upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-14 10:42:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- For #677: Added tls-system-cert to config parser and documentation.

Browse source 
- Changelog note for #677.
This commit is contained in:
W.C.A. Wijngaards 2022-05-12 16:30:19 +02:00
parent 2132e67b36
commit e62b309959
8 changed files with 6904 additions and 6997 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/Changelog
View file

@ -2,6 +2,11 @@
- Fix #417: prefetch and ECS causing cache corruption when used
together.
12 May 2022: Wouter
- Merge #677: Allow using system certificates not only on Windows,
from pemensik.
- For #677: Added tls-system-cert to config parser and documentation.
11 May 2022: Wouter
- Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to
host.

2
doc/example.conf.in
View file

@ -815,6 +815,8 @@ server:
# Add system certs to the cert bundle, from the Windows Cert Store
# tls-win-cert: no
# and on other systems, the default openssl certificates
# tls-system-cert: no
# Pad queries over TLS upstreams
# pad-queries: yes

16
doc/unbound.conf.5.in
View file

@ -508,10 +508,11 @@ Enabled or disable whether the upstream queries use TLS only for transport.
Default is no. Useful in tunneling scenarios. The TLS contains plain DNS in
TCP wireformat. The other server must support this (see
\fBtls\-service\-key\fR).
If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to
load CA certs, otherwise the connections cannot be authenticated.
This option enables TLS for all of them, but if you do not set this you can
configure TLS specifically for some forward zones with forward\-tls\-upstream. And also with stub\-tls\-upstream.
If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert or
tls\-system\-cert to load CA certs, otherwise the connections cannot be
authenticated. This option enables TLS for all of them, but if you do not set
this you can configure TLS specifically for some forward zones with
forward\-tls\-upstream. And also with stub\-tls\-upstream.
.TP
.B ssl\-upstream: \fI<yes or no>
Alternate syntax for \fBtls\-upstream\fR. If both are present in the config
@ -560,7 +561,12 @@ Alternate syntax for \fBtls\-cert\-bundle\fR.
Add the system certificates to the cert bundle certificates for authentication.
If no cert bundle, it uses only these certificates. Default is no.
On windows this option uses the certificates from the cert store. Use
the tls\-cert\-bundle option on other systems.
the tls\-cert\-bundle option on other systems. On other systems, this option
enables the system certificates.
.TP
.B tls\-system\-cert: \fI<yes or no>
This the same setting as the tls\-win\-cert setting, under a different name.
Because it is not windows specific.
.TP
.B tls\-additional\-port: \fI<portnr>
List portnumbers as tls\-additional\-port, and when interfaces are defined,

1
util/config_file.c
View file

@ -1057,6 +1057,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_STR(opt, "ssl-cert-bundle", tls_cert_bundle)
else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
else O_YNO(opt, "tls-win-cert", tls_win_cert)
else O_YNO(opt, "tls-system-cert", tls_win_cert)
else O_LST(opt, "additional-ssl-port", tls_additional_port)
else O_LST(opt, "additional-tls-port", tls_additional_port)
else O_LST(opt, "tls-additional-ports", tls_additional_port)

5616
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

1
util/configlexer.lex
View file

@ -251,6 +251,7 @@ tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
tls-system-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }

7535
util/configparser.c
View file

File diff suppressed because it is too large Load diff

725
util/configparser.h
View file

@ -1,14 +1,14 @@
/* A Bison parser, made by GNU Bison 2.3. */
/* A Bison parser, made by GNU Bison 3.7.6. */
/* Skeleton interface for Bison's Yacc-like parsers in C
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
Inc.
This program is free software; you can redistribute it and/or modify
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -16,9 +16,7 @@
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@ -33,339 +31,361 @@
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual,
especially those whose name start with YY_ or yy_. They are
private implementation details that can be changed or removed. */
#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
#if YYDEBUG
extern int yydebug;
#endif
/* Token kinds. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
SPACE = 258,
LETTER = 259,
NEWLINE = 260,
COMMENT = 261,
COLON = 262,
ANY = 263,
ZONESTR = 264,
STRING_ARG = 265,
VAR_FORCE_TOPLEVEL = 266,
VAR_SERVER = 267,
VAR_VERBOSITY = 268,
VAR_NUM_THREADS = 269,
VAR_PORT = 270,
VAR_OUTGOING_RANGE = 271,
VAR_INTERFACE = 272,
VAR_PREFER_IP4 = 273,
VAR_DO_IP4 = 274,
VAR_DO_IP6 = 275,
VAR_PREFER_IP6 = 276,
VAR_DO_UDP = 277,
VAR_DO_TCP = 278,
VAR_TCP_MSS = 279,
VAR_OUTGOING_TCP_MSS = 280,
VAR_TCP_IDLE_TIMEOUT = 281,
VAR_EDNS_TCP_KEEPALIVE = 282,
VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283,
VAR_CHROOT = 284,
VAR_USERNAME = 285,
VAR_DIRECTORY = 286,
VAR_LOGFILE = 287,
VAR_PIDFILE = 288,
VAR_MSG_CACHE_SIZE = 289,
VAR_MSG_CACHE_SLABS = 290,
VAR_NUM_QUERIES_PER_THREAD = 291,
VAR_RRSET_CACHE_SIZE = 292,
VAR_RRSET_CACHE_SLABS = 293,
VAR_OUTGOING_NUM_TCP = 294,
VAR_INFRA_HOST_TTL = 295,
VAR_INFRA_LAME_TTL = 296,
VAR_INFRA_CACHE_SLABS = 297,
VAR_INFRA_CACHE_NUMHOSTS = 298,
VAR_INFRA_CACHE_LAME_SIZE = 299,
VAR_NAME = 300,
VAR_STUB_ZONE = 301,
VAR_STUB_HOST = 302,
VAR_STUB_ADDR = 303,
VAR_TARGET_FETCH_POLICY = 304,
VAR_HARDEN_SHORT_BUFSIZE = 305,
VAR_HARDEN_LARGE_QUERIES = 306,
VAR_FORWARD_ZONE = 307,
VAR_FORWARD_HOST = 308,
VAR_FORWARD_ADDR = 309,
VAR_DO_NOT_QUERY_ADDRESS = 310,
VAR_HIDE_IDENTITY = 311,
VAR_HIDE_VERSION = 312,
VAR_IDENTITY = 313,
VAR_VERSION = 314,
VAR_HARDEN_GLUE = 315,
VAR_MODULE_CONF = 316,
VAR_TRUST_ANCHOR_FILE = 317,
VAR_TRUST_ANCHOR = 318,
VAR_VAL_OVERRIDE_DATE = 319,
VAR_BOGUS_TTL = 320,
VAR_VAL_CLEAN_ADDITIONAL = 321,
VAR_VAL_PERMISSIVE_MODE = 322,
VAR_INCOMING_NUM_TCP = 323,
VAR_MSG_BUFFER_SIZE = 324,
VAR_KEY_CACHE_SIZE = 325,
VAR_KEY_CACHE_SLABS = 326,
VAR_TRUSTED_KEYS_FILE = 327,
VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328,
VAR_USE_SYSLOG = 329,
VAR_OUTGOING_INTERFACE = 330,
VAR_ROOT_HINTS = 331,
VAR_DO_NOT_QUERY_LOCALHOST = 332,
VAR_CACHE_MAX_TTL = 333,
VAR_HARDEN_DNSSEC_STRIPPED = 334,
VAR_ACCESS_CONTROL = 335,
VAR_LOCAL_ZONE = 336,
VAR_LOCAL_DATA = 337,
VAR_INTERFACE_AUTOMATIC = 338,
VAR_STATISTICS_INTERVAL = 339,
VAR_DO_DAEMONIZE = 340,
VAR_USE_CAPS_FOR_ID = 341,
VAR_STATISTICS_CUMULATIVE = 342,
VAR_OUTGOING_PORT_PERMIT = 343,
VAR_OUTGOING_PORT_AVOID = 344,
VAR_DLV_ANCHOR_FILE = 345,
VAR_DLV_ANCHOR = 346,
VAR_NEG_CACHE_SIZE = 347,
VAR_HARDEN_REFERRAL_PATH = 348,
VAR_PRIVATE_ADDRESS = 349,
VAR_PRIVATE_DOMAIN = 350,
VAR_REMOTE_CONTROL = 351,
VAR_CONTROL_ENABLE = 352,
VAR_CONTROL_INTERFACE = 353,
VAR_CONTROL_PORT = 354,
VAR_SERVER_KEY_FILE = 355,
VAR_SERVER_CERT_FILE = 356,
VAR_CONTROL_KEY_FILE = 357,
VAR_CONTROL_CERT_FILE = 358,
VAR_CONTROL_USE_CERT = 359,
VAR_TCP_REUSE_TIMEOUT = 360,
VAR_MAX_REUSE_TCP_QUERIES = 361,
VAR_EXTENDED_STATISTICS = 362,
VAR_LOCAL_DATA_PTR = 363,
VAR_JOSTLE_TIMEOUT = 364,
VAR_STUB_PRIME = 365,
VAR_UNWANTED_REPLY_THRESHOLD = 366,
VAR_LOG_TIME_ASCII = 367,
VAR_DOMAIN_INSECURE = 368,
VAR_PYTHON = 369,
VAR_PYTHON_SCRIPT = 370,
VAR_VAL_SIG_SKEW_MIN = 371,
VAR_VAL_SIG_SKEW_MAX = 372,
VAR_VAL_MAX_RESTART = 373,
VAR_CACHE_MIN_TTL = 374,
VAR_VAL_LOG_LEVEL = 375,
VAR_AUTO_TRUST_ANCHOR_FILE = 376,
VAR_KEEP_MISSING = 377,
VAR_ADD_HOLDDOWN = 378,
VAR_DEL_HOLDDOWN = 379,
VAR_SO_RCVBUF = 380,
VAR_EDNS_BUFFER_SIZE = 381,
VAR_PREFETCH = 382,
VAR_PREFETCH_KEY = 383,
VAR_SO_SNDBUF = 384,
VAR_SO_REUSEPORT = 385,
VAR_HARDEN_BELOW_NXDOMAIN = 386,
VAR_IGNORE_CD_FLAG = 387,
VAR_LOG_QUERIES = 388,
VAR_LOG_REPLIES = 389,
VAR_LOG_LOCAL_ACTIONS = 390,
VAR_TCP_UPSTREAM = 391,
VAR_SSL_UPSTREAM = 392,
VAR_TCP_AUTH_QUERY_TIMEOUT = 393,
VAR_SSL_SERVICE_KEY = 394,
VAR_SSL_SERVICE_PEM = 395,
VAR_SSL_PORT = 396,
VAR_FORWARD_FIRST = 397,
VAR_STUB_SSL_UPSTREAM = 398,
VAR_FORWARD_SSL_UPSTREAM = 399,
VAR_TLS_CERT_BUNDLE = 400,
VAR_STUB_TCP_UPSTREAM = 401,
VAR_FORWARD_TCP_UPSTREAM = 402,
VAR_HTTPS_PORT = 403,
VAR_HTTP_ENDPOINT = 404,
VAR_HTTP_MAX_STREAMS = 405,
VAR_HTTP_QUERY_BUFFER_SIZE = 406,
VAR_HTTP_RESPONSE_BUFFER_SIZE = 407,
VAR_HTTP_NODELAY = 408,
VAR_HTTP_NOTLS_DOWNSTREAM = 409,
VAR_STUB_FIRST = 410,
VAR_MINIMAL_RESPONSES = 411,
VAR_RRSET_ROUNDROBIN = 412,
VAR_MAX_UDP_SIZE = 413,
VAR_DELAY_CLOSE = 414,
VAR_UDP_CONNECT = 415,
VAR_UNBLOCK_LAN_ZONES = 416,
VAR_INSECURE_LAN_ZONES = 417,
VAR_INFRA_CACHE_MIN_RTT = 418,
VAR_INFRA_KEEP_PROBING = 419,
VAR_DNS64_PREFIX = 420,
VAR_DNS64_SYNTHALL = 421,
VAR_DNS64_IGNORE_AAAA = 422,
VAR_DNSTAP = 423,
VAR_DNSTAP_ENABLE = 424,
VAR_DNSTAP_SOCKET_PATH = 425,
VAR_DNSTAP_IP = 426,
VAR_DNSTAP_TLS = 427,
VAR_DNSTAP_TLS_SERVER_NAME = 428,
VAR_DNSTAP_TLS_CERT_BUNDLE = 429,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 430,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 431,
VAR_DNSTAP_SEND_IDENTITY = 432,
VAR_DNSTAP_SEND_VERSION = 433,
VAR_DNSTAP_BIDIRECTIONAL = 434,
VAR_DNSTAP_IDENTITY = 435,
VAR_DNSTAP_VERSION = 436,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 437,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 438,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 439,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 440,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 441,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 442,
VAR_RESPONSE_IP_TAG = 443,
VAR_RESPONSE_IP = 444,
VAR_RESPONSE_IP_DATA = 445,
VAR_HARDEN_ALGO_DOWNGRADE = 446,
VAR_IP_TRANSPARENT = 447,
VAR_IP_DSCP = 448,
VAR_DISABLE_DNSSEC_LAME_CHECK = 449,
VAR_IP_RATELIMIT = 450,
VAR_IP_RATELIMIT_SLABS = 451,
VAR_IP_RATELIMIT_SIZE = 452,
VAR_RATELIMIT = 453,
VAR_RATELIMIT_SLABS = 454,
VAR_RATELIMIT_SIZE = 455,
VAR_OUTBOUND_MSG_RETRY = 456,
VAR_RATELIMIT_FOR_DOMAIN = 457,
VAR_RATELIMIT_BELOW_DOMAIN = 458,
VAR_IP_RATELIMIT_FACTOR = 459,
VAR_RATELIMIT_FACTOR = 460,
VAR_IP_RATELIMIT_BACKOFF = 461,
VAR_RATELIMIT_BACKOFF = 462,
VAR_SEND_CLIENT_SUBNET = 463,
VAR_CLIENT_SUBNET_ZONE = 464,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 465,
VAR_CLIENT_SUBNET_OPCODE = 466,
VAR_MAX_CLIENT_SUBNET_IPV4 = 467,
VAR_MAX_CLIENT_SUBNET_IPV6 = 468,
VAR_MIN_CLIENT_SUBNET_IPV4 = 469,
VAR_MIN_CLIENT_SUBNET_IPV6 = 470,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 471,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 472,
VAR_CAPS_WHITELIST = 473,
VAR_CACHE_MAX_NEGATIVE_TTL = 474,
VAR_PERMIT_SMALL_HOLDDOWN = 475,
VAR_QNAME_MINIMISATION = 476,
VAR_QNAME_MINIMISATION_STRICT = 477,
VAR_IP_FREEBIND = 478,
VAR_DEFINE_TAG = 479,
VAR_LOCAL_ZONE_TAG = 480,
VAR_ACCESS_CONTROL_TAG = 481,
VAR_LOCAL_ZONE_OVERRIDE = 482,
VAR_ACCESS_CONTROL_TAG_ACTION = 483,
VAR_ACCESS_CONTROL_TAG_DATA = 484,
VAR_VIEW = 485,
VAR_ACCESS_CONTROL_VIEW = 486,
VAR_VIEW_FIRST = 487,
VAR_SERVE_EXPIRED = 488,
VAR_SERVE_EXPIRED_TTL = 489,
VAR_SERVE_EXPIRED_TTL_RESET = 490,
VAR_SERVE_EXPIRED_REPLY_TTL = 491,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 492,
VAR_EDE_SERVE_EXPIRED = 493,
VAR_SERVE_ORIGINAL_TTL = 494,
VAR_FAKE_DSA = 495,
VAR_FAKE_SHA1 = 496,
VAR_LOG_IDENTITY = 497,
VAR_HIDE_TRUSTANCHOR = 498,
VAR_HIDE_HTTP_USER_AGENT = 499,
VAR_HTTP_USER_AGENT = 500,
VAR_TRUST_ANCHOR_SIGNALING = 501,
VAR_AGGRESSIVE_NSEC = 502,
VAR_USE_SYSTEMD = 503,
VAR_SHM_ENABLE = 504,
VAR_SHM_KEY = 505,
VAR_ROOT_KEY_SENTINEL = 506,
VAR_DNSCRYPT = 507,
VAR_DNSCRYPT_ENABLE = 508,
VAR_DNSCRYPT_PORT = 509,
VAR_DNSCRYPT_PROVIDER = 510,
VAR_DNSCRYPT_SECRET_KEY = 511,
VAR_DNSCRYPT_PROVIDER_CERT = 512,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 513,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 514,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 515,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 516,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 517,
VAR_PAD_RESPONSES = 518,
VAR_PAD_RESPONSES_BLOCK_SIZE = 519,
VAR_PAD_QUERIES = 520,
VAR_PAD_QUERIES_BLOCK_SIZE = 521,
VAR_IPSECMOD_ENABLED = 522,
VAR_IPSECMOD_HOOK = 523,
VAR_IPSECMOD_IGNORE_BOGUS = 524,
VAR_IPSECMOD_MAX_TTL = 525,
VAR_IPSECMOD_WHITELIST = 526,
VAR_IPSECMOD_STRICT = 527,
VAR_CACHEDB = 528,
VAR_CACHEDB_BACKEND = 529,
VAR_CACHEDB_SECRETSEED = 530,
VAR_CACHEDB_REDISHOST = 531,
VAR_CACHEDB_REDISPORT = 532,
VAR_CACHEDB_REDISTIMEOUT = 533,
VAR_CACHEDB_REDISEXPIRERECORDS = 534,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 535,
VAR_FOR_UPSTREAM = 536,
VAR_AUTH_ZONE = 537,
VAR_ZONEFILE = 538,
VAR_MASTER = 539,
VAR_URL = 540,
VAR_FOR_DOWNSTREAM = 541,
VAR_FALLBACK_ENABLED = 542,
VAR_TLS_ADDITIONAL_PORT = 543,
VAR_LOW_RTT = 544,
VAR_LOW_RTT_PERMIL = 545,
VAR_FAST_SERVER_PERMIL = 546,
VAR_FAST_SERVER_NUM = 547,
VAR_ALLOW_NOTIFY = 548,
VAR_TLS_WIN_CERT = 549,
VAR_TCP_CONNECTION_LIMIT = 550,
VAR_FORWARD_NO_CACHE = 551,
VAR_STUB_NO_CACHE = 552,
VAR_LOG_SERVFAIL = 553,
VAR_DENY_ANY = 554,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 555,
VAR_LOG_TAG_QUERYREPLY = 556,
VAR_STREAM_WAIT_SIZE = 557,
VAR_TLS_CIPHERS = 558,
VAR_TLS_CIPHERSUITES = 559,
VAR_TLS_USE_SNI = 560,
VAR_IPSET = 561,
VAR_IPSET_NAME_V4 = 562,
VAR_IPSET_NAME_V6 = 563,
VAR_TLS_SESSION_TICKET_KEYS = 564,
VAR_RPZ = 565,
VAR_TAGS = 566,
VAR_RPZ_ACTION_OVERRIDE = 567,
VAR_RPZ_CNAME_OVERRIDE = 568,
VAR_RPZ_LOG = 569,
VAR_RPZ_LOG_NAME = 570,
VAR_DYNLIB = 571,
VAR_DYNLIB_FILE = 572,
VAR_EDNS_CLIENT_STRING = 573,
VAR_EDNS_CLIENT_STRING_OPCODE = 574,
VAR_NSID = 575,
VAR_ZONEMD_PERMISSIVE_MODE = 576,
VAR_ZONEMD_CHECK = 577,
VAR_ZONEMD_REJECT_ABSENCE = 578,
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 579,
VAR_INTERFACE_AUTOMATIC_PORTS = 580,
VAR_EDE = 581
};
enum yytokentype
{
YYEMPTY = -2,
YYEOF = 0, /* "end of file" */
YYerror = 256, /* error */
YYUNDEF = 257, /* "invalid token" */
SPACE = 258, /* SPACE */
LETTER = 259, /* LETTER */
NEWLINE = 260, /* NEWLINE */
COMMENT = 261, /* COMMENT */
COLON = 262, /* COLON */
ANY = 263, /* ANY */
ZONESTR = 264, /* ZONESTR */
STRING_ARG = 265, /* STRING_ARG */
VAR_FORCE_TOPLEVEL = 266, /* VAR_FORCE_TOPLEVEL */
VAR_SERVER = 267, /* VAR_SERVER */
VAR_VERBOSITY = 268, /* VAR_VERBOSITY */
VAR_NUM_THREADS = 269, /* VAR_NUM_THREADS */
VAR_PORT = 270, /* VAR_PORT */
VAR_OUTGOING_RANGE = 271, /* VAR_OUTGOING_RANGE */
VAR_INTERFACE = 272, /* VAR_INTERFACE */
VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */
VAR_DO_IP4 = 274, /* VAR_DO_IP4 */
VAR_DO_IP6 = 275, /* VAR_DO_IP6 */
VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */
VAR_DO_UDP = 277, /* VAR_DO_UDP */
VAR_DO_TCP = 278, /* VAR_DO_TCP */
VAR_TCP_MSS = 279, /* VAR_TCP_MSS */
VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */
VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */
VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */
VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */
VAR_CHROOT = 284, /* VAR_CHROOT */
VAR_USERNAME = 285, /* VAR_USERNAME */
VAR_DIRECTORY = 286, /* VAR_DIRECTORY */
VAR_LOGFILE = 287, /* VAR_LOGFILE */
VAR_PIDFILE = 288, /* VAR_PIDFILE */
VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */
VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */
VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */
VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */
VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */
VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */
VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */
VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */
VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */
VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */
VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */
VAR_NAME = 300, /* VAR_NAME */
VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */
VAR_STUB_HOST = 302, /* VAR_STUB_HOST */
VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */
VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */
VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */
VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */
VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */
VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */
VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */
VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */
VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */
VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */
VAR_IDENTITY = 313, /* VAR_IDENTITY */
VAR_VERSION = 314, /* VAR_VERSION */
VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */
VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */
VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */
VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */
VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */
VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */
VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */
VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */
VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */
VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */
VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */
VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */
VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */
VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */
VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */
VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */
VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */
VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */
VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */
VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */
VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */
VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */
VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */
VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */
VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */
VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */
VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */
VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */
VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */
VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */
VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */
VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */
VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */
VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */
VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */
VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */
VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */
VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */
VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */
VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */
VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */
VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */
VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */
VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */
VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */
VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */
VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */
VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */
VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */
VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */
VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */
VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */
VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */
VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */
VAR_PYTHON = 369, /* VAR_PYTHON */
VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */
VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */
VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */
VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */
VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */
VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */
VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */
VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */
VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */
VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */
VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */
VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */
VAR_PREFETCH = 382, /* VAR_PREFETCH */
VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */
VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */
VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */
VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */
VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */
VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */
VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */
VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */
VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */
VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */
VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */
VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */
VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */
VAR_SSL_PORT = 396, /* VAR_SSL_PORT */
VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */
VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */
VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */
VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */
VAR_STUB_TCP_UPSTREAM = 401, /* VAR_STUB_TCP_UPSTREAM */
VAR_FORWARD_TCP_UPSTREAM = 402, /* VAR_FORWARD_TCP_UPSTREAM */
VAR_HTTPS_PORT = 403, /* VAR_HTTPS_PORT */
VAR_HTTP_ENDPOINT = 404, /* VAR_HTTP_ENDPOINT */
VAR_HTTP_MAX_STREAMS = 405, /* VAR_HTTP_MAX_STREAMS */
VAR_HTTP_QUERY_BUFFER_SIZE = 406, /* VAR_HTTP_QUERY_BUFFER_SIZE */
VAR_HTTP_RESPONSE_BUFFER_SIZE = 407, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
VAR_HTTP_NODELAY = 408, /* VAR_HTTP_NODELAY */
VAR_HTTP_NOTLS_DOWNSTREAM = 409, /* VAR_HTTP_NOTLS_DOWNSTREAM */
VAR_STUB_FIRST = 410, /* VAR_STUB_FIRST */
VAR_MINIMAL_RESPONSES = 411, /* VAR_MINIMAL_RESPONSES */
VAR_RRSET_ROUNDROBIN = 412, /* VAR_RRSET_ROUNDROBIN */
VAR_MAX_UDP_SIZE = 413, /* VAR_MAX_UDP_SIZE */
VAR_DELAY_CLOSE = 414, /* VAR_DELAY_CLOSE */
VAR_UDP_CONNECT = 415, /* VAR_UDP_CONNECT */
VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 419, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 420, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 421, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 422, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 423, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 424, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 425, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 426, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 427, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 428, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 429, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 430, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 432, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 433, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 434, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 435, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 436, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 441, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 443, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 444, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 445, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 446, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 447, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 448, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 449, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 450, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 451, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 452, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 453, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 454, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 455, /* VAR_RATELIMIT_SIZE */
VAR_OUTBOUND_MSG_RETRY = 456, /* VAR_OUTBOUND_MSG_RETRY */
VAR_RATELIMIT_FOR_DOMAIN = 457, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 458, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 459, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 460, /* VAR_RATELIMIT_FACTOR */
VAR_IP_RATELIMIT_BACKOFF = 461, /* VAR_IP_RATELIMIT_BACKOFF */
VAR_RATELIMIT_BACKOFF = 462, /* VAR_RATELIMIT_BACKOFF */
VAR_SEND_CLIENT_SUBNET = 463, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 464, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 465, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 466, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 467, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 469, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 471, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 473, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 474, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 475, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 476, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 477, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 478, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 479, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 480, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 481, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 482, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 483, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 484, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 485, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 486, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 487, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 488, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 489, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 490, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 491, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 492, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_EDE_SERVE_EXPIRED = 493, /* VAR_EDE_SERVE_EXPIRED */
VAR_SERVE_ORIGINAL_TTL = 494, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 495, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 496, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 497, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 498, /* VAR_HIDE_TRUSTANCHOR */
VAR_HIDE_HTTP_USER_AGENT = 499, /* VAR_HIDE_HTTP_USER_AGENT */
VAR_HTTP_USER_AGENT = 500, /* VAR_HTTP_USER_AGENT */
VAR_TRUST_ANCHOR_SIGNALING = 501, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 502, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 503, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 504, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 505, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 506, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 507, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 508, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 509, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 510, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 511, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 512, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 513, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 514, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 516, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 518, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 519, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 520, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 521, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 522, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 523, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 524, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 525, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 526, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 527, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 528, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 529, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 530, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 531, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 532, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 533, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 534, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 535, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 536, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 537, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 538, /* VAR_ZONEFILE */
VAR_MASTER = 539, /* VAR_MASTER */
VAR_URL = 540, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 541, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 542, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 543, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 544, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 545, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 546, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 547, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 548, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 549, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 550, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 551, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 552, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 553, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 554, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 555, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 556, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 557, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 558, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 559, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 560, /* VAR_TLS_USE_SNI */
VAR_IPSET = 561, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 562, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 563, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 564, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 565, /* VAR_RPZ */
VAR_TAGS = 566, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 567, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 568, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 569, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 570, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 571, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 572, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 573, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 574, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 575, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 576, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 577, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 578, /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 579, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
VAR_INTERFACE_AUTOMATIC_PORTS = 580, /* VAR_INTERFACE_AUTOMATIC_PORTS */
VAR_EDE = 581 /* VAR_EDE */
};
typedef enum yytokentype yytoken_kind_t;
#endif
/* Tokens. */
/* Token kinds. */
#define YYEMPTY -2
#define YYEOF 0
#define YYerror 256
#define YYUNDEF 257
#define SPACE 258
#define LETTER 259
#define NEWLINE 260
@ -691,22 +711,25 @@
#define VAR_INTERFACE_AUTOMATIC_PORTS 580
#define VAR_EDE 581
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
#line 66 "./util/configparser.y"
union YYSTYPE
{
#line 66 "./util/configparser.y"
char* str;
}
/* Line 1529 of yacc.c. */
#line 705 "util/configparser.h"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#line 723 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE yylval;
int yyparse (void);
#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */