Reword the last section

VerifyHostKeyDNS.org

@@ -102,22 +102,23 @@ On the installed machine I use said out of band access to run
 #+begin_src shell
   ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub
 #+end_src
-This gives me one ssh host-key fingerprint and I can then login over
-ssh.
+This gives me one ssh host-key fingerprint and I can login over ssh.
+
+I have to add IPv6 and legacy-IP addresses to DNS for the machine so I
+also grab the SSHFP to add them at the same time:
 
-I then run
 #+begin_src shell
   ls /etc/ssh/*.pub | xargs -n1 ssh-keygen -r $(hostname) -f
 #+end_src
-and copy & paste the result into my DNS zone file along side A and
-AAAA records for legacy IP and IPv6. I use [[https://www.powerdns.com/][PowerDNS]] as a hidden DNSSEC
-signer so I paste into the editor ~pdnsutil edit-zone~
-provides.
 
-While still logged in I install python3 and add an ssh-key for
+While still logged in, I install python3 and add an ssh-key for
 ansible. I then add the host to the ansible inventory. The ansible
 orchestrator can now finish the installation of the host over ssh
 while trusting the SSHFP it finds in DNS.
 
+Ansible also hooks up the host to my monitoring system and the
+monitoring system can connect to the new host over ssh, again trusting
+that it talks to the correct host because of SSHFP in DNS.
+
 The newly installed host knows that it's talking to my backup and
 monitoring server using their published SSHFP records.