Fix headings, whitespace

Fixed headings around "Secure Updates" .
Also fixed a couple of whitespace issues.

docs/tutorials/rfc2136.md

@@ -6,9 +6,8 @@ To use external-dns with BIND: generate/procure a key, configure DNS and add a
 deployment of external-dns.
 
 ### Server credentials:
-- RFC2136 was developed for and tested with
+- RFC2136 was developed for and tested with [BIND](https://www.isc.org/downloads/bind/) DNS server.
-[BIND](https://www.isc.org/downloads/bind/) DNS server. This documentation
+This documentation assumes that you already have a configured and working server. If you don't,
-assumes that you already have a configured and working server. If you don't,
 please check BIND documents or tutorials.
 - If your DNS is provided for you, ask for a TSIG key authorized to update and
 transfer the zone you wish to update. The key will look something like below.
@@ -134,7 +133,11 @@ tutorial and are covered in the main documentation.
 
 ### Test with external-dns installed on local machine (optional)
 You may install external-dns and test on a local machine by running:
-```external-dns --txt-owner-id k8s --provider rfc2136 --rfc2136-host=192.168.0.1 --rfc2136-port=53 --rfc2136-zone=k8s.example.org --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8= --rfc2136-tsig-secret-alg=hmac-sha256 --rfc2136-tsig-keyname=externaldns-key --rfc2136-tsig-axfr --source ingress --once --domain-filter=k8s.example.org --dry-run```
+
+```
+external-dns --txt-owner-id k8s --provider rfc2136 --rfc2136-host=192.168.0.1 --rfc2136-port=53 --rfc2136-zone=k8s.example.org --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8= --rfc2136-tsig-secret-alg=hmac-sha256 --rfc2136-tsig-keyname=externaldns-key --rfc2136-tsig-axfr --source ingress --once --domain-filter=k8s.example.org --dry-run
+```
+
 - host should be the IP of your master DNS server.
 - tsig-secret should be changed to match your secret.
 - tsig-keyname needs to match the keyname you used (if you changed it).
@@ -309,7 +312,7 @@ You'll want to configure `external-dns` similarly to the following:
 
 ### Secure Updates Using RFC3645 (GSS-TSIG)
 
-### DNS-side configuration
+#### DNS-side configuration
 
 1. Create a DNS zone
 2. Enable secure dynamic updates for the zone
@@ -318,7 +321,7 @@ You'll want to configure `external-dns` similarly to the following:
 If you see any error messages which indicate that `external-dns` was somehow not able to fetch
 existing DNS records from your DNS server, this could mean that you forgot about step 3.
 
-#### Kerberos Configuration
+##### Kerberos Configuration
 
 DNS with secure updates relies upon a valid Kerberos configuration running within the `external-dns` container.  At this time, you will need to create a ConfigMap for the `external-dns` container to use and mount it in your deployment.  Below is an example of a working Kerberos configuration inside a ConfigMap definition.  This may be different depending on many factors in your environment:
 
@@ -356,8 +359,7 @@ data:
     yourdomain.com = YOUR-REALM.COM
     .yourdomain.com = YOUR-REALM.COM
 ```
-In most cases, the realm name will probably be the same as the domain name, so you can simply replace
+In most cases, the realm name will probably be the same as the domain name, so you can simply replace `YOUR-REALM.COM` with something like `YOURDOMAIN.COM`.
-`YOUR-REALM.COM` with something like `YOURDOMAIN.COM`.
 
 Once the ConfigMap is created, the container `external-dns` container needs to be told to mount that ConfigMap as a volume at the default Kerberos configuration location.  The pod spec should include a similar configuration to the following:
 
@@ -376,7 +378,7 @@ Once the ConfigMap is created, the container `external-dns` container needs to b
 ...
 ```
 
-#### `external-dns` configuration
+##### `external-dns` configuration
 
 You'll want to configure `external-dns` similarly to the following: