Deduplicate {use,avoid}-v{4,6}-udp-ports definitions in the ARM

Statements affected:
use-v4-udp-ports
use-v6-udp-ports
avoid-v4-udp-ports
avoid-v6-udp-ports

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index c48662bd668ccfd79397d8a5fcc3be105630027f..ecee2c3eb4581018e3b017ded5440a09de16d310 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3003,21 +3003,6 @@ Query Address
    ``query-source-v6`` option. If ``address`` is ``*`` (asterisk) or is
    omitted, a wildcard IP address (``INADDR_ANY``) is used.
 
-.. namedconf:statement:: use-v4-udp-ports
-.. namedconf:statement:: use-v6-udp-ports
-
-   If ``port`` is ``*`` or is omitted, a random port number from a
-   pre-configured range is picked up and used for each query. The
-   port range(s) is specified in the ``use-v4-udp-ports`` (for IPv4)
-   and ``use-v6-udp-ports`` (for IPv6) options.
-
-.. namedconf:statement:: avoid-v4-udp-ports
-.. namedconf:statement:: avoid-v6-udp-ports
-
-   The ranges excluded from those
-   specified in the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
-   options, respectively.
-
    The defaults of the ``query-source`` and ``query-source-v6`` options
    are:
 
@@ -3026,6 +3011,20 @@ Query Address
       query-source address * port *;
       query-source-v6 address * port *;
 
+   .. note:: The address specified in the ``query-source`` option is used for both
+      UDP and TCP queries, but the port applies only to UDP queries. TCP
+      queries always use a random unprivileged port.
+
+.. namedconf:statement:: use-v4-udp-ports
+.. namedconf:statement:: use-v6-udp-ports
+
+   These statements specify a list of IPv4 and IPv6 UDP ports that
+   are used as source ports for UDP messages.
+
+   If ``port`` is ``*`` or is omitted, a random port number from a
+   pre-configured range is selected and used for each query. The
+   port range(s) are specified in the ``use-v4-udp-ports`` (for IPv4)
+   and ``use-v6-udp-ports`` (for IPv6) options.
 
    If ``use-v4-udp-ports`` or ``use-v6-udp-ports`` is unspecified,
    :iscman:`named` checks whether the operating system provides a programming
@@ -3038,6 +3037,13 @@ Query Address
       use-v4-udp-ports { range 1024 65535; };
       use-v6-udp-ports { range 1024 65535; };
 
+.. namedconf:statement:: avoid-v4-udp-ports
+.. namedconf:statement:: avoid-v6-udp-ports
+
+   These ranges are excluded from those
+   specified in the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
+   options, respectively.
+
    The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
    options are:
 
@@ -3046,6 +3052,26 @@ Query Address
       avoid-v4-udp-ports {};
       avoid-v6-udp-ports {};
 
+   For example, with the following configuration:
+
+   ::
+
+      use-v6-udp-ports { range 32768 65535; };
+      avoid-v6-udp-ports { 40000; range 50000 60000; };
+
+   UDP ports of IPv6 messages sent from :iscman:`named` are in one of the
+   following ranges: 32768 to 39999, 40001 to 49999, or 60001 to 65535.
+
+   ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports`` can be used to prevent
+   :iscman:`named` from choosing as its random source port a port that is blocked
+   by a firewall or that is used by other applications; if a
+   query went out with a source port blocked by a firewall, the answer
+   would not pass through the firewall and the name server would have to query
+   again. Note: the desired range can also be represented only with
+   ``use-v4-udp-ports`` and ``use-v6-udp-ports``, and the ``avoid-``
+   options are redundant in that sense; they are provided for backward
+   compatibility and to possibly simplify the port specification.
+
    .. note:: Make sure the ranges are sufficiently large for security. A
       desirable size depends on several parameters, but we generally recommend
       it contain at least 16384 ports (14 bits of entropy). Note also that the
@@ -3065,10 +3091,6 @@ Query Address
       set of ports that can be safely used in the expected operational
       environment.
 
-   .. note:: The address specified in the ``query-source`` option is used for both
-      UDP and TCP queries, but the port applies only to UDP queries. TCP
-      queries always use a random unprivileged port.
-
    .. warning:: Specifying a single port is discouraged, as it removes a layer of
       protection against spoofing errors.
 
@@ -3275,38 +3297,6 @@ options apply to zone transfers.
    This option acts like ``notify-source``, but applies to notify messages sent to IPv6
    addresses.
 
-.. _port_lists:
-
-UDP Port Lists
-^^^^^^^^^^^^^^
-.. namedconf:statement:: use-v4-udp-ports
-.. namedconf:statement:: avoid-v4-udp-ports
-.. namedconf:statement:: use-v6-udp-ports
-.. namedconf:statement:: avoid-v6-udp-ports
-
-   These statements specify a list of IPv4 and IPv6 UDP ports that
-   are or are not used as source ports for UDP messages. See
-   :ref:`query_address` about how the available ports are
-   determined. For example, with the following configuration:
-
-   ::
-
-      use-v6-udp-ports { range 32768 65535; };
-      avoid-v6-udp-ports { 40000; range 50000 60000; };
-
-   UDP ports of IPv6 messages sent from :iscman:`named` are in one of the
-   following ranges: 32768 to 39999, 40001 to 49999, and 60001 to 65535.
-
-   ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports`` can be used to prevent
-   :iscman:`named` from choosing as its random source port a port that is blocked
-   by a firewall or a port that is used by other applications; if a
-   query went out with a source port blocked by a firewall, the answer
-   would not pass through the firewall and the name server would have to query
-   again. Note: the desired range can also be represented only with
-   ``use-v4-udp-ports`` and ``use-v6-udp-ports``, and the ``avoid-``
-   options are redundant in that sense; they are provided for backward
-   compatibility and to possibly simplify the port specification.
-
 .. _resource_limits:
 
 Operating System Resource Limits