diff --git a/docs/refguide.xml b/docs/refguide.xml
index b1c89e317..bdadb07b8 100644
--- a/docs/refguide.xml
+++ b/docs/refguide.xml
@@ -327,6 +327,107 @@ you would expect.
# and extend to the end of the line.
+
+
+
+ (No DNS resolution)
+
+
+
+
+ reverse DNSdisabling with
+ Tells Nmap to never do reverse DNS
+ resolution on the active IP addresses it finds. Since
+ DNS can be slow even with Nmap's built-in parallel stub
+ resolver, this option can slash scanning times.
+
+
+
+
+
+ (DNS resolution for all targets)
+
+
+
+ Tells Nmap to
+ always do reverse DNS
+ resolution on the target IP addresses. Normally reverse DNS is
+ only performed against responsive (online) hosts.
+
+
+
+
+
+ (Scan each resolved address)
+
+
+
+ If a hostname target resolves to more than one address, scan
+ all of them. The default behavior is to only scan the first
+ resolved address. Regardless, only addresses in the appropriate
+ address family will be scanned: IPv4 by default, IPv6 with
+ .
+
+
+
+
+
+
+ (Use system DNS resolver)
+
+
+
+
+ By default, Nmap reverse-resolves IP addresses by sending
+ queries directly to the name servers configured on your host
+ and then listening for responses. Many requests (often
+ dozens) are performed in parallel to improve performance.
+ Specify this option to use your system resolver instead (one
+ IP at a time via the getnameinfo call). This is slower
+ and rarely useful unless you find a bug in the Nmap parallel
+ resolver (please let us know if you do). The system
+ resolver is always used for forward lookups (getting an IP address from a hostname).
+
+
+
+
+
+
+ (Servers to use for reverse DNS queries)
+
+
+
+
+ By default, Nmap determines your DNS servers
+ (for rDNS resolution) from your resolv.conf file (Unix) or
+ the Registry (Win32). Alternatively, you may use this
+ option to specify alternate servers. This option is not
+ honored if you are using .
+ Using multiple DNS servers is often faster,
+ especially if you choose authoritative servers for your
+ target IP space. This option can also improve stealth, as
+ your requests can be bounced off just about any recursive
+ DNS server on the Internet.
+
+ This option also comes in handy when scanning private
+ networks. Sometimes only a few name servers provide
+ proper rDNS information, and you may not even know where
+ they are. You can scan the network for port 53 (perhaps
+ with version detection), then try Nmap list scans
+ () specifying each name server one at a
+ time with until you find one
+ which works.
+
+ This option might not be honored if the DNS response
+ exceeds the size of a UDP packet. In such a situation our DNS
+ resolver will make the best effort to extract a response from the
+ truncated packet, and if not successful it will fall back to
+ using the system resolver. Also, responses that contain CNAME aliases
+ will fall back to the system resolver.
+
+
+
@@ -908,107 +1009,6 @@ Traceroute works by sending packets with a low TTL (time-to-live) in an attempt
-
-
-
- (No DNS resolution)
-
-
-
-
- reverse DNSdisabling with
- Tells Nmap to never do reverse DNS
- resolution on the active IP addresses it finds. Since
- DNS can be slow even with Nmap's built-in parallel stub
- resolver, this option can slash scanning times.
-
-
-
-
-
- (DNS resolution for all targets)
-
-
-
- Tells Nmap to
- always do reverse DNS
- resolution on the target IP addresses. Normally reverse DNS is
- only performed against responsive (online) hosts.
-
-
-
-
-
- (Scan each resolved address)
-
-
-
- If a hostname target resolves to more than one address, scan
- all of them. The default behavior is to only scan the first
- resolved address. Regardless, only addresses in the appropriate
- address family will be scanned: IPv4 by default, IPv6 with
- .
-
-
-
-
-
-
- (Use system DNS resolver)
-
-
-
-
- By default, Nmap reverse-resolves IP addresses by sending
- queries directly to the name servers configured on your host
- and then listening for responses. Many requests (often
- dozens) are performed in parallel to improve performance.
- Specify this option to use your system resolver instead (one
- IP at a time via the getnameinfo call). This is slower
- and rarely useful unless you find a bug in the Nmap parallel
- resolver (please let us know if you do). The system
- resolver is always used for forward lookups (getting an IP address from a hostname).
-
-
-
-
-
-
- (Servers to use for reverse DNS queries)
-
-
-
-
- By default, Nmap determines your DNS servers
- (for rDNS resolution) from your resolv.conf file (Unix) or
- the Registry (Win32). Alternatively, you may use this
- option to specify alternate servers. This option is not
- honored if you are using .
- Using multiple DNS servers is often faster,
- especially if you choose authoritative servers for your
- target IP space. This option can also improve stealth, as
- your requests can be bounced off just about any recursive
- DNS server on the Internet.
-
- This option also comes in handy when scanning private
- networks. Sometimes only a few name servers provide
- proper rDNS information, and you may not even know where
- they are. You can scan the network for port 53 (perhaps
- with version detection), then try Nmap list scans
- () specifying each name server one at a
- time with until you find one
- which works.
-
- This option might not be honored if the DNS response
- exceeds the size of a UDP packet. In such a situation our DNS
- resolver will make the best effort to extract a response from the
- truncated packet, and if not successful it will fall back to
- using the system resolver. Also, responses that contain CNAME aliases
- will fall back to the system resolver.
-
-
-