grammar: help parsers understand that denial-of-existence is a thing

diff --git a/docs/dnssec/modes-of-operation.rst b/docs/dnssec/modes-of-operation.rst
index 487784d93cf178464170fbf842e5b69630458dd8..b1c647219996cf3897f1ee3f999bb522b922bcaf 100644 (file)
--- a/docs/dnssec/modes-of-operation.rst
+++ b/docs/dnssec/modes-of-operation.rst
@@ -55,7 +55,7 @@ records, lives with the DNSSEC keying material.
 (Hashed) Denial of Existence
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-PowerDNS supports unhashed secure denial of existence using NSEC
+PowerDNS supports unhashed secure denial-of-existence using NSEC
 records. These are generated with the help of the (database) backend,
 which needs to be able to supply the 'previous' and 'next' records in
 canonical ordering.
@@ -63,7 +63,7 @@ canonical ordering.
 The Generic SQL Backends have fields that allow them to supply these
 relative record names.
 
-In addition, hashed secure denial of existence is supported using NSEC3
+In addition, hashed secure denial-of-existence is supported using NSEC3
 records, in two modes, one with help from the database, the other with
 the help of some additional calculations.
 
@@ -72,7 +72,7 @@ where the backend should be able to supply the previous and next domain
 names in hashed order.
 
 NSEC3 in 'narrow' mode uses additional hashing calculations to provide
-hashed secure denial of existence 'on the fly', without further
+hashed secure denial-of-existence 'on the fly', without further
 involving the database.
 
 .. _dnssec-signatures: