diff --git a/VerifyHostKeyDNS.org b/VerifyHostKeyDNS.org
index 22092ab..35c6b44 100644
--- a/VerifyHostKeyDNS.org
+++ b/VerifyHostKeyDNS.org
@@ -41,7 +41,7 @@ can secure those with DNSSEC.
 [[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh​_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify
 host-keys:
 
-+ VerifyHostKeyDNS :: Specifies whether to verify the remote key using
++ *VerifyHostKeyDNS* :: Specifies whether to verify the remote key using
   DNS and SSHFP resource records.  If this option is set to yes, the
   client will implicitly trust keys that match a secure fingerprint
   from DNS.  Insecure fingerprints will be handled as if this option
@@ -70,7 +70,7 @@ have a trustworthy validating name-server is to run one on localhost.
 
 [[http://man.openbsd.org/resolv.conf#trust-ad][resolv.conf(5)]] explains the *trust-ad* option:
 
-+ trust-ad :: A name server indicating that it performed DNSSEC
++ *trust-ad* :: A name server indicating that it performed DNSSEC
   validation by setting the Authentic Data (AD) flag in the answer can
   only be trusted if the name server itself is trusted and the network
   path is trusted.  Generally this is not the case and the AD flag is