Move docs for DNS options to target specification from host discovery

[ci skip]

docs/refguide.xml

@@ -327,6 +327,107 @@ you would expect.</para>
           <literal>#</literal> and extend to the end of the line.</para>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>-n</option> (No DNS resolution)
+          <indexterm><primary><option>-n</option></primary></indexterm>
+        </term>
+        <listitem>
+
+          <para><indexterm><primary>reverse DNS</primary><secondary>disabling with <option>-n</option></secondary></indexterm>
+          Tells Nmap to <emphasis>never</emphasis> do reverse DNS
+          resolution on the active IP addresses it finds. Since
+          DNS can be slow even with Nmap's built-in parallel stub
+          resolver, this option can slash scanning times.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>-R</option> (DNS resolution for all targets)
+          <indexterm><primary><option>-R</option></primary></indexterm>
+        </term>
+        <listitem>
+          <para>Tells Nmap to 
+          <emphasis>always</emphasis> do reverse DNS
+          resolution on the target IP addresses. Normally reverse DNS is
+          only performed against responsive (online) hosts.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>--resolve-all</option> (Scan each resolved address)
+          <indexterm><primary><option>--resolve-all</option></primary></indexterm>
+        </term>
+        <listitem>
+          <para>If a hostname target resolves to more than one address, scan
+            all of them. The default behavior is to only scan the first
+            resolved address. Regardless, only addresses in the appropriate
+            address family will be scanned: IPv4 by default, IPv6 with
+            <option>-6</option>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>--system-dns</option> (Use system DNS resolver)
+          <indexterm significance="preferred"><primary><option>--system-dns</option></primary></indexterm>
+        </term>
+        <listitem>
+
+          <para>By default, Nmap reverse-resolves IP addresses by sending
+          queries directly to the name servers configured on your host
+          and then listening for responses.  Many requests (often
+          dozens) are performed in parallel to improve performance.
+          Specify this option to use your system resolver instead (one
+          IP at a time via the <function>getnameinfo</function> call).  This is slower
+          and rarely useful unless you find a bug in the Nmap parallel
+          resolver (please let us know if you do).  The system
+          resolver is always used for forward lookups (getting an IP address from a hostname).
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>--dns-servers <replaceable>server1</replaceable><optional>,<replaceable>server2</replaceable><optional>,...</optional></optional>
+          </option> (Servers to use for reverse DNS queries)
+          <indexterm significance="preferred"><primary><option>--dns-servers</option></primary></indexterm>
+        </term>
+        <listitem>
+
+          <para>By default, Nmap determines your DNS servers
+          (for rDNS resolution) from your resolv.conf file (Unix) or
+          the Registry (Win32).  Alternatively, you may use this
+          option to specify alternate servers.  This option is not
+          honored if you are using <option>--system-dns</option>.
+          Using multiple DNS servers is often faster,
+          especially if you choose authoritative servers for your
+          target IP space.  This option can also improve stealth, as
+          your requests can be bounced off just about any recursive
+          DNS server on the Internet.</para>
+
+          <para>This option also comes in handy when scanning private
+          networks.  Sometimes only a few name servers provide
+          proper rDNS information, and you may not even know where
+          they are.  You can scan the network for port 53 (perhaps
+          with version detection), then try Nmap list scans
+          (<option>-sL</option>) specifying each name server one at a
+          time with <option>--dns-servers</option> until you find one
+          which works.</para>
+
+          <para>This option might not be honored if the DNS response
+          exceeds the size of a UDP packet. In such a situation our DNS
+          resolver will make the best effort to extract a response from the
+          truncated packet, and if not successful it will fall back to
+          using the system resolver. Also, responses that contain CNAME aliases
+          will fall back to the system resolver.</para>
+
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -908,107 +1009,6 @@ Traceroute works by sending packets with a low TTL (time-to-live) in an attempt
 </para>
 </listitem>
 </varlistentry>
-
-      <varlistentry>
-        <term>
-          <option>-n</option> (No DNS resolution)
-          <indexterm><primary><option>-n</option></primary></indexterm>
-        </term>
-        <listitem>
-
-          <para><indexterm><primary>reverse DNS</primary><secondary>disabling with <option>-n</option></secondary></indexterm>
-          Tells Nmap to <emphasis>never</emphasis> do reverse DNS
-          resolution on the active IP addresses it finds. Since
-          DNS can be slow even with Nmap's built-in parallel stub
-          resolver, this option can slash scanning times.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>
-          <option>-R</option> (DNS resolution for all targets)
-          <indexterm><primary><option>-R</option></primary></indexterm>
-        </term>
-        <listitem>
-          <para>Tells Nmap to 
-          <emphasis>always</emphasis> do reverse DNS
-          resolution on the target IP addresses. Normally reverse DNS is
-          only performed against responsive (online) hosts.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>
-          <option>--resolve-all</option> (Scan each resolved address)
-          <indexterm><primary><option>--resolve-all</option></primary></indexterm>
-        </term>
-        <listitem>
-          <para>If a hostname target resolves to more than one address, scan
-            all of them. The default behavior is to only scan the first
-            resolved address. Regardless, only addresses in the appropriate
-            address family will be scanned: IPv4 by default, IPv6 with
-            <option>-6</option>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>
-          <option>--system-dns</option> (Use system DNS resolver)
-          <indexterm significance="preferred"><primary><option>--system-dns</option></primary></indexterm>
-        </term>
-        <listitem>
-
-          <para>By default, Nmap reverse-resolves IP addresses by sending
-          queries directly to the name servers configured on your host
-          and then listening for responses.  Many requests (often
-          dozens) are performed in parallel to improve performance.
-          Specify this option to use your system resolver instead (one
-          IP at a time via the <function>getnameinfo</function> call).  This is slower
-          and rarely useful unless you find a bug in the Nmap parallel
-          resolver (please let us know if you do).  The system
-          resolver is always used for forward lookups (getting an IP address from a hostname).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>
-          <option>--dns-servers <replaceable>server1</replaceable><optional>,<replaceable>server2</replaceable><optional>,...</optional></optional>
-          </option> (Servers to use for reverse DNS queries)
-          <indexterm significance="preferred"><primary><option>--dns-servers</option></primary></indexterm>
-        </term>
-        <listitem>
-
-          <para>By default, Nmap determines your DNS servers
-          (for rDNS resolution) from your resolv.conf file (Unix) or
-          the Registry (Win32).  Alternatively, you may use this
-          option to specify alternate servers.  This option is not
-          honored if you are using <option>--system-dns</option>.
-          Using multiple DNS servers is often faster,
-          especially if you choose authoritative servers for your
-          target IP space.  This option can also improve stealth, as
-          your requests can be bounced off just about any recursive
-          DNS server on the Internet.</para>
-
-          <para>This option also comes in handy when scanning private
-          networks.  Sometimes only a few name servers provide
-          proper rDNS information, and you may not even know where
-          they are.  You can scan the network for port 53 (perhaps
-          with version detection), then try Nmap list scans
-          (<option>-sL</option>) specifying each name server one at a
-          time with <option>--dns-servers</option> until you find one
-          which works.</para>
-
-          <para>This option might not be honored if the DNS response
-          exceeds the size of a UDP packet. In such a situation our DNS
-          resolver will make the best effort to extract a response from the
-          truncated packet, and if not successful it will fall back to
-          using the system resolver. Also, responses that contain CNAME aliases
-          will fall back to the system resolver.</para>
-
-        </listitem>
-      </varlistentry>
     </variablelist>
     <indexterm class="endofrange" startref="man-host-discovery-indexterm"/>
   </refsect1>