diff --git a/VerifyHostKeyDNS.org b/VerifyHostKeyDNS.org
index 607e96e..b8b92f0 100644
--- a/VerifyHostKeyDNS.org
+++ b/VerifyHostKeyDNS.org
@@ -60,7 +60,7 @@ fingerprint/. What the documentation means is that a DNS answer for
 SSHFP needs to have the /Authentic Data (AD)/ flag set. The flag gets
 set by a validating name-server if it can DNSSEC validate the SSHFP.
 
-But then the libc stub resolver[fn:: The thingy[fn:: Thingy is a
+But when the libc stub resolver[fn:: The thingy[fn:: Thingy is a
 technical term, don't worry about it.] that ssh uses to talk
 to the validating name-server. On OpenBSD that is [[https://man.openbsd.org/man3/asr_run.3][asr]].] gets that
 answer it will strip the AD flag for security reasons. You see, it