- local-zone: example.com inform makes unbound log a message with

  client IP for queries in that zone.  Eg. for finding infected hosts.

git-svn-id: file:///svn/unbound/trunk@3292 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/worker.c b/daemon/worker.c
index 59ae9dfcefcbfd71c8b42f0ac623a9ff1eb6c493..5edc21dd46e7570869d62c9f5cfb42b627f5e01b 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -900,7 +900,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
                goto send_reply;
        }
        if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns, 
-               c->buffer, worker->scratchpad)) {
+               c->buffer, worker->scratchpad, repinfo)) {
                regional_free_all(worker->scratchpad);
                if(sldns_buffer_limit(c->buffer) == 0) {
                        comm_point_drop_reply(repinfo);

diff --git a/doc/Changelog b/doc/Changelog
index 0100dd55a111e83f29b44a83e6eeceb9463ca4b7..3a72bcf803c14d961af7344bc1e348ffd8224658 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 9 December 2014: Wouter
        - svn trunk has 1.5.2 in development.
        - config.guess and config.sub update from libtoolize.
+       - local-zone: example.com inform makes unbound log a message with
+         client IP for queries in that zone.  Eg. for finding infected hosts.
 
 8 December 2014: Wouter
        - Fix CVE-2014-8602: denial of service by making resolver chase

diff --git a/doc/example.conf.in b/doc/example.conf.in
index 03f6184a475b5e938f1b9203c600a4f3619208ca..e4a01d63457f4d5cd32c8902d1f4009441a37e25 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -497,6 +497,7 @@ server:
        # o redirect serves the zone data for any subdomain in the zone.
        # o nodefault can be used to normally resolve AS112 zones.
        # o typetransparent resolves normally for other types and other names
+       # o inform resolves normally, but logs client IP address
        #
        # defaults are localhost address, reverse for 127.0.0.1 and ::1
        # and nxdomain for AS112 zones. If you configure one of these zones

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 67ff89b0c0f6bf787019c0ca1d5625e4bee87a7c..36503815a8ba899a908dde1eda582a9501c6f7cc 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -791,7 +791,7 @@ data leakage about the local network to the upstream DNS servers.
 .B local\-zone: \fI<zone> <type>
 Configure a local zone. The type determines the answer to give if
 there is no match from local\-data. The types are deny, refuse, static,
-transparent, redirect, nodefault, typetransparent, and are explained
+transparent, redirect, nodefault, typetransparent, inform, and are explained
 below. After that the default settings are listed. Use local\-data: to
 enter data into the local zone. Answers for local zones are authoritative
 DNS answers. By default the zones are class IN.
@@ -841,6 +841,13 @@ local\-data: "example.com. A 127.0.0.1"
 queries for www.example.com and www.foo.example.com are redirected, so
 that users with web browsers cannot access sites with suffix example.com.
 .TP 10
+\h'5'\fIinform\fR 
+The query is answered normally.  The client IP address (@portnumber)
+is printed to the logfile.  The log message is: timestamp, unbound-pid,
+info: zonename inform IP@port queryname type class.  This option can be
+used for normal resolution, but machines looking up infected names are
+logged, eg. to run antivirus on them.
+.TP 10
 \h'5'\fInodefault\fR 
 Used to turn off default contents for AS112 zones. The other types
 also turn off default contents for the zone. The 'nodefault' option 

diff --git a/libunbound/libworker.c b/libunbound/libworker.c
index e388e7956c81e84db21728dd5f9c897c8094b84a..c72b586ab70da9c06c38052b6c2a314b21862186 100644 (file)
--- a/libunbound/libworker.c
+++ b/libunbound/libworker.c
@@ -606,7 +606,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
        sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
        sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
        if(local_zones_answer(ctx->local_zones, &qinfo, &edns, 
-               w->back->udp_buff, w->env->scratch)) {
+               w->back->udp_buff, w->env->scratch, NULL)) {
                regional_free_all(w->env->scratch);
                libworker_fillup_fg(q, LDNS_RCODE_NOERROR, 
                        w->back->udp_buff, sec_status_insecure, NULL);
@@ -676,7 +676,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
        sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
        sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
        if(local_zones_answer(ctx->local_zones, &qinfo, &edns, 
-               w->back->udp_buff, w->env->scratch)) {
+               w->back->udp_buff, w->env->scratch, NULL)) {
                regional_free_all(w->env->scratch);
                free(qinfo.qname);
                libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
@@ -796,7 +796,7 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len)
        sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
        sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
        if(local_zones_answer(w->ctx->local_zones, &qinfo, &edns, 
-               w->back->udp_buff, w->env->scratch)) {
+               w->back->udp_buff, w->env->scratch, NULL)) {
                regional_free_all(w->env->scratch);
                q->msg_security = sec_status_insecure;
                add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL);

diff --git a/services/localzone.c b/services/localzone.c
index d285a127cbbf218a126d5f0d6d70398115ed2e67..57510bd27364e2c4b91a4a5694fa1a15aaab0c95 100644 (file)
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -48,6 +48,7 @@
 #include "util/data/packed_rrset.h"
 #include "util/data/msgencode.h"
 #include "util/net_help.h"
+#include "util/netevent.h"
 #include "util/data/msgreply.h"
 #include "util/data/msgparse.h"
 
@@ -1022,6 +1023,10 @@ void local_zones_print(struct local_zones* zones)
                        log_nametypeclass(0, "static zone", 
                                z->name, 0, z->dclass);
                        break;
+               case local_zone_inform:
+                       log_nametypeclass(0, "inform zone", 
+                               z->name, 0, z->dclass);
+                       break;
                default:
                        log_nametypeclass(0, "badtyped zone", 
                                z->name, 0, z->dclass);
@@ -1169,9 +1174,25 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo,
        return 0;
 }
 
+/** print log information for an inform zone query */
+static void
+lz_inform_print(struct local_zone* z, struct query_info* qinfo,
+       struct comm_reply* repinfo)
+{
+       char ip[128], txt[512];
+       char zname[LDNS_MAX_DOMAINLEN+1];
+       uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
+       dname_str(z->name, zname);
+       addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
+       snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip,
+               (unsigned)port);
+       log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
+}
+
 int 
 local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
-       struct edns_data* edns, sldns_buffer* buf, struct regional* temp)
+       struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
+       struct comm_reply* repinfo)
 {
        /* see if query is covered by a zone,
         *      if so:  - try to match (exact) local data 
@@ -1190,6 +1211,9 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
        lock_rw_rdlock(&z->lock);
        lock_rw_unlock(&zones->lock);
 
+       if(z->type == local_zone_inform && repinfo)
+               lz_inform_print(z, qinfo, repinfo);
+
        if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) {
                lock_rw_unlock(&z->lock);
                return 1;
@@ -1209,6 +1233,7 @@ const char* local_zone_type2str(enum localzone_type t)
                case local_zone_typetransparent: return "typetransparent";
                case local_zone_static: return "static";
                case local_zone_nodefault: return "nodefault";
+               case local_zone_inform: return "inform";
        }
        return "badtyped"; 
 }
@@ -1227,6 +1252,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t)
                *t = local_zone_typetransparent;
        else if(strcmp(type, "redirect") == 0)
                *t = local_zone_redirect;
+       else if(strcmp(type, "inform") == 0)
+               *t = local_zone_inform;
        else return 0;
        return 1;
 }

diff --git a/services/localzone.h b/services/localzone.h
index 788fbfb3ba2b196c34d1b64dfe075c0242100f4d..29ba8663fd048448d359061473dbaaae127d9c20 100644 (file)
--- a/services/localzone.h
+++ b/services/localzone.h
@@ -49,6 +49,7 @@ struct config_file;
 struct edns_data;
 struct query_info;
 struct sldns_buffer;
+struct comm_reply;
 
 /**
  * Local zone type
@@ -70,7 +71,9 @@ enum localzone_type {
        local_zone_redirect,
        /** remove default AS112 blocking contents for zone
         * nodefault is used in config not during service. */
-       local_zone_nodefault
+       local_zone_nodefault,
+       /** log client address, but no block (transparent) */
+       local_zone_inform
 };
 
 /**
@@ -220,12 +223,14 @@ void local_zones_print(struct local_zones* zones);
  * @param edns: edns info (parsed).
  * @param buf: buffer with query ID and flags, also for reply.
  * @param temp: temporary storage region.
+ * @param repinfo: source address for checks. may be NULL.
  * @return true if answer is in buffer. false if query is not answered 
  * by authority data. If the reply should be dropped altogether, the return 
  * value is true, but the buffer is cleared (empty).
  */
 int local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
-       struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp);
+       struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp,
+       struct comm_reply* repinfo);
 
 /**
  * Parse the string into localzone type.

diff --git a/util/configparser.c b/util/configparser.c
index 6285e3f6f722154c4b570c216a35697466b0fecf..dec876ae306330d983653dac62975c8d9af9fac4 100644 (file)
--- a/util/configparser.c
+++ b/util/configparser.c
@@ -887,14 +887,14 @@ static const yytype_uint16 yyrline[] =
      732,   740,   749,   757,   770,   777,   787,   797,   807,   817,
      827,   837,   847,   854,   861,   870,   879,   888,   895,   905,
      922,   929,   947,   960,   973,   982,   991,  1000,  1010,  1020,
-    1029,  1038,  1045,  1054,  1063,  1072,  1080,  1093,  1101,  1123,
-    1130,  1145,  1155,  1165,  1172,  1179,  1188,  1198,  1205,  1212,
-    1221,  1231,  1241,  1248,  1255,  1264,  1269,  1270,  1271,  1271,
-    1271,  1272,  1272,  1272,  1273,  1275,  1285,  1294,  1301,  1308,
-    1315,  1322,  1329,  1334,  1335,  1336,  1336,  1337,  1337,  1338,
-    1338,  1339,  1340,  1341,  1342,  1343,  1344,  1346,  1354,  1361,
-    1369,  1377,  1384,  1391,  1400,  1409,  1418,  1427,  1436,  1445,
-    1450,  1451,  1452,  1454
+    1029,  1038,  1045,  1054,  1063,  1072,  1080,  1093,  1101,  1124,
+    1131,  1146,  1156,  1166,  1173,  1180,  1189,  1199,  1206,  1213,
+    1222,  1232,  1242,  1249,  1256,  1265,  1270,  1271,  1272,  1272,
+    1272,  1273,  1273,  1273,  1274,  1276,  1286,  1295,  1302,  1309,
+    1316,  1323,  1330,  1335,  1336,  1337,  1337,  1338,  1338,  1339,
+    1339,  1340,  1341,  1342,  1343,  1344,  1345,  1347,  1355,  1362,
+    1370,  1378,  1385,  1392,  1401,  1410,  1419,  1428,  1437,  1446,
+    1451,  1452,  1453,  1455
 };
 #endif
 
@@ -3397,10 +3397,11 @@ yyreduce:
                if(strcmp((yyvsp[(3) - (3)].str), "static")!=0 && strcmp((yyvsp[(3) - (3)].str), "deny")!=0 &&
                   strcmp((yyvsp[(3) - (3)].str), "refuse")!=0 && strcmp((yyvsp[(3) - (3)].str), "redirect")!=0 &&
                   strcmp((yyvsp[(3) - (3)].str), "transparent")!=0 && strcmp((yyvsp[(3) - (3)].str), "nodefault")!=0
-                  && strcmp((yyvsp[(3) - (3)].str), "typetransparent")!=0)
+                  && strcmp((yyvsp[(3) - (3)].str), "typetransparent")!=0 &&
+                  strcmp((yyvsp[(3) - (3)].str), "inform")!=0)
                        yyerror("local-zone type: expected static, deny, "
                                "refuse, redirect, transparent, "
-                               "typetransparent or nodefault");
+                               "typetransparent, inform or nodefault");
                else if(strcmp((yyvsp[(3) - (3)].str), "nodefault")==0) {
                        if(!cfg_strlist_insert(&cfg_parser->cfg->
                                local_zones_nodefault, (yyvsp[(2) - (3)].str)))
@@ -3416,7 +3417,7 @@ yyreduce:
 
   case 229:
 /* Line 1792 of yacc.c  */
-#line 1124 "./util/configparser.y"
+#line 1125 "./util/configparser.y"
     {
                OUTYY(("P(server_local_data:%s)\n", (yyvsp[(2) - (2)].str)));
                if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[(2) - (2)].str)))
@@ -3426,7 +3427,7 @@ yyreduce:
 
   case 230:
 /* Line 1792 of yacc.c  */
-#line 1131 "./util/configparser.y"
+#line 1132 "./util/configparser.y"
     {
                char* ptr;
                OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[(2) - (2)].str)));
@@ -3444,7 +3445,7 @@ yyreduce:
 
   case 231:
 /* Line 1792 of yacc.c  */
-#line 1146 "./util/configparser.y"
+#line 1147 "./util/configparser.y"
     {
                OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3457,7 +3458,7 @@ yyreduce:
 
   case 232:
 /* Line 1792 of yacc.c  */
-#line 1156 "./util/configparser.y"
+#line 1157 "./util/configparser.y"
     {
                OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3470,7 +3471,7 @@ yyreduce:
 
   case 233:
 /* Line 1792 of yacc.c  */
-#line 1166 "./util/configparser.y"
+#line 1167 "./util/configparser.y"
     {
                OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[(2) - (2)].str)));
                cfg_parser->cfg->max_udp_size = atoi((yyvsp[(2) - (2)].str));
@@ -3480,7 +3481,7 @@ yyreduce:
 
   case 234:
 /* Line 1792 of yacc.c  */
-#line 1173 "./util/configparser.y"
+#line 1174 "./util/configparser.y"
     {
                OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->dns64_prefix);
@@ -3490,7 +3491,7 @@ yyreduce:
 
   case 235:
 /* Line 1792 of yacc.c  */
-#line 1180 "./util/configparser.y"
+#line 1181 "./util/configparser.y"
     {
                OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3502,7 +3503,7 @@ yyreduce:
 
   case 236:
 /* Line 1792 of yacc.c  */
-#line 1189 "./util/configparser.y"
+#line 1190 "./util/configparser.y"
     {
                OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
                if(cfg_parser->cfg->stubs->name)
@@ -3515,7 +3516,7 @@ yyreduce:
 
   case 237:
 /* Line 1792 of yacc.c  */
-#line 1199 "./util/configparser.y"
+#line 1200 "./util/configparser.y"
     {
                OUTYY(("P(stub-host:%s)\n", (yyvsp[(2) - (2)].str)));
                if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[(2) - (2)].str)))
@@ -3525,7 +3526,7 @@ yyreduce:
 
   case 238:
 /* Line 1792 of yacc.c  */
-#line 1206 "./util/configparser.y"
+#line 1207 "./util/configparser.y"
     {
                OUTYY(("P(stub-addr:%s)\n", (yyvsp[(2) - (2)].str)));
                if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[(2) - (2)].str)))
@@ -3535,7 +3536,7 @@ yyreduce:
 
   case 239:
 /* Line 1792 of yacc.c  */
-#line 1213 "./util/configparser.y"
+#line 1214 "./util/configparser.y"
     {
                OUTYY(("P(stub-first:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3547,7 +3548,7 @@ yyreduce:
 
   case 240:
 /* Line 1792 of yacc.c  */
-#line 1222 "./util/configparser.y"
+#line 1223 "./util/configparser.y"
     {
                OUTYY(("P(stub-prime:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3560,7 +3561,7 @@ yyreduce:
 
   case 241:
 /* Line 1792 of yacc.c  */
-#line 1232 "./util/configparser.y"
+#line 1233 "./util/configparser.y"
     {
                OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
                if(cfg_parser->cfg->forwards->name)
@@ -3573,7 +3574,7 @@ yyreduce:
 
   case 242:
 /* Line 1792 of yacc.c  */
-#line 1242 "./util/configparser.y"
+#line 1243 "./util/configparser.y"
     {
                OUTYY(("P(forward-host:%s)\n", (yyvsp[(2) - (2)].str)));
                if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[(2) - (2)].str)))
@@ -3583,7 +3584,7 @@ yyreduce:
 
   case 243:
 /* Line 1792 of yacc.c  */
-#line 1249 "./util/configparser.y"
+#line 1250 "./util/configparser.y"
     {
                OUTYY(("P(forward-addr:%s)\n", (yyvsp[(2) - (2)].str)));
                if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[(2) - (2)].str)))
@@ -3593,7 +3594,7 @@ yyreduce:
 
   case 244:
 /* Line 1792 of yacc.c  */
-#line 1256 "./util/configparser.y"
+#line 1257 "./util/configparser.y"
     {
                OUTYY(("P(forward-first:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3605,7 +3606,7 @@ yyreduce:
 
   case 245:
 /* Line 1792 of yacc.c  */
-#line 1265 "./util/configparser.y"
+#line 1266 "./util/configparser.y"
     { 
                OUTYY(("\nP(remote-control:)\n")); 
        }
@@ -3613,7 +3614,7 @@ yyreduce:
 
   case 255:
 /* Line 1792 of yacc.c  */
-#line 1276 "./util/configparser.y"
+#line 1277 "./util/configparser.y"
     {
                OUTYY(("P(control_enable:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3626,7 +3627,7 @@ yyreduce:
 
   case 256:
 /* Line 1792 of yacc.c  */
-#line 1286 "./util/configparser.y"
+#line 1287 "./util/configparser.y"
     {
                OUTYY(("P(control_port:%s)\n", (yyvsp[(2) - (2)].str)));
                if(atoi((yyvsp[(2) - (2)].str)) == 0)
@@ -3638,7 +3639,7 @@ yyreduce:
 
   case 257:
 /* Line 1792 of yacc.c  */
-#line 1295 "./util/configparser.y"
+#line 1296 "./util/configparser.y"
     {
                OUTYY(("P(control_interface:%s)\n", (yyvsp[(2) - (2)].str)));
                if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[(2) - (2)].str)))
@@ -3648,7 +3649,7 @@ yyreduce:
 
   case 258:
 /* Line 1792 of yacc.c  */
-#line 1302 "./util/configparser.y"
+#line 1303 "./util/configparser.y"
     {
                OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->server_key_file);
@@ -3658,7 +3659,7 @@ yyreduce:
 
   case 259:
 /* Line 1792 of yacc.c  */
-#line 1309 "./util/configparser.y"
+#line 1310 "./util/configparser.y"
     {
                OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->server_cert_file);
@@ -3668,7 +3669,7 @@ yyreduce:
 
   case 260:
 /* Line 1792 of yacc.c  */
-#line 1316 "./util/configparser.y"
+#line 1317 "./util/configparser.y"
     {
                OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->control_key_file);
@@ -3678,7 +3679,7 @@ yyreduce:
 
   case 261:
 /* Line 1792 of yacc.c  */
-#line 1323 "./util/configparser.y"
+#line 1324 "./util/configparser.y"
     {
                OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->control_cert_file);
@@ -3688,7 +3689,7 @@ yyreduce:
 
   case 262:
 /* Line 1792 of yacc.c  */
-#line 1330 "./util/configparser.y"
+#line 1331 "./util/configparser.y"
     {
                OUTYY(("\nP(dnstap:)\n"));
        }
@@ -3696,7 +3697,7 @@ yyreduce:
 
   case 277:
 /* Line 1792 of yacc.c  */
-#line 1347 "./util/configparser.y"
+#line 1348 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3707,7 +3708,7 @@ yyreduce:
 
   case 278:
 /* Line 1792 of yacc.c  */
-#line 1355 "./util/configparser.y"
+#line 1356 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->dnstap_socket_path);
@@ -3717,7 +3718,7 @@ yyreduce:
 
   case 279:
 /* Line 1792 of yacc.c  */
-#line 1362 "./util/configparser.y"
+#line 1363 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3728,7 +3729,7 @@ yyreduce:
 
   case 280:
 /* Line 1792 of yacc.c  */
-#line 1370 "./util/configparser.y"
+#line 1371 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3739,7 +3740,7 @@ yyreduce:
 
   case 281:
 /* Line 1792 of yacc.c  */
-#line 1378 "./util/configparser.y"
+#line 1379 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->dnstap_identity);
@@ -3749,7 +3750,7 @@ yyreduce:
 
   case 282:
 /* Line 1792 of yacc.c  */
-#line 1385 "./util/configparser.y"
+#line 1386 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->dnstap_version);
@@ -3759,7 +3760,7 @@ yyreduce:
 
   case 283:
 /* Line 1792 of yacc.c  */
-#line 1392 "./util/configparser.y"
+#line 1393 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3771,7 +3772,7 @@ yyreduce:
 
   case 284:
 /* Line 1792 of yacc.c  */
-#line 1401 "./util/configparser.y"
+#line 1402 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3783,7 +3784,7 @@ yyreduce:
 
   case 285:
 /* Line 1792 of yacc.c  */
-#line 1410 "./util/configparser.y"
+#line 1411 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3795,7 +3796,7 @@ yyreduce:
 
   case 286:
 /* Line 1792 of yacc.c  */
-#line 1419 "./util/configparser.y"
+#line 1420 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3807,7 +3808,7 @@ yyreduce:
 
   case 287:
 /* Line 1792 of yacc.c  */
-#line 1428 "./util/configparser.y"
+#line 1429 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3819,7 +3820,7 @@ yyreduce:
 
   case 288:
 /* Line 1792 of yacc.c  */
-#line 1437 "./util/configparser.y"
+#line 1438 "./util/configparser.y"
     {
                OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[(2) - (2)].str)));
                if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
@@ -3831,7 +3832,7 @@ yyreduce:
 
   case 289:
 /* Line 1792 of yacc.c  */
-#line 1446 "./util/configparser.y"
+#line 1447 "./util/configparser.y"
     { 
                OUTYY(("\nP(python:)\n")); 
        }
@@ -3839,7 +3840,7 @@ yyreduce:
 
   case 293:
 /* Line 1792 of yacc.c  */
-#line 1455 "./util/configparser.y"
+#line 1456 "./util/configparser.y"
     {
                OUTYY(("P(python-script:%s)\n", (yyvsp[(2) - (2)].str)));
                free(cfg_parser->cfg->python_script);
@@ -3849,7 +3850,7 @@ yyreduce:
 
 
 /* Line 1792 of yacc.c  */
-#line 3853 "util/configparser.c"
+#line 3854 "util/configparser.c"
       default: break;
     }
   /* User semantic actions sometimes alter yychar, and that requires
@@ -4081,7 +4082,7 @@ yyreturn:
 
 
 /* Line 2055 of yacc.c  */
-#line 1460 "./util/configparser.y"
+#line 1461 "./util/configparser.y"
 
 
 /* parse helper routines could be here */

diff --git a/util/configparser.y b/util/configparser.y
index 7a92d9ee7899ea604db1f699a5ea5d5b9b413338..05f0c6cf3486ed854f1d85c7f97ffc8a47448d40 100644 (file)
--- a/util/configparser.y
+++ b/util/configparser.y
@@ -1104,10 +1104,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
                if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
                   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
                   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
-                  && strcmp($3, "typetransparent")!=0)
+                  && strcmp($3, "typetransparent")!=0 &&
+                  strcmp($3, "inform")!=0)
                        yyerror("local-zone type: expected static, deny, "
                                "refuse, redirect, transparent, "
-                               "typetransparent or nodefault");
+                               "typetransparent, inform or nodefault");
                else if(strcmp($3, "nodefault")==0) {
                        if(!cfg_strlist_insert(&cfg_parser->cfg->
                                local_zones_nodefault, $2))