clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce infra-cache-max-rtt option to config max retransmit timeout

Browse Source 
Added the option and let it default to 120 seconds so that it won't change
current behavior.

Related-to #717
This commit is contained in:
Minghang Chen 2022-07-16 01:19:35 -07:00
parent 12cd495d55
commit 249efd4285
14 changed files with 6084 additions and 5332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/example.conf.in
View File

@ -202,6 +202,9 @@ server:
# minimum wait time for responses, increase if uplink is long. In msec.
# infra-cache-min-rtt: 50
# maximum wait time for responses. In msec.
# infra-cache-max-rtt: 120000
# enable to make server probe down hosts more frequently.
# infra-keep-probing: no

4
doc/unbound.conf.5.in
View File

@ -395,6 +395,10 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
cache. Default is 50 milliseconds. Increase this value if using forwarders
needing more time to do recursive name resolution.
.TP
.B infra\-cache\-max\-rtt: \fI<msec>
Upper limit for dynamic retransmit timeout calculation in infrastructure
cache. Default is 2 minutes.
.TP
.B infra\-keep\-probing: \fI<yes or no>
If enabled the server keeps probing hosts that are down, in the one probe
at a time regime. Default is no. Hosts that are down, eg. they did

2
iterator/iter_utils.c
View File

@ -70,8 +70,6 @@
/** time when nameserver glue is said to be 'recent' */
#define SUSPICION_RECENT_EXPIRY 86400
/** penalty to validation failed blacklisted IPs */
#define BLACKLIST_PENALTY (USEFUL_SERVER_TOP_TIMEOUT*4)
/** fillup fetch policy array */
static void

4
iterator/iterator.c
View File

@ -71,6 +71,10 @@
/* in msec */
int UNKNOWN_SERVER_NICENESS = 376;
/* in msec */
int USEFUL_SERVER_TOP_TIMEOUT = 120000;
/* Equals USEFUL_SERVER_TOP_TIMEOUT*4 */
int BLACKLIST_PENALTY = (120000*4);
static void target_count_increase_nx(struct iter_qstate* iq, int num);

12
iterator/iterator.h
View File

@ -94,15 +94,17 @@ struct rbtree_type;
extern int UNKNOWN_SERVER_NICENESS;
/** maximum timeout before a host is deemed unsuitable, in msec.
* After host_ttl this will be timed out and the host will be tried again.
* Equals RTT_MAX_TIMEOUT
*/
#define USEFUL_SERVER_TOP_TIMEOUT 120000
* Equals RTT_MAX_TIMEOUT, and thus when RTT_MAX_TIMEOUT is overwritten by
* config infra_cache_max_rtt, it will be overwritten as well. */
extern int USEFUL_SERVER_TOP_TIMEOUT;
/** penalty to validation failed blacklisted IPs
* Equals USEFUL_SERVER_TOP_TIMEOUT*4, and thus when RTT_MAX_TIMEOUT is
* overwritten by config infra_cache_max_rtt, it will be overwritten as well. */
extern int BLACKLIST_PENALTY;
/** RTT band, within this amount from the best, servers are chosen randomly.
* Chosen so that the UNKNOWN_SERVER_NICENESS falls within the band of a
* fast server, this causes server exploration as a side benefit. msec. */
#define RTT_BAND 400
/** Start value for blacklisting a host, 2*USEFUL_SERVER_TOP_TIMEOUT in sec */
#define INFRA_BACKOFF_INITIAL 240
/**
* Global state for the iterator.

15
util/config_file.c
View File

@ -173,6 +173,7 @@ config_create(void)
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;
cfg->infra_cache_min_rtt = 50;
cfg->infra_cache_max_rtt = 120000;
cfg->infra_keep_probing = 0;
cfg->delay_close = 0;
cfg->udp_connect = 1;
@ -595,8 +596,14 @@ int config_set_option(struct config_file* cfg, const char* opt,
else if(strcmp(opt, "cache-min-ttl:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;}
else if(strcmp(opt, "infra-cache-min-rtt:") == 0) {
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
}
else if(strcmp(opt, "infra-cache-max-rtt:") == 0) {
IS_NUMBER_OR_ZERO; cfg->infra_cache_max_rtt = atoi(val);
RTT_MAX_TIMEOUT=cfg->infra_cache_max_rtt;
USEFUL_SERVER_TOP_TIMEOUT = RTT_MAX_TIMEOUT;
BLACKLIST_PENALTY = USEFUL_SERVER_TOP_TIMEOUT*4;
}
else S_YNO("infra-keep-probing:", infra_keep_probing)
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
@ -1026,6 +1033,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "infra-host-ttl", host_ttl)
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
else O_UNS(opt, "infra-cache-max-rtt", infra_cache_max_rtt)
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
else O_UNS(opt, "delay-close", delay_close)
@ -2222,11 +2230,14 @@ config_apply(struct config_file* config)
SERVE_ORIGINAL_TTL = config->serve_original_ttl;
MAX_NEG_TTL = (time_t)config->max_negative_ttl;
RTT_MIN_TIMEOUT = config->infra_cache_min_rtt;
RTT_MAX_TIMEOUT = config->infra_cache_max_rtt;
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
MINIMAL_RESPONSES = config->minimal_responses;
RRSET_ROUNDROBIN = config->rrset_roundrobin;
LOG_TAG_QUERYREPLY = config->log_tag_queryreply;
UNKNOWN_SERVER_NICENESS = config->unknown_server_time_limit;
USEFUL_SERVER_TOP_TIMEOUT = RTT_MAX_TIMEOUT;
BLACKLIST_PENALTY = USEFUL_SERVER_TOP_TIMEOUT*4;
log_set_time_asc(config->log_time_ascii);
autr_permit_small_holddown = config->permit_small_holddown;
stream_wait_max = config->stream_wait_size;

4
util/config_file.h
View File

@ -186,8 +186,10 @@ struct config_file {
size_t infra_cache_slabs;
/** max number of hosts in the infra cache */
size_t infra_cache_numhosts;
/** min value for infra cache rtt */
/** min value for infra cache rtt (min retransmit timeout) */
int infra_cache_min_rtt;
/** max value for infra cache rtt (max retransmit timeout) */
int infra_cache_max_rtt;
/** keep probing hosts that are down */
int infra_keep_probing;
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */

6690
util/configlexer.c
View File

File diff suppressed because it is too large Load Diff

1
util/configlexer.lex
View File

@ -302,6 +302,7 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
infra-cache-max-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MAX_RTT) }
infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }

4003
util/configparser.c
View File

File diff suppressed because it is too large Load Diff

660
util/configparser.h
View File

@ -1,4 +1,4 @@
/* A Bison parser, made by GNU Bison 3.7.6. */
/* A Bison parser, made by GNU Bison 3.8.2. */
/* Bison interface for Yacc-like parsers in C
@ -215,169 +215,170 @@ extern int yydebug;
VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 419, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 420, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 421, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 422, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 423, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 424, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 425, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 426, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 427, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 428, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 429, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 430, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 432, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 433, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 434, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 435, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 436, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 441, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 443, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 444, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 445, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 446, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 447, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 448, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 449, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 450, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 451, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 452, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 453, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 454, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 455, /* VAR_RATELIMIT_SIZE */
VAR_OUTBOUND_MSG_RETRY = 456, /* VAR_OUTBOUND_MSG_RETRY */
VAR_RATELIMIT_FOR_DOMAIN = 457, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 458, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 459, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 460, /* VAR_RATELIMIT_FACTOR */
VAR_IP_RATELIMIT_BACKOFF = 461, /* VAR_IP_RATELIMIT_BACKOFF */
VAR_RATELIMIT_BACKOFF = 462, /* VAR_RATELIMIT_BACKOFF */
VAR_SEND_CLIENT_SUBNET = 463, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 464, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 465, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 466, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 467, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 469, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 471, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 473, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 474, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 475, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 476, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 477, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 478, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 479, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 480, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 481, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 482, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 483, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 484, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 485, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 486, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 487, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 488, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 489, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 490, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 491, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 492, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_EDE_SERVE_EXPIRED = 493, /* VAR_EDE_SERVE_EXPIRED */
VAR_SERVE_ORIGINAL_TTL = 494, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 495, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 496, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 497, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 498, /* VAR_HIDE_TRUSTANCHOR */
VAR_HIDE_HTTP_USER_AGENT = 499, /* VAR_HIDE_HTTP_USER_AGENT */
VAR_HTTP_USER_AGENT = 500, /* VAR_HTTP_USER_AGENT */
VAR_TRUST_ANCHOR_SIGNALING = 501, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 502, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 503, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 504, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 505, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 506, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 507, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 508, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 509, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 510, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 511, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 512, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 513, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 514, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 516, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 518, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 519, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 520, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 521, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 522, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 523, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 524, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 525, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 526, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 527, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 528, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 529, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 530, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 531, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 532, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 533, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 534, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 535, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 536, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 537, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 538, /* VAR_ZONEFILE */
VAR_MASTER = 539, /* VAR_MASTER */
VAR_URL = 540, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 541, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 542, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 543, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 544, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 545, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 546, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 547, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 548, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 549, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 550, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 551, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 552, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 553, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 554, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 555, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 556, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 557, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 558, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 559, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 560, /* VAR_TLS_USE_SNI */
VAR_IPSET = 561, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 562, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 563, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 564, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 565, /* VAR_RPZ */
VAR_TAGS = 566, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 567, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 568, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 569, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 570, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 571, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 572, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 573, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 574, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 575, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 576, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 577, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 578, /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 579, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
VAR_INTERFACE_AUTOMATIC_PORTS = 580, /* VAR_INTERFACE_AUTOMATIC_PORTS */
VAR_EDE = 581 /* VAR_EDE */
VAR_INFRA_CACHE_MAX_RTT = 419, /* VAR_INFRA_CACHE_MAX_RTT */
VAR_INFRA_KEEP_PROBING = 420, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 421, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 422, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 423, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 424, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 425, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 426, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 427, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 428, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 429, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 430, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 432, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 433, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 434, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 435, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 436, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 437, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 439, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 441, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 443, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 444, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 445, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 446, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 447, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 448, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 449, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 450, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 451, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 452, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 453, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 454, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */
VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */
VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */
VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */
VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */
VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 486, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */
VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */
VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */
VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */
VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 506, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 529, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 539, /* VAR_ZONEFILE */
VAR_MASTER = 540, /* VAR_MASTER */
VAR_URL = 541, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 545, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 555, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */
VAR_IPSET = 562, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 566, /* VAR_RPZ */
VAR_TAGS = 567, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 572, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 576, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */
VAR_EDE = 582 /* VAR_EDE */
};
typedef enum yytokentype yytoken_kind_t;
#endif
@ -547,169 +548,170 @@ extern int yydebug;
#define VAR_UNBLOCK_LAN_ZONES 416
#define VAR_INSECURE_LAN_ZONES 417
#define VAR_INFRA_CACHE_MIN_RTT 418
#define VAR_INFRA_KEEP_PROBING 419
#define VAR_DNS64_PREFIX 420
#define VAR_DNS64_SYNTHALL 421
#define VAR_DNS64_IGNORE_AAAA 422
#define VAR_DNSTAP 423
#define VAR_DNSTAP_ENABLE 424
#define VAR_DNSTAP_SOCKET_PATH 425
#define VAR_DNSTAP_IP 426
#define VAR_DNSTAP_TLS 427
#define VAR_DNSTAP_TLS_SERVER_NAME 428
#define VAR_DNSTAP_TLS_CERT_BUNDLE 429
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 430
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 431
#define VAR_DNSTAP_SEND_IDENTITY 432
#define VAR_DNSTAP_SEND_VERSION 433
#define VAR_DNSTAP_BIDIRECTIONAL 434
#define VAR_DNSTAP_IDENTITY 435
#define VAR_DNSTAP_VERSION 436
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 437
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 438
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 439
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 440
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 441
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 442
#define VAR_RESPONSE_IP_TAG 443
#define VAR_RESPONSE_IP 444
#define VAR_RESPONSE_IP_DATA 445
#define VAR_HARDEN_ALGO_DOWNGRADE 446
#define VAR_IP_TRANSPARENT 447
#define VAR_IP_DSCP 448
#define VAR_DISABLE_DNSSEC_LAME_CHECK 449
#define VAR_IP_RATELIMIT 450
#define VAR_IP_RATELIMIT_SLABS 451
#define VAR_IP_RATELIMIT_SIZE 452
#define VAR_RATELIMIT 453
#define VAR_RATELIMIT_SLABS 454
#define VAR_RATELIMIT_SIZE 455
#define VAR_OUTBOUND_MSG_RETRY 456
#define VAR_RATELIMIT_FOR_DOMAIN 457
#define VAR_RATELIMIT_BELOW_DOMAIN 458
#define VAR_IP_RATELIMIT_FACTOR 459
#define VAR_RATELIMIT_FACTOR 460
#define VAR_IP_RATELIMIT_BACKOFF 461
#define VAR_RATELIMIT_BACKOFF 462
#define VAR_SEND_CLIENT_SUBNET 463
#define VAR_CLIENT_SUBNET_ZONE 464
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 465
#define VAR_CLIENT_SUBNET_OPCODE 466
#define VAR_MAX_CLIENT_SUBNET_IPV4 467
#define VAR_MAX_CLIENT_SUBNET_IPV6 468
#define VAR_MIN_CLIENT_SUBNET_IPV4 469
#define VAR_MIN_CLIENT_SUBNET_IPV6 470
#define VAR_MAX_ECS_TREE_SIZE_IPV4 471
#define VAR_MAX_ECS_TREE_SIZE_IPV6 472
#define VAR_CAPS_WHITELIST 473
#define VAR_CACHE_MAX_NEGATIVE_TTL 474
#define VAR_PERMIT_SMALL_HOLDDOWN 475
#define VAR_QNAME_MINIMISATION 476
#define VAR_QNAME_MINIMISATION_STRICT 477
#define VAR_IP_FREEBIND 478
#define VAR_DEFINE_TAG 479
#define VAR_LOCAL_ZONE_TAG 480
#define VAR_ACCESS_CONTROL_TAG 481
#define VAR_LOCAL_ZONE_OVERRIDE 482
#define VAR_ACCESS_CONTROL_TAG_ACTION 483
#define VAR_ACCESS_CONTROL_TAG_DATA 484
#define VAR_VIEW 485
#define VAR_ACCESS_CONTROL_VIEW 486
#define VAR_VIEW_FIRST 487
#define VAR_SERVE_EXPIRED 488
#define VAR_SERVE_EXPIRED_TTL 489
#define VAR_SERVE_EXPIRED_TTL_RESET 490
#define VAR_SERVE_EXPIRED_REPLY_TTL 491
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 492
#define VAR_EDE_SERVE_EXPIRED 493
#define VAR_SERVE_ORIGINAL_TTL 494
#define VAR_FAKE_DSA 495
#define VAR_FAKE_SHA1 496
#define VAR_LOG_IDENTITY 497
#define VAR_HIDE_TRUSTANCHOR 498
#define VAR_HIDE_HTTP_USER_AGENT 499
#define VAR_HTTP_USER_AGENT 500
#define VAR_TRUST_ANCHOR_SIGNALING 501
#define VAR_AGGRESSIVE_NSEC 502
#define VAR_USE_SYSTEMD 503
#define VAR_SHM_ENABLE 504
#define VAR_SHM_KEY 505
#define VAR_ROOT_KEY_SENTINEL 506
#define VAR_DNSCRYPT 507
#define VAR_DNSCRYPT_ENABLE 508
#define VAR_DNSCRYPT_PORT 509
#define VAR_DNSCRYPT_PROVIDER 510
#define VAR_DNSCRYPT_SECRET_KEY 511
#define VAR_DNSCRYPT_PROVIDER_CERT 512
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 513
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 514
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 515
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 516
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 517
#define VAR_PAD_RESPONSES 518
#define VAR_PAD_RESPONSES_BLOCK_SIZE 519
#define VAR_PAD_QUERIES 520
#define VAR_PAD_QUERIES_BLOCK_SIZE 521
#define VAR_IPSECMOD_ENABLED 522
#define VAR_IPSECMOD_HOOK 523
#define VAR_IPSECMOD_IGNORE_BOGUS 524
#define VAR_IPSECMOD_MAX_TTL 525
#define VAR_IPSECMOD_WHITELIST 526
#define VAR_IPSECMOD_STRICT 527
#define VAR_CACHEDB 528
#define VAR_CACHEDB_BACKEND 529
#define VAR_CACHEDB_SECRETSEED 530
#define VAR_CACHEDB_REDISHOST 531
#define VAR_CACHEDB_REDISPORT 532
#define VAR_CACHEDB_REDISTIMEOUT 533
#define VAR_CACHEDB_REDISEXPIRERECORDS 534
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 535
#define VAR_FOR_UPSTREAM 536
#define VAR_AUTH_ZONE 537
#define VAR_ZONEFILE 538
#define VAR_MASTER 539
#define VAR_URL 540
#define VAR_FOR_DOWNSTREAM 541
#define VAR_FALLBACK_ENABLED 542
#define VAR_TLS_ADDITIONAL_PORT 543
#define VAR_LOW_RTT 544
#define VAR_LOW_RTT_PERMIL 545
#define VAR_FAST_SERVER_PERMIL 546
#define VAR_FAST_SERVER_NUM 547
#define VAR_ALLOW_NOTIFY 548
#define VAR_TLS_WIN_CERT 549
#define VAR_TCP_CONNECTION_LIMIT 550
#define VAR_FORWARD_NO_CACHE 551
#define VAR_STUB_NO_CACHE 552
#define VAR_LOG_SERVFAIL 553
#define VAR_DENY_ANY 554
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 555
#define VAR_LOG_TAG_QUERYREPLY 556
#define VAR_STREAM_WAIT_SIZE 557
#define VAR_TLS_CIPHERS 558
#define VAR_TLS_CIPHERSUITES 559
#define VAR_TLS_USE_SNI 560
#define VAR_IPSET 561
#define VAR_IPSET_NAME_V4 562
#define VAR_IPSET_NAME_V6 563
#define VAR_TLS_SESSION_TICKET_KEYS 564
#define VAR_RPZ 565
#define VAR_TAGS 566
#define VAR_RPZ_ACTION_OVERRIDE 567
#define VAR_RPZ_CNAME_OVERRIDE 568
#define VAR_RPZ_LOG 569
#define VAR_RPZ_LOG_NAME 570
#define VAR_DYNLIB 571
#define VAR_DYNLIB_FILE 572
#define VAR_EDNS_CLIENT_STRING 573
#define VAR_EDNS_CLIENT_STRING_OPCODE 574
#define VAR_NSID 575
#define VAR_ZONEMD_PERMISSIVE_MODE 576
#define VAR_ZONEMD_CHECK 577
#define VAR_ZONEMD_REJECT_ABSENCE 578
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 579
#define VAR_INTERFACE_AUTOMATIC_PORTS 580
#define VAR_EDE 581
#define VAR_INFRA_CACHE_MAX_RTT 419
#define VAR_INFRA_KEEP_PROBING 420
#define VAR_DNS64_PREFIX 421
#define VAR_DNS64_SYNTHALL 422
#define VAR_DNS64_IGNORE_AAAA 423
#define VAR_DNSTAP 424
#define VAR_DNSTAP_ENABLE 425
#define VAR_DNSTAP_SOCKET_PATH 426
#define VAR_DNSTAP_IP 427
#define VAR_DNSTAP_TLS 428
#define VAR_DNSTAP_TLS_SERVER_NAME 429
#define VAR_DNSTAP_TLS_CERT_BUNDLE 430
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 431
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 432
#define VAR_DNSTAP_SEND_IDENTITY 433
#define VAR_DNSTAP_SEND_VERSION 434
#define VAR_DNSTAP_BIDIRECTIONAL 435
#define VAR_DNSTAP_IDENTITY 436
#define VAR_DNSTAP_VERSION 437
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 438
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 439
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 440
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 441
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 442
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 443
#define VAR_RESPONSE_IP_TAG 444
#define VAR_RESPONSE_IP 445
#define VAR_RESPONSE_IP_DATA 446
#define VAR_HARDEN_ALGO_DOWNGRADE 447
#define VAR_IP_TRANSPARENT 448
#define VAR_IP_DSCP 449
#define VAR_DISABLE_DNSSEC_LAME_CHECK 450
#define VAR_IP_RATELIMIT 451
#define VAR_IP_RATELIMIT_SLABS 452
#define VAR_IP_RATELIMIT_SIZE 453
#define VAR_RATELIMIT 454
#define VAR_RATELIMIT_SLABS 455
#define VAR_RATELIMIT_SIZE 456
#define VAR_OUTBOUND_MSG_RETRY 457
#define VAR_RATELIMIT_FOR_DOMAIN 458
#define VAR_RATELIMIT_BELOW_DOMAIN 459
#define VAR_IP_RATELIMIT_FACTOR 460
#define VAR_RATELIMIT_FACTOR 461
#define VAR_IP_RATELIMIT_BACKOFF 462
#define VAR_RATELIMIT_BACKOFF 463
#define VAR_SEND_CLIENT_SUBNET 464
#define VAR_CLIENT_SUBNET_ZONE 465
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 466
#define VAR_CLIENT_SUBNET_OPCODE 467
#define VAR_MAX_CLIENT_SUBNET_IPV4 468
#define VAR_MAX_CLIENT_SUBNET_IPV6 469
#define VAR_MIN_CLIENT_SUBNET_IPV4 470
#define VAR_MIN_CLIENT_SUBNET_IPV6 471
#define VAR_MAX_ECS_TREE_SIZE_IPV4 472
#define VAR_MAX_ECS_TREE_SIZE_IPV6 473
#define VAR_CAPS_WHITELIST 474
#define VAR_CACHE_MAX_NEGATIVE_TTL 475
#define VAR_PERMIT_SMALL_HOLDDOWN 476
#define VAR_QNAME_MINIMISATION 477
#define VAR_QNAME_MINIMISATION_STRICT 478
#define VAR_IP_FREEBIND 479
#define VAR_DEFINE_TAG 480
#define VAR_LOCAL_ZONE_TAG 481
#define VAR_ACCESS_CONTROL_TAG 482
#define VAR_LOCAL_ZONE_OVERRIDE 483
#define VAR_ACCESS_CONTROL_TAG_ACTION 484
#define VAR_ACCESS_CONTROL_TAG_DATA 485
#define VAR_VIEW 486
#define VAR_ACCESS_CONTROL_VIEW 487
#define VAR_VIEW_FIRST 488
#define VAR_SERVE_EXPIRED 489
#define VAR_SERVE_EXPIRED_TTL 490
#define VAR_SERVE_EXPIRED_TTL_RESET 491
#define VAR_SERVE_EXPIRED_REPLY_TTL 492
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 493
#define VAR_EDE_SERVE_EXPIRED 494
#define VAR_SERVE_ORIGINAL_TTL 495
#define VAR_FAKE_DSA 496
#define VAR_FAKE_SHA1 497
#define VAR_LOG_IDENTITY 498
#define VAR_HIDE_TRUSTANCHOR 499
#define VAR_HIDE_HTTP_USER_AGENT 500
#define VAR_HTTP_USER_AGENT 501
#define VAR_TRUST_ANCHOR_SIGNALING 502
#define VAR_AGGRESSIVE_NSEC 503
#define VAR_USE_SYSTEMD 504
#define VAR_SHM_ENABLE 505
#define VAR_SHM_KEY 506
#define VAR_ROOT_KEY_SENTINEL 507
#define VAR_DNSCRYPT 508
#define VAR_DNSCRYPT_ENABLE 509
#define VAR_DNSCRYPT_PORT 510
#define VAR_DNSCRYPT_PROVIDER 511
#define VAR_DNSCRYPT_SECRET_KEY 512
#define VAR_DNSCRYPT_PROVIDER_CERT 513
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 514
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 515
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 516
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 517
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 518
#define VAR_PAD_RESPONSES 519
#define VAR_PAD_RESPONSES_BLOCK_SIZE 520
#define VAR_PAD_QUERIES 521
#define VAR_PAD_QUERIES_BLOCK_SIZE 522
#define VAR_IPSECMOD_ENABLED 523
#define VAR_IPSECMOD_HOOK 524
#define VAR_IPSECMOD_IGNORE_BOGUS 525
#define VAR_IPSECMOD_MAX_TTL 526
#define VAR_IPSECMOD_WHITELIST 527
#define VAR_IPSECMOD_STRICT 528
#define VAR_CACHEDB 529
#define VAR_CACHEDB_BACKEND 530
#define VAR_CACHEDB_SECRETSEED 531
#define VAR_CACHEDB_REDISHOST 532
#define VAR_CACHEDB_REDISPORT 533
#define VAR_CACHEDB_REDISTIMEOUT 534
#define VAR_CACHEDB_REDISEXPIRERECORDS 535
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 536
#define VAR_FOR_UPSTREAM 537
#define VAR_AUTH_ZONE 538
#define VAR_ZONEFILE 539
#define VAR_MASTER 540
#define VAR_URL 541
#define VAR_FOR_DOWNSTREAM 542
#define VAR_FALLBACK_ENABLED 543
#define VAR_TLS_ADDITIONAL_PORT 544
#define VAR_LOW_RTT 545
#define VAR_LOW_RTT_PERMIL 546
#define VAR_FAST_SERVER_PERMIL 547
#define VAR_FAST_SERVER_NUM 548
#define VAR_ALLOW_NOTIFY 549
#define VAR_TLS_WIN_CERT 550
#define VAR_TCP_CONNECTION_LIMIT 551
#define VAR_FORWARD_NO_CACHE 552
#define VAR_STUB_NO_CACHE 553
#define VAR_LOG_SERVFAIL 554
#define VAR_DENY_ANY 555
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 556
#define VAR_LOG_TAG_QUERYREPLY 557
#define VAR_STREAM_WAIT_SIZE 558
#define VAR_TLS_CIPHERS 559
#define VAR_TLS_CIPHERSUITES 560
#define VAR_TLS_USE_SNI 561
#define VAR_IPSET 562
#define VAR_IPSET_NAME_V4 563
#define VAR_IPSET_NAME_V6 564
#define VAR_TLS_SESSION_TICKET_KEYS 565
#define VAR_RPZ 566
#define VAR_TAGS 567
#define VAR_RPZ_ACTION_OVERRIDE 568
#define VAR_RPZ_CNAME_OVERRIDE 569
#define VAR_RPZ_LOG 570
#define VAR_RPZ_LOG_NAME 571
#define VAR_DYNLIB 572
#define VAR_DYNLIB_FILE 573
#define VAR_EDNS_CLIENT_STRING 574
#define VAR_EDNS_CLIENT_STRING_OPCODE 575
#define VAR_NSID 576
#define VAR_ZONEMD_PERMISSIVE_MODE 577
#define VAR_ZONEMD_CHECK 578
#define VAR_ZONEMD_REJECT_ABSENCE 579
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 580
#define VAR_INTERFACE_AUTOMATIC_PORTS 581
#define VAR_EDE 582
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -719,7 +721,7 @@ union YYSTYPE
char* str;
#line 723 "util/configparser.h"
#line 725 "./util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;
@ -730,6 +732,8 @@ typedef union YYSTYPE YYSTYPE;
extern YYSTYPE yylval;
int yyparse (void);
#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */

13
util/configparser.y
View File

@ -120,7 +120,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
@ -267,7 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_so_reuseport | server_delay_close | server_udp_connect |
server_unblock_lan_zones | server_insecure_lan_zones |
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
server_infra_cache_min_rtt | server_harden_algo_downgrade |
server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
server_ip_dscp | server_infra_keep_probing |
server_ip_ratelimit_slabs | server_ratelimit_slabs |
@ -1659,6 +1659,15 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
free($2);
}
;
server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
{
OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("number expected");
else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
free($2);
}
;
server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
{
OUTYY(("P(server_infra_keep_probing:%s)\n", $2));

3
util/rtt.c
View File

@ -45,6 +45,9 @@
/* overwritten by config: infra_cache_min_rtt: */
int RTT_MIN_TIMEOUT = 50;
/* overwritten by config: infra_cache_max_rtt: */
int RTT_MAX_TIMEOUT = 120000;
/** calculate RTO from rtt information */
static int
calc_rto(const struct rtt_info* rtt)

2
util/rtt.h
View File

@ -58,7 +58,7 @@ struct rtt_info {
/** min retransmit timeout value, in milliseconds */
extern int RTT_MIN_TIMEOUT;
/** max retransmit timeout value, in milliseconds */
#define RTT_MAX_TIMEOUT 120000
extern int RTT_MAX_TIMEOUT;
/**
* Initialize RTT estimators.