1 files changed, 55 insertions, 0 deletions
diff --git a/util/config_file.h b/util/config_file.h
index 5d9b2d0be15e..2e1c53ee0733 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -42,6 +42,7 @@
 #ifndef UTIL_CONFIG_FILE_H
 #define UTIL_CONFIG_FILE_H
 struct config_stub;
+struct config_auth;
 struct config_view;
 struct config_strlist;
 struct config_str2list;
@@ -99,6 +100,8 @@ struct config_file {
 	int ssl_port;
 	/** if outgoing tcp connections use SSL */
 	int ssl_upstream;
+	/** cert bundle for outgoing connections */
+	char* tls_cert_bundle;
 
 	/** outgoing port range number of ports (per thread) */
 	int outgoing_num_ports;
@@ -170,6 +173,8 @@ struct config_file {
 	struct config_stub* stubs;
 	/** the forward zone definitions, linked list */
 	struct config_stub* forwards;
+	/** the auth zone definitions, linked list */
+	struct config_auth* auths;
 	/** the views definitions, linked list */
 	struct config_view* views;
 	/** list of donotquery addresses, linked list */
@@ -297,6 +302,8 @@ struct config_file {
 	int val_log_squelch;
 	/** should validator allow bogus messages to go through */
 	int val_permissive_mode;
+	/** use cached NSEC records to synthesise (negative) answers */
+	int aggressive_nsec;
 	/** ignore the CD flag in incoming queries and refuse them bogus data */
 	int ignore_cd;
 	/** serve expired entries and prefetch them */
@@ -466,6 +473,10 @@ struct config_file {
 	struct config_strlist* dnscrypt_secret_key;
 	/** dnscrypt provider certs 1.cert */
 	struct config_strlist* dnscrypt_provider_cert;
+	/** dnscrypt provider certs 1.cert which have been rotated and should not be
+	* advertised through DNS's providername TXT record but are required to be
+	* able to handle existing traffic using the old cert. */
+	struct config_strlist* dnscrypt_provider_cert_rotated;
 	/** memory size in bytes for dnscrypt shared secrets cache */
 	size_t dnscrypt_shared_secret_cache_size;
 	/** number of slabs for dnscrypt shared secrets cache */
@@ -527,6 +538,29 @@ struct config_stub {
 };
 
 /**
+ * Auth config options
+ */
+struct config_auth {
+	/** next in list */
+	struct config_auth* next;
+	/** domain name (in text) of the auth apex domain */
+	char* name;
+	/** list of masters */
+	struct config_strlist* masters;
+	/** list of urls */
+	struct config_strlist* urls;
+	/** zonefile (or NULL) */
+	char* zonefile;
+	/** provide downstream answers */
+	int for_downstream;
+	/** provide upstream answers */
+	int for_upstream;
+	/** fallback to recursion to authorities if zone expired and other
+	 * reasons perhaps (like, query bogus) */
+	int fallback_enabled;
+};
+
+/**
  * View config options
  */
 struct config_view {
@@ -721,6 +755,15 @@ char* config_collate_cat(struct config_strlist* list);
 int cfg_strlist_append(struct config_strlist_head* list, char* item);
 
 /**
+ * Find string in strlist.
+ * @param head: pointer to strlist head variable.
+ * @param item: the item to search for.
+ * @return: the element in the list when found, NULL otherwise.
+ */
+struct config_strlist* cfg_strlist_find(struct config_strlist* head,
+	const char* item);
+
+/**
  * Insert string into strlist.
  * @param head: pointer to strlist head variable.
  * @param item: new item. malloced by caller. If NULL the insertion fails.
@@ -808,6 +851,18 @@ void config_delstub(struct config_stub* p);
 void config_delstubs(struct config_stub* list);
 
 /**
+ * Delete an auth item
+ * @param p: auth item
+ */
+void config_delauth(struct config_auth* p);
+
+/**
+ * Delete items in config auth list.
+ * @param list: list.
+ */
+void config_delauths(struct config_auth* list);
+
+/**
  * Delete a view item
  * @param p: view item
  */