAR_STUB_HOST STRING_ARG
2943 	{
2944 		OUTYY(("P(stub-host:%s)\n", $2));
2945 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2946 			yyerror("out of memory");
2947 	}
2948 	;
2949 stub_addr: VAR_STUB_ADDR STRING_ARG
2950 	{
2951 		OUTYY(("P(stub-addr:%s)\n", $2));
2952 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2953 			yyerror("out of memory");
2954 	}
2955 	;
2956 stub_first: VAR_STUB_FIRST STRING_ARG
2957 	{
2958 		OUTYY(("P(stub-first:%s)\n", $2));
2959 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2960 			yyerror("expected yes or no.");
2961 		else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2962 		free($2);
2963 	}
2964 	;
2965 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2966 	{
2967 		OUTYY(("P(stub-no-cache:%s)\n", $2));
2968 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2969 			yyerror("expected yes or no.");
2970 		else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2971 		free($2);
2972 	}
2973 	;
2974 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2975 	{
2976 		OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2977 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2978 			yyerror("expected yes or no.");
2979 		else cfg_parser->cfg->stubs->ssl_upstream =
2980 			(strcmp($2, "yes")==0);
2981 		free($2);
2982 	}
2983 	;
2984 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2985         {
2986                 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2987                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2988                         yyerror("expected yes or no.");
2989                 else cfg_parser->cfg->stubs->tcp_upstream =
2990                         (strcmp($2, "yes")==0);
2991                 free($2);
2992         }
2993         ;
2994 stub_prime: VAR_STUB_PRIME STRING_ARG
2995 	{
2996 		OUTYY(("P(stub-prime:%s)\n", $2));
2997 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2998 			yyerror("expected yes or no.");
2999 		else cfg_parser->cfg->stubs->isprime =
3000 			(strcmp($2, "yes")==0);
3001 		free($2);
3002 	}
3003 	;
3004 forward_name: VAR_NAME STRING_ARG
3005 	{
3006 		OUTYY(("P(name:%s)\n", $2));
3007 		if(cfg_parser->cfg->forwards->name)
3008 			yyerror("forward name override, there must be one "
3009 				"name for one forward-zone");
3010 		free(cfg_parser->cfg->forwards->name);
3011 		cfg_parser->cfg->forwards->name = $2;
3012 	}
3013 	;
3014 forward_host: VAR_FORWARD_HOST STRING_ARG
3015 	{
3016 		OUTYY(("P(forward-host:%s)\n", $2));
3017 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3018 			yyerror("out of memory");
3019 	}
3020 	;
3021 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3022 	{
3023 		OUTYY(("P(forward-addr:%s)\n", $2));
3024 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3025 			yyerror("out of memory");
3026 	}
3027 	;
3028 forward_first: VAR_FORWARD_FIRST STRING_ARG
3029 	{
3030 		OUTYY(("P(forward-first:%s)\n", $2));
3031 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3032 			yyerror("expected yes or no.");
3033 		else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3034 		free($2);
3035 	}
3036 	;
3037 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3038 	{
3039 		OUTYY(("P(forward-no-cache:%s)\n", $2));
3040 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3041 			yyerror("expected yes or no.");
3042 		else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3043 		free($2);
3044 	}
3045 	;
3046 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3047 	{
3048 		OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3049 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3050 			yyerror("expected yes or no.");
3051 		else cfg_parser->cfg->forwards->ssl_upstream =
3052 			(strcmp($2, "yes")==0);
3053 		free($2);
3054 	}
3055 	;
3056 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3057         {
3058                 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3059                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3060                         yyerror("expected yes or no.");
3061                 else cfg_parser->cfg->forwards->tcp_upstream =
3062                         (strcmp($2, "yes")==0);
3063                 free($2);
3064         }
3065         ;
3066 auth_name: VAR_NAME STRING_ARG
3067 	{
3068 		OUTYY(("P(name:%s)\n", $2));
3069 		if(cfg_parser->cfg->auths->name)
3070 			yyerror("auth name override, there must be one name "
3071 				"for one auth-zone");
3072 		free(cfg_parser->cfg->auths->name);
3073 		cfg_parser->cfg->auths->name = $2;
3074 	}
3075 	;
3076 auth_zonefile: VAR_ZONEFILE STRING_ARG
3077 	{
3078 		OUTYY(("P(zonefile:%s)\n", $2));
3079 		free(cfg_parser->cfg->auths->zonefile);
3080 		cfg_parser->cfg->auths->zonefile = $2;
3081 	}
3082 	;
3083 auth_master: VAR_MASTER STRING_ARG
3084 	{
3085 		OUTYY(("P(master:%s)\n", $2));
3086 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3087 			yyerror("out of memory");
3088 	}
3089 	;
3090 auth_url: VAR_URL STRING_ARG
3091 	{
3092 		OUTYY(("P(url:%s)\n", $2));
3093 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3094 			yyerror("out of memory");
3095 	}
3096 	;
3097 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3098 	{
3099 		OUTYY(("P(allow-notify:%s)\n", $2));
3100 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3101 			$2))
3102 			yyerror("out of memory");
3103 	}
3104 	;
3105 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3106 	{
3107 		OUTYY(("P(zonemd-check:%s)\n", $2));
3108 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3109 			yyerror("expected yes or no.");
3110 		else cfg_parser->cfg->auths->zonemd_check =
3111 			(strcmp($2, "yes")==0);
3112 		free($2);
3113 	}
3114 	;
3115 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3116 	{
3117 		OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3118 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3119 			yyerror("expected yes or no.");
3120 		else cfg_parser->cfg->auths->zonemd_reject_absence =
3121 			(strcmp($2, "yes")==0);
3122 		free($2);
3123 	}
3124 	;
3125 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3126 	{
3127 		OUTYY(("P(for-downstream:%s)\n", $2));
3128 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3129 			yyerror("expected yes or no.");
3130 		else cfg_parser->cfg->auths->for_downstream =
3131 			(strcmp($2, "yes")==0);
3132 		free($2);
3133 	}
3134 	;
3135 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3136 	{
3137 		OUTYY(("P(for-upstream:%s)\n", $2));
3138 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3139 			yyerror("expected yes or no.");
3140 		else cfg_parser->cfg->auths->for_upstream =
3141 			(strcmp($2, "yes")==0);
3142 		free($2);
3143 	}
3144 	;
3145 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3146 	{
3147 		OUTYY(("P(fallback-enabled:%s)\n", $2));
3148 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3149 			yyerror("expected yes or no.");
3150 		else cfg_parser->cfg->auths->fallback_enabled =
3151 			(strcmp($2, "yes")==0);
3152 		free($2);
3153 	}
3154 	;
3155 view_name: VAR_NAME STRING_ARG
3156 	{
3157 		OUTYY(("P(name:%s)\n", $2));
3158 		if(cfg_parser->cfg->views->name)
3159 			yyerror("view name override, there must be one "
3160 				"name for one view");
3161 		free(cfg_parser->cfg->views->name);
3162 		cfg_parser->cfg->views->name = $2;
3163 	}
3164 	;
3165 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3166 	{
3167 		OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3168 		if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3169 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3170 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3171 		   && strcmp($3, "typetransparent")!=0
3172 		   && strcmp($3, "always_transparent")!=0
3173 		   && strcmp($3, "always_refuse")!=0
3174 		   && strcmp($3, "always_nxdomain")!=0
3175 		   && strcmp($3, "always_nodata")!=0
3176 		   && strcmp($3, "always_deny")!=0
3177 		   && strcmp($3, "always_null")!=0
3178 		   && strcmp($3, "noview")!=0
3179 		   && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3180 		   && strcmp($3, "inform_redirect") != 0
3181 		   && strcmp($3, "ipset") != 0) {
3182 			yyerror("local-zone type: expected static, deny, "
3183 				"refuse, redirect, transparent, "
3184 				"typetransparent, inform, inform_deny, "
3185 				"inform_redirect, always_transparent, "
3186 				"always_refuse, always_nxdomain, "
3187 				"always_nodata, always_deny, always_null, "
3188 				"noview, nodefault or ipset");
3189 			free($2);
3190 			free($3);
3191 		} else if(strcmp($3, "nodefault")==0) {
3192 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3193 				local_zones_nodefault, $2))
3194 				fatal_exit("out of memory adding local-zone");
3195 			free($3);
3196 #ifdef USE_IPSET
3197 		} else if(strcmp($3, "ipset")==0) {
3198 			size_t len = strlen($2);
3199 			/* Make sure to add the trailing dot.
3200 			 * These are str compared to domain names. */
3201 			if($2[len-1] != '.') {
3202 				if(!($2 = realloc($2, len+2))) {
3203 					fatal_exit("out of memory adding local-zone");
3204 				}
3205 				$2[len] = '.';
3206 				$2[len+1] = 0;
3207 			}
3208 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3209 				local_zones_ipset, $2))
3210 				fatal_exit("out of memory adding local-zone");
3211 			free($3);
3212 #endif
3213 		} else {
3214 			if(!cfg_str2list_insert(
3215 				&cfg_parser->cfg->views->local_zones,
3216 				$2, $3))
3217 				fatal_exit("out of memory adding local-zone");
3218 		}
3219 	}
3220 	;
3221 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3222 	{
3223 		OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3224 		validate_respip_action($3);
3225 		if(!cfg_str2list_insert(
3226 			&cfg_parser->cfg->views->respip_actions, $2, $3))
3227 			fatal_exit("out of memory adding per-view "
3228 				"response-ip action");
3229 	}
3230 	;
3231 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3232 	{
3233 		OUTYY(("P(view_response_ip_data:%s)\n", $2));
3234 		if(!cfg_str2list_insert(
3235 			&cfg_parser->cfg->views->respip_data, $2, $3))
3236 			fatal_exit("out of memory adding response-ip-data");
3237 	}
3238 	;
3239 view_local_data: VAR_LOCAL_DATA STRING_ARG
3240 	{
3241 		OUTYY(("P(view_local_data:%s)\n", $2));
3242 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3243 			fatal_exit("out of memory adding local-data");
3244 		}
3245 	}
3246 	;
3247 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3248 	{
3249 		char* ptr;
3250 		OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3251 		ptr = cfg_ptr_reverse($2);
3252 		free($2);
3253 		if(ptr) {
3254 			if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3255 				local_data, ptr))
3256 				fatal_exit("out of memory adding local-data");
3257 		} else {
3258 			yyerror("local-data-ptr could not be reversed");
3259 		}
3260 	}
3261 	;
3262 view_first: VAR_VIEW_FIRST STRING_ARG
3263 	{
3264 		OUTYY(("P(view-first:%s)\n", $2));
3265 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3266 			yyerror("expected yes or no.");
3267 		else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3268 		free($2);
3269 	}
3270 	;
3271 rcstart: VAR_REMOTE_CONTROL
3272 	{
3273 		OUTYY(("\nP(remote-control:)\n"));
3274 		cfg_parser->started_toplevel = 1;
3275 	}
3276 	;
3277 contents_rc: contents_rc content_rc
3278 	| ;
3279 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3280 	rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3281 	rc_control_cert_file | rc_control_use_cert
3282 	;
3283 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3284 	{
3285 		OUTYY(("P(control_enable:%s)\n", $2));
3286 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3287 			yyerror("expected yes or no.");
3288 		else cfg_parser->cfg->remote_control_enable =
3289 			(strcmp($2, "yes")==0);
3290 		free($2);
3291 	}
3292 	;
3293 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3294 	{
3295 		OUTYY(("P(control_port:%s)\n", $2));
3296 		if(atoi($2) == 0)
3297 			yyerror("control port number expected");
3298 		else cfg_parser->cfg->control_port = atoi($2);
3299 		free($2);
3300 	}
3301 	;
3302 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3303 	{
3304 		OUTYY(("P(control_interface:%s)\n", $2));
3305 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3306 			yyerror("out of memory");
3307 	}
3308 	;
3309 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3310 	{
3311 		OUTYY(("P(control_use_cert:%s)\n", $2));
3312 		cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3313 		free($2);
3314 	}
3315 	;
3316 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3317 	{
3318 		OUTYY(("P(rc_server_key_file:%s)\n", $2));
3319 		free(cfg_parser->cfg->server_key_file);
3320 		cfg_parser->cfg->server_key_file = $2;
3321 	}
3322 	;
3323 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3324 	{
3325 		OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3326 		free(cfg_parser->cfg->server_cert_file);
3327 		cfg_parser->cfg->server_cert_file = $2;
3328 	}
3329 	;
3330 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3331 	{
3332 		OUTYY(("P(rc_control_key_file:%s)\n", $2));
3333 		free(cfg_parser->cfg->control_key_file);
3334 		cfg_parser->cfg->control_key_file = $2;
3335 	}
3336 	;
3337 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3338 	{
3339 		OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3340 		free(cfg_parser->cfg->control_cert_file);
3341 		cfg_parser->cfg->control_cert_file = $2;
3342 	}
3343 	;
3344 dtstart: VAR_DNSTAP
3345 	{
3346 		OUTYY(("\nP(dnstap:)\n"));
3347 		cfg_parser->started_toplevel = 1;
3348 	}
3349 	;
3350 contents_dt: contents_dt content_dt
3351 	| ;
3352 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3353 	dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3354 	dt_dnstap_tls_cert_bundle |
3355 	dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3356 	dt_dnstap_send_identity | dt_dnstap_send_version |
3357 	dt_dnstap_identity | dt_dnstap_version |
3358 	dt_dnstap_log_resolver_query_messages |
3359 	dt_dnstap_log_resolver_response_messages |
3360 	dt_dnstap_log_client_query_messages |
3361 	dt_dnstap_log_client_response_messages |
3362 	dt_dnstap_log_forwarder_query_messages |
3363 	dt_dnstap_log_forwarder_response_messages
3364 	;
3365 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3366 	{
3367 		OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3368 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3369 			yyerror("expected yes or no.");
3370 		else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3371 		free($2);
3372 	}
3373 	;
3374 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3375 	{
3376 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3377 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3378 			yyerror("expected yes or no.");
3379 		else cfg_parser->cfg->dnstap_bidirectional =
3380 			(strcmp($2, "yes")==0);
3381 		free($2);
3382 	}
3383 	;
3384 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3385 	{
3386 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3387 		free(cfg_parser->cfg->dnstap_socket_path);
3388 		cfg_parser->cfg->dnstap_socket_path = $2;
3389 	}
3390 	;
3391 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3392 	{
3393 		OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3394 		free(cfg_parser->cfg->dnstap_ip);
3395 		cfg_parser->cfg->dnstap_ip = $2;
3396 	}
3397 	;
3398 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3399 	{
3400 		OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3401 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3402 			yyerror("expected yes or no.");
3403 		else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3404 		free($2);
3405 	}
3406 	;
3407 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3408 	{
3409 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3410 		free(cfg_parser->cfg->dnstap_tls_server_name);
3411 		cfg_parser->cfg->dnstap_tls_server_name = $2;
3412 	}
3413 	;
3414 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3415 	{
3416 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3417 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3418 		cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3419 	}
3420 	;
3421 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3422 	{
3423 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3424 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
3425 		cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3426 	}
3427 	;
3428 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3429 	{
3430 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3431 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3432 		cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3433 	}
3434 	;
3435 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3436 	{
3437 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3438 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3439 			yyerror("expected yes or no.");
3440 		else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3441 		free($2);
3442 	}
3443 	;
3444 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3445 	{
3446 		OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3447 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3448 			yyerror("expected yes or no.");
3449 		else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3450 		free($2);
3451 	}
3452 	;
3453 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3454 	{
3455 		OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3456 		free(cfg_parser->cfg->dnstap_identity);
3457 		cfg_parser->cfg->dnstap_identity = $2;
3458 	}
3459 	;
3460 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3461 	{
3462 		OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3463 		free(cfg_parser->cfg->dnstap_version);
3464 		cfg_parser->cfg->dnstap_version = $2;
3465 	}
3466 	;
3467 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3468 	{
3469 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3470 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3471 			yyerror("expected yes or no.");
3472 		else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3473 			(strcmp($2, "yes")==0);
3474 		free($2);
3475 	}
3476 	;
3477 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3478 	{
3479 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3480 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3481 			yyerror("expected yes or no.");
3482 		else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3483 			(strcmp($2, "yes")==0);
3484 		free($2);
3485 	}
3486 	;
3487 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3488 	{
3489 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3490 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3491 			yyerror("expected yes or no.");
3492 		else cfg_parser->cfg->dnstap_log_client_query_messages =
3493 			(strcmp($2, "yes")==0);
3494 		free($2);
3495 	}
3496 	;
3497 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3498 	{
3499 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3500 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3501 			yyerror("expected yes or no.");
3502 		else cfg_parser->cfg->dnstap_log_client_response_messages =
3503 			(strcmp($2, "yes")==0);
3504 		free($2);
3505 	}
3506 	;
3507 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3508 	{
3509 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3510 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3511 			yyerror("expected yes or no.");
3512 		else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3513 			(strcmp($2, "yes")==0);
3514 		free($2);
3515 	}
3516 	;
3517 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3518 	{
3519 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3520 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3521 			yyerror("expected yes or no.");
3522 		else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3523 			(strcmp($2, "yes")==0);
3524 		free($2);
3525 	}
3526 	;
3527 pythonstart: VAR_PYTHON
3528 	{
3529 		OUTYY(("\nP(python:)\n"));
3530 		cfg_parser->started_toplevel = 1;
3531 	}
3532 	;
3533 contents_py: contents_py content_py
3534 	| ;
3535 content_py: py_script
3536 	;
3537 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3538 	{
3539 		OUTYY(("P(python-script:%s)\n", $2));
3540 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3541 			yyerror("out of memory");
3542 	}
3543 	;
3544 dynlibstart: VAR_DYNLIB
3545 	{
3546 		OUTYY(("\nP(dynlib:)\n"));
3547 		cfg_parser->started_toplevel = 1;
3548 	}
3549 	;
3550 contents_dl: contents_dl content_dl
3551 	| ;
3552 content_dl: dl_file
3553 	;
3554 dl_file: VAR_DYNLIB_FILE STRING_ARG
3555 	{
3556 		OUTYY(("P(dynlib-file:%s)\n", $2));
3557 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3558 			yyerror("out of memory");
3559 	}
3560 	;
3561 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3562 	{
3563 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3564 		if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3565 			yyerror("expected yes or no.");
3566 		else cfg_parser->cfg->disable_dnssec_lame_check =
3567 			(strcmp($2, "yes")==0);
3568 		free($2);
3569 	}
3570 	;
3571 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3572 	{
3573 		OUTYY(("P(server_log_identity:%s)\n", $2));
3574 		free(cfg_parser->cfg->log_identity);
3575 		cfg_parser->cfg->log_identity = $2;
3576 	}
3577 	;
3578 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3579 	{
3580 		OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3581 		validate_respip_action($3);
3582 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3583 			$2, $3))
3584 			fatal_exit("out of memory adding response-ip");
3585 	}
3586 	;
3587 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3588 	{
3589 		OUTYY(("P(server_response_ip_data:%s)\n", $2));
3590 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3591 			$2, $3))
3592 			fatal_exit("out of memory adding response-ip-data");
3593 	}
3594 	;
3595 dnscstart: VAR_DNSCRYPT
3596 	{
3597 		OUTYY(("\nP(dnscrypt:)\n"));
3598 		cfg_parser->started_toplevel = 1;
3599 	}
3600 	;
3601 contents_dnsc: contents_dnsc content_dnsc
3602 	| ;
3603 content_dnsc:
3604 	dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3605 	dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3606 	dnsc_dnscrypt_provider_cert_rotated |
3607 	dnsc_dnscrypt_shared_secret_cache_size |
3608 	dnsc_dnscrypt_shared_secret_cache_slabs |
3609 	dnsc_dnscrypt_nonce_cache_size |
3610 	dnsc_dnscrypt_nonce_cache_slabs
3611 	;
3612 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3613 	{
3614 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3615 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3616 			yyerror("expected yes or no.");
3617 		else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3618 		free($2);
3619 	}
3620 	;
3621 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3622 	{
3623 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3624 		if(atoi($2) == 0)
3625 			yyerror("port number expected");
3626 		else cfg_parser->cfg->dnscrypt_port = atoi($2);
3627 		free($2);
3628 	}
3629 	;
3630 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3631 	{
3632 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3633 		free(cfg_parser->cfg->dnscrypt_provider);
3634 		cfg_parser->cfg->dnscrypt_provider = $2;
3635 	}
3636 	;
3637 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3638 	{
3639 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3640 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3641 			log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3642 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3643 			fatal_exit("out of memory adding dnscrypt-provider-cert");
3644 	}
3645 	;
3646 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3647 	{
3648 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3649 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3650 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3651 	}
3652 	;
3653 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3654 	{
3655 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3656 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3657 			log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3658 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3659 			fatal_exit("out of memory adding dnscrypt-secret-key");
3660 	}
3661 	;
3662 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3663   {
3664 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3665 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3666 		yyerror("memory size expected");
3667 	free($2);
3668   }
3669   ;
3670 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3671   {
3672 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3673 	if(atoi($2) == 0) {
3674 		yyerror("number expected");
3675 	} else {
3676 		cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3677 		if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3678 			yyerror("must be a power of 2");
3679 	}
3680 	free($2);
3681   }
3682   ;
3683 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3684   {
3685 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3686 	if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3687 		yyerror("memory size expected");
3688 	free($2);
3689   }
3690   ;
3691 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3692   {
3693 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3694 	if(atoi($2) == 0) {
3695 		yyerror("number expected");
3696 	} else {
3697 		cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3698 		if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3699 			yyerror("must be a power of 2");
3700 	}
3701 	free($2);
3702   }
3703   ;
3704 cachedbstart: VAR_CACHEDB
3705 	{
3706 		OUTYY(("\nP(cachedb:)\n"));
3707 		cfg_parser->started_toplevel = 1;
3708 	}
3709 	;
3710 contents_cachedb: contents_cachedb content_cachedb
3711 	| ;
3712 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3713 	redis_server_host | redis_server_port | redis_timeout |
3714 	redis_expire_records | redis_server_path | redis_server_password |
3715 	cachedb_no_store | redis_logical_db
3716 	;
3717 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3718 	{
3719 	#ifdef USE_CACHEDB
3720 		OUTYY(("P(backend:%s)\n", $2));
3721 		free(cfg_parser->cfg->cachedb_backend);
3722 		cfg_parser->cfg->cachedb_backend = $2;
3723 	#else
3724 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3725 		free($2);
3726 	#endif
3727 	}
3728 	;
3729 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3730 	{
3731 	#ifdef USE_CACHEDB
3732 		OUTYY(("P(secret-seed:%s)\n", $2));
3733 		free(cfg_parser->cfg->cachedb_secret);
3734 		cfg_parser->cfg->cachedb_secret = $2;
3735 	#else
3736 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3737 		free($2);
3738 	#endif
3739 	}
3740 	;
3741 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3742 	{
3743 	#ifdef USE_CACHEDB
3744 		OUTYY(("P(cachedb_no_store:%s)\n", $2));
3745 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3746 			yyerror("expected yes or no.");
3747 		else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3748 	#else
3749 		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3750 	#endif
3751 		free($2);
3752 	}
3753 	;
3754 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3755 	{
3756 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3757 		OUTYY(("P(redis_server_host:%s)\n", $2));
3758 		free(cfg_parser->cfg->redis_server_host);
3759 		cfg_parser->cfg->redis_server_host = $2;
3760 	#else
3761 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3762 		free($2);
3763 	#endif
3764 	}
3765 	;
3766 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3767 	{
3768 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3769 		int port;
3770 		OUTYY(("P(redis_server_port:%s)\n", $2));
3771 		port = atoi($2);
3772 		if(port == 0 || port < 0 || port > 65535)
3773 			yyerror("valid redis server port number expected");
3774 		else cfg_parser->cfg->redis_server_port = port;
3775 	#else
3776 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3777 	#endif
3778 		free($2);
3779 	}
3780 	;
3781 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
3782 	{
3783 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3784 		OUTYY(("P(redis_server_path:%s)\n", $2));
3785 		free(cfg_parser->cfg->redis_server_path);
3786 		cfg_parser->cfg->redis_server_path = $2;
3787 	#else
3788 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3789 		free($2);
3790 	#endif
3791 	}
3792 	;
3793 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
3794 	{
3795 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3796 		OUTYY(("P(redis_server_password:%s)\n", $2));
3797 		free(cfg_parser->cfg->redis_server_password);
3798 		cfg_parser->cfg->redis_server_password = $2;
3799 	#else
3800 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3801 		free($2);
3802 	#endif
3803 	}
3804 	;
3805 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3806 	{
3807 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3808 		OUTYY(("P(redis_timeout:%s)\n", $2));
3809 		if(atoi($2) == 0)
3810 			yyerror("redis timeout value expected");
3811 		else cfg_parser->cfg->redis_timeout = atoi($2);
3812 	#else
3813 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3814 	#endif
3815 		free($2);
3816 	}
3817 	;
3818 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
3819 	{
3820 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3821 		OUTYY(("P(redis_expire_records:%s)\n", $2));
3822 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3823 			yyerror("expected yes or no.");
3824 		else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
3825 	#else
3826 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3827 	#endif
3828 		free($2);
3829 	}
3830 	;
3831 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
3832 	{
3833 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
3834 		int db;
3835 		OUTYY(("P(redis_logical_db:%s)\n", $2));
3836 		db = atoi($2);
3837 		if((db == 0 && strcmp($2, "0") != 0) || db < 0)
3838 			yyerror("valid redis logical database index expected");
3839 		else cfg_parser->cfg->redis_logical_db = db;
3840 	#else
3841 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3842 	#endif
3843 		free($2);
3844 	}
3845 	;
3846 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3847 	{
3848 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3849 		if (atoi($3) < 0)
3850 			yyerror("positive number expected");
3851 		else {
3852 			if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3853 				fatal_exit("out of memory adding tcp connection limit");
3854 		}
3855 	}
3856 	;
3857 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
3858 	{
3859 		OUTYY(("P(server_answer_cookie:%s)\n", $2));
3860 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3861 			yyerror("expected yes or no.");
3862 		else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
3863 		free($2);
3864 	}
3865 	;
3866 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
3867 	{
3868 		uint8_t secret[32];
3869 		size_t secret_len = sizeof(secret);
3870 
3871 		OUTYY(("P(server_cookie_secret:%s)\n", $2));
3872 		if(sldns_str2wire_hex_buf($2, secret, &secret_len)
3873 		|| (secret_len != 16))
3874 			yyerror("expected 128 bit hex string");
3875 		else {
3876 			cfg_parser->cfg->cookie_secret_len = secret_len;
3877 			memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
3878 		}
3879 		free($2);
3880 	}
3881 	;
3882 	ipsetstart: VAR_IPSET
3883 		{
3884 			OUTYY(("\nP(ipset:)\n"));
3885 			cfg_parser->started_toplevel = 1;
3886 		}
3887 		;
3888 	contents_ipset: contents_ipset content_ipset
3889 		| ;
3890 	content_ipset: ipset_name_v4 | ipset_name_v6
3891 		;
3892 	ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3893 		{
3894 		#ifdef USE_IPSET
3895 			OUTYY(("P(name-v4:%s)\n", $2));
3896 			if(cfg_parser->cfg->ipset_name_v4)
3897 				yyerror("ipset name v4 override, there must be one "
3898 					"name for ip v4");
3899 			free(cfg_parser->cfg->ipset_name_v4);
3900 			cfg_parser->cfg->ipset_name_v4 = $2;
3901 		#else
3902 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3903 			free($2);
3904 		#endif
3905 		}
3906 	;
3907 	ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3908 	{
3909 		#ifdef USE_IPSET
3910 			OUTYY(("P(name-v6:%s)\n", $2));
3911 			if(cfg_parser->cfg->ipset_name_v6)
3912 				yyerror("ipset name v6 override, there must be one "
3913 					"name for ip v6");
3914 			free(cfg_parser->cfg->ipset_name_v6);
3915 			cfg_parser->cfg->ipset_name_v6 = $2;
3916 		#else
3917 			OUTYY(("P(Compiled without ipset, ignoring)\n"));
3918 			free($2);
3919 		#endif
3920 		}
3921 	;
3922 %%
3923 
3924 /* parse helper routines could be here */
3925 static void
3926 validate_respip_action(const char* action)
3927 {
3928 	if(strcmp(action, "deny")!=0 &&
3929 		strcmp(action, "redirect")!=0 &&
3930 		strcmp(action, "inform")!=0 &&
3931 		strcmp(action, "inform_deny")!=0 &&
3932 		strcmp(action, "always_transparent")!=0 &&
3933 		strcmp(action, "always_refuse")!=0 &&
3934 		strcmp(action, "always_nxdomain")!=0)
3935 	{
3936 		yyerror("response-ip action: expected deny, redirect, "
3937 			"inform, inform_deny, always_transparent, "
3938 			"always_refuse or always_nxdomain");
3939 	}
3940 }
3941 
3942 static void
3943 validate_acl_action(const char* action)
3944 {
3945 	if(strcmp(action, "deny")!=0 &&
3946 		strcmp(action, "refuse")!=0 &&
3947 		strcmp(action, "deny_non_local")!=0 &&
3948 		strcmp(action, "refuse_non_local")!=0 &&
3949 		strcmp(action, "allow_setrd")!=0 &&
3950 		strcmp(action, "allow")!=0 &&
3951 		strcmp(action, "allow_snoop")!=0 &&
3952 		strcmp(action, "allow_cookie")!=0)
3953 	{
3954 		yyerror("expected deny, refuse, deny_non_local, "
3955 			"refuse_non_local, allow, allow_setrd, "
3956 			"allow_snoop or allow_cookie as access control action");
3957 	}
3958 }
3959