upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow configuration of persistent TCP connections

Browse source 
Added 2 new options to configure previously hardcoded
values: max-reuse-tcp-queries and tcp-reuse-timeout. These
allow fine-grained control over how unbound uses persistent
TCP connections to authority servers.
This commit is contained in:
André Cruz 2021-04-21 13:50:45 +01:00
parent 13e445d50b
commit 75875d4d1c
No known key found for this signature in database
GPG key ID: A9ED80BE0FBB95F6
14 changed files with 5197 additions and 5727 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
daemon/worker.c
View file

@ -1794,7 +1794,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
&worker_alloc_cleanup, worker,
cfg->do_udp || cfg->udp_upstream_without_downstream,
worker->daemon->connect_sslctx, cfg->delay_close,
cfg->tls_use_sni, dtenv, cfg->udp_connect);
cfg->tls_use_sni, dtenv, cfg->udp_connect,
cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout);
if(!worker->back) {
log_err("could not create outgoing sockets");
worker_delete(worker);

4
doc/example.conf.in
View file

@ -901,6 +901,10 @@ server:
# ipsecmod-allow: "example.com"
# ipsecmod-allow: "nlnetlabs.nl"
# Timeout for REUSE entries in milliseconds.
# tcp-reuse-timeout: 60000
# Max number of queries on a reuse connection.
# max-reuse-tcp-queries: 200
# Python config section. To enable:
# o use --with-pythonmodule to configure before compiling.

9
doc/unbound.conf.5.in
View file

@ -451,6 +451,15 @@ total number configured, and finally to 0 if the number of free buffers
falls below 20% of the total number configured. A minimum timeout of
200 milliseconds is observed regardless of the option value used.
.TP
.B tcp-reuse-timeout: \fI<msec>\fR
The period Unbound will keep TCP persistent connections open to
authority servers. This option defaults to 60000 milliseconds.
.TP
.B max-reuse-tcp-queries: \fI<number>\fR
The maximum number of queries that can be sent on a persistent TCP
connection.
This option defaults to 200 queries.
.TP
.B edns-tcp-keepalive: \fI<yes or no>\fR
Enable or disable EDNS TCP Keepalive. Default is no.
.TP

3
libunbound/libworker.c
View file

@ -241,7 +241,8 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
ports, numports, cfg->unwanted_threshold,
cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect);
cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect,
cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout);
w->env->outnet = w->back;
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);

20
services/outside_network.c
View file

@ -514,7 +514,7 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr,
while(result && result != RBTREE_NULL &&
reuse_cmp_addrportssl(result->key, &key_p.reuse) == 0) {
if(((struct reuse_tcp*)result)->tree_by_id.count <
MAX_REUSE_TCP_QUERIES) {
outnet->max_reuse_tcp_queries) {
/* same address, port, ssl-yes-or-no, and has
* space for another query */
return (struct reuse_tcp*)result;
@ -1012,22 +1012,22 @@ static void reuse_cb_and_decommission(struct outside_network* outnet,
/** set timeout on tcp fd and setup read event to catch incoming dns msgs */
static void
reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp)
reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp, int tcp_reuse_timeout)
{
log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_timeout", &pend_tcp->reuse);
comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT);
comm_point_start_listening(pend_tcp->c, -1, tcp_reuse_timeout);
}
/** set timeout on tcp fd and setup read event to catch incoming dns msgs */
static void
reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp)
reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp, int tcp_reuse_timeout)
{
log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_readtimeout", &pend_tcp->reuse);
sldns_buffer_clear(pend_tcp->c->buffer);
pend_tcp->c->tcp_is_reading = 1;
pend_tcp->c->tcp_byte_count = 0;
comm_point_stop_listening(pend_tcp->c);
comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT);
comm_point_start_listening(pend_tcp->c, -1, tcp_reuse_timeout);
}
int
@ -1083,7 +1083,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error,
pend->reuse.cp_more_write_again = 0;
pend->c->tcp_is_reading = 1;
comm_point_stop_listening(pend->c);
reuse_tcp_setup_timeout(pend);
reuse_tcp_setup_timeout(pend, outnet->tcp_reuse_timeout);
}
return 0;
} else if(error != NETEVENT_NOERROR) {
@ -1136,7 +1136,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error,
* and there could be more bytes to read on the input */
if(pend->reuse.tree_by_id.count != 0)
pend->reuse.cp_more_read_again = 1;
reuse_tcp_setup_read_and_timeout(pend);
reuse_tcp_setup_read_and_timeout(pend, outnet->tcp_reuse_timeout);
return 0;
}
verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: decommission it");
@ -1404,7 +1404,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
int numavailports, size_t unwanted_threshold, int tcp_mss,
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv,
int udp_connect)
int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout)
{
struct outside_network* outnet = (struct outside_network*)
calloc(1, sizeof(struct outside_network));
@ -1416,6 +1416,8 @@ outside_network_create(struct comm_base *base, size_t bufsize,
comm_base_timept(base, &outnet->now_secs, &outnet->now_tv);
outnet->base = base;
outnet->num_tcp = num_tcp;
outnet->max_reuse_tcp_queries = max_reuse_tcp_queries;
outnet->tcp_reuse_timeout= tcp_reuse_timeout;
outnet->num_tcp_outgoing = 0;
outnet->infra = infra;
outnet->rnd = rnd;
@ -2443,7 +2445,7 @@ reuse_tcp_remove_serviced_keep(struct waiting_tcp* w,
if(!reuse_tcp_insert(sq->outnet, pend_tcp)) {
return 0;
}
reuse_tcp_setup_timeout(pend_tcp);
reuse_tcp_setup_timeout(pend_tcp, sq->outnet->tcp_reuse_timeout);
return 1;
}
return 0;

13
services/outside_network.h
View file

@ -158,6 +158,10 @@ struct outside_network {
size_t num_tcp;
/** number of tcp communication points in use. */
size_t num_tcp_outgoing;
/** max number of queries on a reuse connection */
int max_reuse_tcp_queries;
/** timeout for REUSE entries in milliseconds. */
int tcp_reuse_timeout;
/**
* tree of still-open and waiting tcp connections for reuse.
* can be closed and reopened to get a new tcp connection.
@ -295,11 +299,6 @@ struct reuse_tcp {
struct outside_network* outnet;
};
/** max number of queries on a reuse connection */
#define MAX_REUSE_TCP_QUERIES 200
/** timeout for REUSE entries in milliseconds. */
#define REUSE_TIMEOUT 60000
/**
* A query that has an answer pending for it.
*/
@ -540,6 +539,8 @@ struct serviced_query {
* @param tls_use_sni: if SNI is used for TLS connections.
* @param dtenv: environment to send dnstap events with (if enabled).
* @param udp_connect: if the udp_connect option is enabled.
* @param max_reuse_tcp_queries: max number of queries on a reuse connection.
* @param tcp_reuse_timeout: timeout for REUSE entries in milliseconds.
* @return: the new structure (with no pending answers) or NULL on error.
*/
struct outside_network* outside_network_create(struct comm_base* base,
@ -549,7 +550,7 @@ struct outside_network* outside_network_create(struct comm_base* base,
int numavailports, size_t unwanted_threshold, int tcp_mss,
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
int udp_connect);
int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout);
/**
* Delete outside_network structure.

3
testcode/fake_event.c
View file

@ -1046,7 +1046,8 @@ outside_network_create(struct comm_base* base, size_t bufsize,
void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect))
struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect),
int ATTR_UNUSED(max_reuse_tcp_queries), int ATTR_UNUSED(tcp_reuse_timeout))
{
struct replay_runtime* runtime = (struct replay_runtime*)base;
struct outside_network* outnet = calloc(1,

6
util/config_file.c
View file

@ -105,6 +105,8 @@ config_create(void)
cfg->do_ip6 = 1;
cfg->do_udp = 1;
cfg->do_tcp = 1;
cfg->tcp_reuse_timeout = 60 * 1000; /* 60s in milisecs */
cfg->max_reuse_tcp_queries = 200;
cfg->tcp_upstream = 0;
cfg->udp_upstream_without_downstream = 0;
cfg->tcp_mss = 0;
@ -518,6 +520,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_NONZERO("tcp-mss:", tcp_mss)
else S_NUMBER_NONZERO("outgoing-tcp-mss:", outgoing_tcp_mss)
else S_NUMBER_NONZERO("tcp-idle-timeout:", tcp_idle_timeout)
else S_NUMBER_NONZERO("max-reuse-tcp-queries:", max_reuse_tcp_queries)
else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout)
else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive)
else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout)
else S_YNO("ssl-upstream:", ssl_upstream)
@ -1008,6 +1012,8 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "tcp-mss", tcp_mss)
else O_DEC(opt, "outgoing-tcp-mss", outgoing_tcp_mss)
else O_DEC(opt, "tcp-idle-timeout", tcp_idle_timeout)
else O_DEC(opt, "max-reuse-tcp-queries", max_reuse_tcp_queries)
else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout)
else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive)
else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout)
else O_YNO(opt, "ssl-upstream", ssl_upstream)

4
util/config_file.h
View file

@ -93,6 +93,10 @@ struct config_file {
int do_udp;
/** do tcp query support. */
int do_tcp;
/** max number of queries on a reuse connection. */
int max_reuse_tcp_queries;
/** timeout for REUSE entries in milliseconds. */
int tcp_reuse_timeout;
/** tcp upstream queries (no UDP upstream queries) */
int tcp_upstream;
/** udp upstream enabled when no UDP downstream is enabled (do_udp no)*/

5208
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

2
util/configlexer.lex
View file

@ -235,6 +235,8 @@ tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) }
tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) }
outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) }
tcp-idle-timeout{COLON} { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) }
max-reuse-tcp-queries{COLON} { YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) }
tcp-reuse-timeout{COLON} { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) }
edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) }
edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) }
ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) }

4782
util/configparser.c
View file

File diff suppressed because it is too large Load diff

839
util/configparser.h
View file

@ -1,8 +1,8 @@
/* A Bison parser, made by GNU Bison 3.6.4. */
/* A Bison parser, made by GNU Bison 3.7.6. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation,
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
Inc.
This program is free software: you can redistribute it and/or modify
@ -16,7 +16,7 @@
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@ -156,216 +156,219 @@ extern int yydebug;
VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */
VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */
VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */
VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */
VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */
VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */
VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */
VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */
VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */
VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */
VAR_PYTHON = 367, /* VAR_PYTHON */
VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */
VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */
VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */
VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */
VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */
VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */
VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */
VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */
VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */
VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */
VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */
VAR_PREFETCH = 379, /* VAR_PREFETCH */
VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */
VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */
VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */
VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */
VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */
VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */
VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */
VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */
VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */
VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */
VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */
VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */
VAR_SSL_PORT = 392, /* VAR_SSL_PORT */
VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */
VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */
VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */
VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */
VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */
VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */
VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */
VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */
VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */
VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */
VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */
VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */
VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */
VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */
VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */
VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */
VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 417, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 442, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 447, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */
VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */
VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 476, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */
VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 493, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 516, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 526, /* VAR_ZONEFILE */
VAR_MASTER = 527, /* VAR_MASTER */
VAR_URL = 528, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 532, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 542, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */
VAR_IPSET = 549, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 553, /* VAR_RPZ */
VAR_TAGS = 554, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 559, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 563, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 564, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_REJECT_ABSENCE = 565 /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */
VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */
VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */
VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */
VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */
VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */
VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */
VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */
VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */
VAR_PYTHON = 369, /* VAR_PYTHON */
VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */
VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */
VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */
VAR_CACHE_MIN_TTL = 373, /* VAR_CACHE_MIN_TTL */
VAR_VAL_LOG_LEVEL = 374, /* VAR_VAL_LOG_LEVEL */
VAR_AUTO_TRUST_ANCHOR_FILE = 375, /* VAR_AUTO_TRUST_ANCHOR_FILE */
VAR_KEEP_MISSING = 376, /* VAR_KEEP_MISSING */
VAR_ADD_HOLDDOWN = 377, /* VAR_ADD_HOLDDOWN */
VAR_DEL_HOLDDOWN = 378, /* VAR_DEL_HOLDDOWN */
VAR_SO_RCVBUF = 379, /* VAR_SO_RCVBUF */
VAR_EDNS_BUFFER_SIZE = 380, /* VAR_EDNS_BUFFER_SIZE */
VAR_PREFETCH = 381, /* VAR_PREFETCH */
VAR_PREFETCH_KEY = 382, /* VAR_PREFETCH_KEY */
VAR_SO_SNDBUF = 383, /* VAR_SO_SNDBUF */
VAR_SO_REUSEPORT = 384, /* VAR_SO_REUSEPORT */
VAR_HARDEN_BELOW_NXDOMAIN = 385, /* VAR_HARDEN_BELOW_NXDOMAIN */
VAR_IGNORE_CD_FLAG = 386, /* VAR_IGNORE_CD_FLAG */
VAR_LOG_QUERIES = 387, /* VAR_LOG_QUERIES */
VAR_LOG_REPLIES = 388, /* VAR_LOG_REPLIES */
VAR_LOG_LOCAL_ACTIONS = 389, /* VAR_LOG_LOCAL_ACTIONS */
VAR_TCP_UPSTREAM = 390, /* VAR_TCP_UPSTREAM */
VAR_SSL_UPSTREAM = 391, /* VAR_SSL_UPSTREAM */
VAR_SSL_SERVICE_KEY = 392, /* VAR_SSL_SERVICE_KEY */
VAR_SSL_SERVICE_PEM = 393, /* VAR_SSL_SERVICE_PEM */
VAR_SSL_PORT = 394, /* VAR_SSL_PORT */
VAR_FORWARD_FIRST = 395, /* VAR_FORWARD_FIRST */
VAR_STUB_SSL_UPSTREAM = 396, /* VAR_STUB_SSL_UPSTREAM */
VAR_FORWARD_SSL_UPSTREAM = 397, /* VAR_FORWARD_SSL_UPSTREAM */
VAR_TLS_CERT_BUNDLE = 398, /* VAR_TLS_CERT_BUNDLE */
VAR_HTTPS_PORT = 399, /* VAR_HTTPS_PORT */
VAR_HTTP_ENDPOINT = 400, /* VAR_HTTP_ENDPOINT */
VAR_HTTP_MAX_STREAMS = 401, /* VAR_HTTP_MAX_STREAMS */
VAR_HTTP_QUERY_BUFFER_SIZE = 402, /* VAR_HTTP_QUERY_BUFFER_SIZE */
VAR_HTTP_RESPONSE_BUFFER_SIZE = 403, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
VAR_HTTP_NODELAY = 404, /* VAR_HTTP_NODELAY */
VAR_HTTP_NOTLS_DOWNSTREAM = 405, /* VAR_HTTP_NOTLS_DOWNSTREAM */
VAR_STUB_FIRST = 406, /* VAR_STUB_FIRST */
VAR_MINIMAL_RESPONSES = 407, /* VAR_MINIMAL_RESPONSES */
VAR_RRSET_ROUNDROBIN = 408, /* VAR_RRSET_ROUNDROBIN */
VAR_MAX_UDP_SIZE = 409, /* VAR_MAX_UDP_SIZE */
VAR_DELAY_CLOSE = 410, /* VAR_DELAY_CLOSE */
VAR_UDP_CONNECT = 411, /* VAR_UDP_CONNECT */
VAR_UNBLOCK_LAN_ZONES = 412, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 413, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 414, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 415, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 416, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 417, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 418, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 419, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 420, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 421, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 422, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 423, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 424, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 425, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 426, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 427, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 428, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 429, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 430, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 431, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 432, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 439, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 440, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 441, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 442, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 443, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 444, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 445, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 446, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 447, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 448, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 449, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 450, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 451, /* VAR_RATELIMIT_SIZE */
VAR_RATELIMIT_FOR_DOMAIN = 452, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 453, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 454, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 455, /* VAR_RATELIMIT_FACTOR */
VAR_SEND_CLIENT_SUBNET = 456, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 457, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 458, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 459, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 460, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 461, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 462, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 463, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 464, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 465, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 466, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 467, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 468, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 469, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 470, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 471, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 472, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 473, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 474, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 475, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 476, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 477, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 478, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 479, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 480, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 481, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 482, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 483, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 484, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 485, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_SERVE_ORIGINAL_TTL = 486, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 487, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 488, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 489, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 490, /* VAR_HIDE_TRUSTANCHOR */
VAR_TRUST_ANCHOR_SIGNALING = 491, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 492, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 493, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 494, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 495, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 496, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 497, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 498, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 499, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 500, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 501, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 502, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 503, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 504, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 505, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 506, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 507, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 508, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 509, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 510, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 511, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 512, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 513, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 514, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 515, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 516, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 517, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 518, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 519, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 520, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 521, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 522, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 523, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 524, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 525, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 526, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 527, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 528, /* VAR_ZONEFILE */
VAR_MASTER = 529, /* VAR_MASTER */
VAR_URL = 530, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 531, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 532, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 533, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 534, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 535, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 536, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 537, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 538, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 539, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 540, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 541, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 542, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 543, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 544, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 545, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 546, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 547, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 548, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 549, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 550, /* VAR_TLS_USE_SNI */
VAR_IPSET = 551, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 552, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 553, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 554, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 555, /* VAR_RPZ */
VAR_TAGS = 556, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 557, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 558, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 559, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 560, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 561, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 562, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 563, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 564, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 565, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 566, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_REJECT_ABSENCE = 567 /* VAR_ZONEMD_REJECT_ABSENCE */
};
typedef enum yytokentype yytoken_kind_t;
#endif
/* Token kinds. */
#define YYEMPTY -2
#define YYEOF 0
#define YYerror 256
#define YYUNDEF 257
@ -471,222 +474,224 @@ extern int yydebug;
#define VAR_CONTROL_KEY_FILE 357
#define VAR_CONTROL_CERT_FILE 358
#define VAR_CONTROL_USE_CERT 359
#define VAR_EXTENDED_STATISTICS 360
#define VAR_LOCAL_DATA_PTR 361
#define VAR_JOSTLE_TIMEOUT 362
#define VAR_STUB_PRIME 363
#define VAR_UNWANTED_REPLY_THRESHOLD 364
#define VAR_LOG_TIME_ASCII 365
#define VAR_DOMAIN_INSECURE 366
#define VAR_PYTHON 367
#define VAR_PYTHON_SCRIPT 368
#define VAR_VAL_SIG_SKEW_MIN 369
#define VAR_VAL_SIG_SKEW_MAX 370
#define VAR_CACHE_MIN_TTL 371
#define VAR_VAL_LOG_LEVEL 372
#define VAR_AUTO_TRUST_ANCHOR_FILE 373
#define VAR_KEEP_MISSING 374
#define VAR_ADD_HOLDDOWN 375
#define VAR_DEL_HOLDDOWN 376
#define VAR_SO_RCVBUF 377
#define VAR_EDNS_BUFFER_SIZE 378
#define VAR_PREFETCH 379
#define VAR_PREFETCH_KEY 380
#define VAR_SO_SNDBUF 381
#define VAR_SO_REUSEPORT 382
#define VAR_HARDEN_BELOW_NXDOMAIN 383
#define VAR_IGNORE_CD_FLAG 384
#define VAR_LOG_QUERIES 385
#define VAR_LOG_REPLIES 386
#define VAR_LOG_LOCAL_ACTIONS 387
#define VAR_TCP_UPSTREAM 388
#define VAR_SSL_UPSTREAM 389
#define VAR_SSL_SERVICE_KEY 390
#define VAR_SSL_SERVICE_PEM 391
#define VAR_SSL_PORT 392
#define VAR_FORWARD_FIRST 393
#define VAR_STUB_SSL_UPSTREAM 394
#define VAR_FORWARD_SSL_UPSTREAM 395
#define VAR_TLS_CERT_BUNDLE 396
#define VAR_HTTPS_PORT 397
#define VAR_HTTP_ENDPOINT 398
#define VAR_HTTP_MAX_STREAMS 399
#define VAR_HTTP_QUERY_BUFFER_SIZE 400
#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401
#define VAR_HTTP_NODELAY 402
#define VAR_HTTP_NOTLS_DOWNSTREAM 403
#define VAR_STUB_FIRST 404
#define VAR_MINIMAL_RESPONSES 405
#define VAR_RRSET_ROUNDROBIN 406
#define VAR_MAX_UDP_SIZE 407
#define VAR_DELAY_CLOSE 408
#define VAR_UDP_CONNECT 409
#define VAR_UNBLOCK_LAN_ZONES 410
#define VAR_INSECURE_LAN_ZONES 411
#define VAR_INFRA_CACHE_MIN_RTT 412
#define VAR_INFRA_KEEP_PROBING 413
#define VAR_DNS64_PREFIX 414
#define VAR_DNS64_SYNTHALL 415
#define VAR_DNS64_IGNORE_AAAA 416
#define VAR_DNSTAP 417
#define VAR_DNSTAP_ENABLE 418
#define VAR_DNSTAP_SOCKET_PATH 419
#define VAR_DNSTAP_IP 420
#define VAR_DNSTAP_TLS 421
#define VAR_DNSTAP_TLS_SERVER_NAME 422
#define VAR_DNSTAP_TLS_CERT_BUNDLE 423
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
#define VAR_DNSTAP_SEND_IDENTITY 426
#define VAR_DNSTAP_SEND_VERSION 427
#define VAR_DNSTAP_BIDIRECTIONAL 428
#define VAR_DNSTAP_IDENTITY 429
#define VAR_DNSTAP_VERSION 430
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
#define VAR_RESPONSE_IP_TAG 437
#define VAR_RESPONSE_IP 438
#define VAR_RESPONSE_IP_DATA 439
#define VAR_HARDEN_ALGO_DOWNGRADE 440
#define VAR_IP_TRANSPARENT 441
#define VAR_IP_DSCP 442
#define VAR_DISABLE_DNSSEC_LAME_CHECK 443
#define VAR_IP_RATELIMIT 444
#define VAR_IP_RATELIMIT_SLABS 445
#define VAR_IP_RATELIMIT_SIZE 446
#define VAR_RATELIMIT 447
#define VAR_RATELIMIT_SLABS 448
#define VAR_RATELIMIT_SIZE 449
#define VAR_RATELIMIT_FOR_DOMAIN 450
#define VAR_RATELIMIT_BELOW_DOMAIN 451
#define VAR_IP_RATELIMIT_FACTOR 452
#define VAR_RATELIMIT_FACTOR 453
#define VAR_SEND_CLIENT_SUBNET 454
#define VAR_CLIENT_SUBNET_ZONE 455
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
#define VAR_CLIENT_SUBNET_OPCODE 457
#define VAR_MAX_CLIENT_SUBNET_IPV4 458
#define VAR_MAX_CLIENT_SUBNET_IPV6 459
#define VAR_MIN_CLIENT_SUBNET_IPV4 460
#define VAR_MIN_CLIENT_SUBNET_IPV6 461
#define VAR_MAX_ECS_TREE_SIZE_IPV4 462
#define VAR_MAX_ECS_TREE_SIZE_IPV6 463
#define VAR_CAPS_WHITELIST 464
#define VAR_CACHE_MAX_NEGATIVE_TTL 465
#define VAR_PERMIT_SMALL_HOLDDOWN 466
#define VAR_QNAME_MINIMISATION 467
#define VAR_QNAME_MINIMISATION_STRICT 468
#define VAR_IP_FREEBIND 469
#define VAR_DEFINE_TAG 470
#define VAR_LOCAL_ZONE_TAG 471
#define VAR_ACCESS_CONTROL_TAG 472
#define VAR_LOCAL_ZONE_OVERRIDE 473
#define VAR_ACCESS_CONTROL_TAG_ACTION 474
#define VAR_ACCESS_CONTROL_TAG_DATA 475
#define VAR_VIEW 476
#define VAR_ACCESS_CONTROL_VIEW 477
#define VAR_VIEW_FIRST 478
#define VAR_SERVE_EXPIRED 479
#define VAR_SERVE_EXPIRED_TTL 480
#define VAR_SERVE_EXPIRED_TTL_RESET 481
#define VAR_SERVE_EXPIRED_REPLY_TTL 482
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
#define VAR_SERVE_ORIGINAL_TTL 484
#define VAR_FAKE_DSA 485
#define VAR_FAKE_SHA1 486
#define VAR_LOG_IDENTITY 487
#define VAR_HIDE_TRUSTANCHOR 488
#define VAR_TRUST_ANCHOR_SIGNALING 489
#define VAR_AGGRESSIVE_NSEC 490
#define VAR_USE_SYSTEMD 491
#define VAR_SHM_ENABLE 492
#define VAR_SHM_KEY 493
#define VAR_ROOT_KEY_SENTINEL 494
#define VAR_DNSCRYPT 495
#define VAR_DNSCRYPT_ENABLE 496
#define VAR_DNSCRYPT_PORT 497
#define VAR_DNSCRYPT_PROVIDER 498
#define VAR_DNSCRYPT_SECRET_KEY 499
#define VAR_DNSCRYPT_PROVIDER_CERT 500
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505
#define VAR_PAD_RESPONSES 506
#define VAR_PAD_RESPONSES_BLOCK_SIZE 507
#define VAR_PAD_QUERIES 508
#define VAR_PAD_QUERIES_BLOCK_SIZE 509
#define VAR_IPSECMOD_ENABLED 510
#define VAR_IPSECMOD_HOOK 511
#define VAR_IPSECMOD_IGNORE_BOGUS 512
#define VAR_IPSECMOD_MAX_TTL 513
#define VAR_IPSECMOD_WHITELIST 514
#define VAR_IPSECMOD_STRICT 515
#define VAR_CACHEDB 516
#define VAR_CACHEDB_BACKEND 517
#define VAR_CACHEDB_SECRETSEED 518
#define VAR_CACHEDB_REDISHOST 519
#define VAR_CACHEDB_REDISPORT 520
#define VAR_CACHEDB_REDISTIMEOUT 521
#define VAR_CACHEDB_REDISEXPIRERECORDS 522
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523
#define VAR_FOR_UPSTREAM 524
#define VAR_AUTH_ZONE 525
#define VAR_ZONEFILE 526
#define VAR_MASTER 527
#define VAR_URL 528
#define VAR_FOR_DOWNSTREAM 529
#define VAR_FALLBACK_ENABLED 530
#define VAR_TLS_ADDITIONAL_PORT 531
#define VAR_LOW_RTT 532
#define VAR_LOW_RTT_PERMIL 533
#define VAR_FAST_SERVER_PERMIL 534
#define VAR_FAST_SERVER_NUM 535
#define VAR_ALLOW_NOTIFY 536
#define VAR_TLS_WIN_CERT 537
#define VAR_TCP_CONNECTION_LIMIT 538
#define VAR_FORWARD_NO_CACHE 539
#define VAR_STUB_NO_CACHE 540
#define VAR_LOG_SERVFAIL 541
#define VAR_DENY_ANY 542
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 543
#define VAR_LOG_TAG_QUERYREPLY 544
#define VAR_STREAM_WAIT_SIZE 545
#define VAR_TLS_CIPHERS 546
#define VAR_TLS_CIPHERSUITES 547
#define VAR_TLS_USE_SNI 548
#define VAR_IPSET 549
#define VAR_IPSET_NAME_V4 550
#define VAR_IPSET_NAME_V6 551
#define VAR_TLS_SESSION_TICKET_KEYS 552
#define VAR_RPZ 553
#define VAR_TAGS 554
#define VAR_RPZ_ACTION_OVERRIDE 555
#define VAR_RPZ_CNAME_OVERRIDE 556
#define VAR_RPZ_LOG 557
#define VAR_RPZ_LOG_NAME 558
#define VAR_DYNLIB 559
#define VAR_DYNLIB_FILE 560
#define VAR_EDNS_CLIENT_STRING 561
#define VAR_EDNS_CLIENT_STRING_OPCODE 562
#define VAR_NSID 563
#define VAR_ZONEMD_PERMISSIVE_MODE 564
#define VAR_ZONEMD_REJECT_ABSENCE 565
#define VAR_TCP_REUSE_TIMEOUT 360
#define VAR_MAX_REUSE_TCP_QUERIES 361
#define VAR_EXTENDED_STATISTICS 362
#define VAR_LOCAL_DATA_PTR 363
#define VAR_JOSTLE_TIMEOUT 364
#define VAR_STUB_PRIME 365
#define VAR_UNWANTED_REPLY_THRESHOLD 366
#define VAR_LOG_TIME_ASCII 367
#define VAR_DOMAIN_INSECURE 368
#define VAR_PYTHON 369
#define VAR_PYTHON_SCRIPT 370
#define VAR_VAL_SIG_SKEW_MIN 371
#define VAR_VAL_SIG_SKEW_MAX 372
#define VAR_CACHE_MIN_TTL 373
#define VAR_VAL_LOG_LEVEL 374
#define VAR_AUTO_TRUST_ANCHOR_FILE 375
#define VAR_KEEP_MISSING 376
#define VAR_ADD_HOLDDOWN 377
#define VAR_DEL_HOLDDOWN 378
#define VAR_SO_RCVBUF 379
#define VAR_EDNS_BUFFER_SIZE 380
#define VAR_PREFETCH 381
#define VAR_PREFETCH_KEY 382
#define VAR_SO_SNDBUF 383
#define VAR_SO_REUSEPORT 384
#define VAR_HARDEN_BELOW_NXDOMAIN 385
#define VAR_IGNORE_CD_FLAG 386
#define VAR_LOG_QUERIES 387
#define VAR_LOG_REPLIES 388
#define VAR_LOG_LOCAL_ACTIONS 389
#define VAR_TCP_UPSTREAM 390
#define VAR_SSL_UPSTREAM 391
#define VAR_SSL_SERVICE_KEY 392
#define VAR_SSL_SERVICE_PEM 393
#define VAR_SSL_PORT 394
#define VAR_FORWARD_FIRST 395
#define VAR_STUB_SSL_UPSTREAM 396
#define VAR_FORWARD_SSL_UPSTREAM 397
#define VAR_TLS_CERT_BUNDLE 398
#define VAR_HTTPS_PORT 399
#define VAR_HTTP_ENDPOINT 400
#define VAR_HTTP_MAX_STREAMS 401
#define VAR_HTTP_QUERY_BUFFER_SIZE 402
#define VAR_HTTP_RESPONSE_BUFFER_SIZE 403
#define VAR_HTTP_NODELAY 404
#define VAR_HTTP_NOTLS_DOWNSTREAM 405
#define VAR_STUB_FIRST 406
#define VAR_MINIMAL_RESPONSES 407
#define VAR_RRSET_ROUNDROBIN 408
#define VAR_MAX_UDP_SIZE 409
#define VAR_DELAY_CLOSE 410
#define VAR_UDP_CONNECT 411
#define VAR_UNBLOCK_LAN_ZONES 412
#define VAR_INSECURE_LAN_ZONES 413
#define VAR_INFRA_CACHE_MIN_RTT 414
#define VAR_INFRA_KEEP_PROBING 415
#define VAR_DNS64_PREFIX 416
#define VAR_DNS64_SYNTHALL 417
#define VAR_DNS64_IGNORE_AAAA 418
#define VAR_DNSTAP 419
#define VAR_DNSTAP_ENABLE 420
#define VAR_DNSTAP_SOCKET_PATH 421
#define VAR_DNSTAP_IP 422
#define VAR_DNSTAP_TLS 423
#define VAR_DNSTAP_TLS_SERVER_NAME 424
#define VAR_DNSTAP_TLS_CERT_BUNDLE 425
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 426
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 427
#define VAR_DNSTAP_SEND_IDENTITY 428
#define VAR_DNSTAP_SEND_VERSION 429
#define VAR_DNSTAP_BIDIRECTIONAL 430
#define VAR_DNSTAP_IDENTITY 431
#define VAR_DNSTAP_VERSION 432
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 433
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 434
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 435
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 436
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 437
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 438
#define VAR_RESPONSE_IP_TAG 439
#define VAR_RESPONSE_IP 440
#define VAR_RESPONSE_IP_DATA 441
#define VAR_HARDEN_ALGO_DOWNGRADE 442
#define VAR_IP_TRANSPARENT 443
#define VAR_IP_DSCP 444
#define VAR_DISABLE_DNSSEC_LAME_CHECK 445
#define VAR_IP_RATELIMIT 446
#define VAR_IP_RATELIMIT_SLABS 447
#define VAR_IP_RATELIMIT_SIZE 448
#define VAR_RATELIMIT 449
#define VAR_RATELIMIT_SLABS 450
#define VAR_RATELIMIT_SIZE 451
#define VAR_RATELIMIT_FOR_DOMAIN 452
#define VAR_RATELIMIT_BELOW_DOMAIN 453
#define VAR_IP_RATELIMIT_FACTOR 454
#define VAR_RATELIMIT_FACTOR 455
#define VAR_SEND_CLIENT_SUBNET 456
#define VAR_CLIENT_SUBNET_ZONE 457
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 458
#define VAR_CLIENT_SUBNET_OPCODE 459
#define VAR_MAX_CLIENT_SUBNET_IPV4 460
#define VAR_MAX_CLIENT_SUBNET_IPV6 461
#define VAR_MIN_CLIENT_SUBNET_IPV4 462
#define VAR_MIN_CLIENT_SUBNET_IPV6 463
#define VAR_MAX_ECS_TREE_SIZE_IPV4 464
#define VAR_MAX_ECS_TREE_SIZE_IPV6 465
#define VAR_CAPS_WHITELIST 466
#define VAR_CACHE_MAX_NEGATIVE_TTL 467
#define VAR_PERMIT_SMALL_HOLDDOWN 468
#define VAR_QNAME_MINIMISATION 469
#define VAR_QNAME_MINIMISATION_STRICT 470
#define VAR_IP_FREEBIND 471
#define VAR_DEFINE_TAG 472
#define VAR_LOCAL_ZONE_TAG 473
#define VAR_ACCESS_CONTROL_TAG 474
#define VAR_LOCAL_ZONE_OVERRIDE 475
#define VAR_ACCESS_CONTROL_TAG_ACTION 476
#define VAR_ACCESS_CONTROL_TAG_DATA 477
#define VAR_VIEW 478
#define VAR_ACCESS_CONTROL_VIEW 479
#define VAR_VIEW_FIRST 480
#define VAR_SERVE_EXPIRED 481
#define VAR_SERVE_EXPIRED_TTL 482
#define VAR_SERVE_EXPIRED_TTL_RESET 483
#define VAR_SERVE_EXPIRED_REPLY_TTL 484
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 485
#define VAR_SERVE_ORIGINAL_TTL 486
#define VAR_FAKE_DSA 487
#define VAR_FAKE_SHA1 488
#define VAR_LOG_IDENTITY 489
#define VAR_HIDE_TRUSTANCHOR 490
#define VAR_TRUST_ANCHOR_SIGNALING 491
#define VAR_AGGRESSIVE_NSEC 492
#define VAR_USE_SYSTEMD 493
#define VAR_SHM_ENABLE 494
#define VAR_SHM_KEY 495
#define VAR_ROOT_KEY_SENTINEL 496
#define VAR_DNSCRYPT 497
#define VAR_DNSCRYPT_ENABLE 498
#define VAR_DNSCRYPT_PORT 499
#define VAR_DNSCRYPT_PROVIDER 500
#define VAR_DNSCRYPT_SECRET_KEY 501
#define VAR_DNSCRYPT_PROVIDER_CERT 502
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 503
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 504
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 505
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 506
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 507
#define VAR_PAD_RESPONSES 508
#define VAR_PAD_RESPONSES_BLOCK_SIZE 509
#define VAR_PAD_QUERIES 510
#define VAR_PAD_QUERIES_BLOCK_SIZE 511
#define VAR_IPSECMOD_ENABLED 512
#define VAR_IPSECMOD_HOOK 513
#define VAR_IPSECMOD_IGNORE_BOGUS 514
#define VAR_IPSECMOD_MAX_TTL 515
#define VAR_IPSECMOD_WHITELIST 516
#define VAR_IPSECMOD_STRICT 517
#define VAR_CACHEDB 518
#define VAR_CACHEDB_BACKEND 519
#define VAR_CACHEDB_SECRETSEED 520
#define VAR_CACHEDB_REDISHOST 521
#define VAR_CACHEDB_REDISPORT 522
#define VAR_CACHEDB_REDISTIMEOUT 523
#define VAR_CACHEDB_REDISEXPIRERECORDS 524
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 525
#define VAR_FOR_UPSTREAM 526
#define VAR_AUTH_ZONE 527
#define VAR_ZONEFILE 528
#define VAR_MASTER 529
#define VAR_URL 530
#define VAR_FOR_DOWNSTREAM 531
#define VAR_FALLBACK_ENABLED 532
#define VAR_TLS_ADDITIONAL_PORT 533
#define VAR_LOW_RTT 534
#define VAR_LOW_RTT_PERMIL 535
#define VAR_FAST_SERVER_PERMIL 536
#define VAR_FAST_SERVER_NUM 537
#define VAR_ALLOW_NOTIFY 538
#define VAR_TLS_WIN_CERT 539
#define VAR_TCP_CONNECTION_LIMIT 540
#define VAR_FORWARD_NO_CACHE 541
#define VAR_STUB_NO_CACHE 542
#define VAR_LOG_SERVFAIL 543
#define VAR_DENY_ANY 544
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 545
#define VAR_LOG_TAG_QUERYREPLY 546
#define VAR_STREAM_WAIT_SIZE 547
#define VAR_TLS_CIPHERS 548
#define VAR_TLS_CIPHERSUITES 549
#define VAR_TLS_USE_SNI 550
#define VAR_IPSET 551
#define VAR_IPSET_NAME_V4 552
#define VAR_IPSET_NAME_V6 553
#define VAR_TLS_SESSION_TICKET_KEYS 554
#define VAR_RPZ 555
#define VAR_TAGS 556
#define VAR_RPZ_ACTION_OVERRIDE 557
#define VAR_RPZ_CNAME_OVERRIDE 558
#define VAR_RPZ_LOG 559
#define VAR_RPZ_LOG_NAME 560
#define VAR_DYNLIB 561
#define VAR_DYNLIB_FILE 562
#define VAR_EDNS_CLIENT_STRING 563
#define VAR_EDNS_CLIENT_STRING_OPCODE 564
#define VAR_NSID 565
#define VAR_ZONEMD_PERMISSIVE_MODE 566
#define VAR_ZONEMD_REJECT_ABSENCE 567
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE
{
#line 66 "./util/configparser.y"
#line 66 "util/configparser.y"
char* str;
#line 690 "util/configparser.h"
#line 695 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

28
util/configparser.y
View file

@ -100,7 +100,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
%token VAR_CONTROL_USE_CERT
%token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
%token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
@ -301,7 +301,9 @@ content_server: server_num_threads | server_verbosity | server_port |
server_tls_ciphersuites | server_tls_session_ticket_keys |
server_tls_use_sni | server_edns_client_string |
server_edns_client_string_opcode | server_nsid |
server_zonemd_permissive_mode
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
server_tcp_reuse_timeout
;
stubstart: VAR_STUB_ZONE
{
@ -859,6 +861,28 @@ server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
free($2);
}
;
server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
{
OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("number expected");
else if (atoi($2) < 1)
cfg_parser->cfg->max_reuse_tcp_queries = 0;
else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
free($2);
}
;
server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
{
OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("number expected");
else if (atoi($2) < 1)
cfg_parser->cfg->tcp_reuse_timeout = 0;
else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
free($2);
}
;
server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
{
OUTYY(("P(server_tcp_keepalive:%s)\n", $2));