acro

Author: vhorne

articles/firewall/dns-details.md

@@ -21,7 +21,7 @@ Azure Firewall acts as a standard DNS client. If multiple A records are in the r
 
 ## FQDN Time to Live (TTL)
 
-When a FQDN TTL (time-to-live) is about to expire,  records are cached and expired according to their TTLs. Pre-fetching isn't used, so the firewall doesn't do a lookup prior to TTL expiration to refresh the record.
+When a FQDN TTL (time-to-live) is about to expire,  records are cached and expired according to their TTLs. Pre-fetching isn't used, so the firewall doesn't do a lookup before TTL expiration to refresh the record.
 
 ## Clients not configured to use the firewall DNS proxy
 
@@ -31,7 +31,7 @@ For example, assume a client workload is in US East, and uses a primary DNS serv
 
 This is a common scenario, and why clients should use the firewall’s DNS proxy functionality. Clients should use the  firewall as their resolver if you use FQDNs in Network rules. You can ensure IP address resolution consistency by clients and the firewall itself.
 
-In this example, if an FQDN is configured in Network rules, the firewall resolves the FQDN to IP1 (IP address 1) and updates the network rules to allow access to IP1. If and when the client resolves the same FQDN to IP2 because of a difference in DNS response, its connection attempt won't match the rules on the firewall and will be denied. 
+In this example, if an FQDN is configured in Network rules, the firewall resolves the FQDN to IP1 (IP address 1) and updates the network rules to allow access to IP1. If and when the client resolves the same FQDN to IP2 because of a difference in DNS response, its connection attempt won't match the rules on the firewall and is denied. 
 
 For HTTP/S FQDNs in Application rules, the firewall parses out the FQDN from the host or SNI header, resolves it, and then connects to that IP address. The destination IP address the client was trying to connect to is ignored.