[Architecture Center] Copyedits to RAD (#17863)

crwaters16 · web-flow · commit aa06b124e9a9 · 2024-11-11T15:20:20.000-05:00
* copyedits to RAD

* Update src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx
diff --git a/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx b/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx
@@ -11,11 +11,11 @@ updated: 2024-10-25
 
 ## Introduction
 
-Internet service providers are constantly exploring new revenue opportunities to expand their business, and many are now turning to security as a value-added service alongside their connectivity offerings. Traditionally, integrating security with connectivity posed significant challenges due to the reliance on legacy solutions that required costly on-premises hardware. This makes it difficult to deploy and manage, and introduce post-deployment struggles with scalability and availability.
+Internet service providers are constantly exploring new revenue opportunities to expand their business, and many are now turning to security as a value-added service alongside their connectivity offerings. Traditionally, integrating security with connectivity posed significant challenges due to the reliance on legacy solutions that required costly on-premises hardware. This makes it difficult to deploy and manage and introduces post-deployment struggles with scalability and availability.
 
-Today, these limitations can be addressed through cloud-based solutions like [Cloudflare Gateway](/cloudflare-one/policies/gateway/), our Secure Web Gateway service. Cloudflare Gateway's DNS filtering capabilities allow service providers to offer enhanced security as a value-added service for residential and mobile subscribers or B2B clients. With easy-to-create policies backed by Cloudflare's [extensive threat intelligence](https://www.cloudflare.com/en-gb/security/), service providers can effectively safeguard their customers from accessing potentially [harmful domains](/cloudflare-one/policies/gateway/domain-categories/#security-categories).
+Today these limitations can be addressed through cloud-based solutions like [Cloudflare Gateway](/cloudflare-one/policies/gateway/), our Secure Web Gateway service. Cloudflare Gateway's DNS filtering capabilities allow service providers to offer enhanced security as a value-added service for residential and mobile subscribers or B2B clients. With easy-to-create policies backed by Cloudflare's [extensive threat intelligence](https://www.cloudflare.com/en-gb/security/), service providers can effectively safeguard their customers from accessing potentially [harmful domains](/cloudflare-one/policies/gateway/domain-categories/#security-categories).
 
-Moreover, Cloudflare Gateway eliminates concerns around availability, performance, and scalability, as it is built on [Cloudflare's 1.1.1.1 public DNS resolver](/1.1.1.1/), one of the [fastest](https://www.dnsperf.com/#!dns-providers) and most widely used DNS resolvers in the world.
+Moreover, Cloudflare Gateway eliminates concerns around availability, performance, and scalability, as it is built on [Cloudflare's 1.1.1.1 public DNS resolver](/1.1.1.1/), one of the [fastest](https://www.dnsperf.com/#!dns-providers) and most widely-used DNS resolvers in the world.
 
 Furthermore, this solution opens up opportunities for developing additional services beyond security, such as parental controls or tailored filtering profiles for B2B clients.
 
@@ -33,32 +33,32 @@ To distinguish queries originating from the service provider from those coming f
 If stable and defined source IPv4 addresses cannot be assigned to the on-premises DNS servers, service providers can instead use unique destination location endpoints. Each location is assigned a distinct [DoT](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-tls) and [DoH](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-https) hostname, as well as a unique [destination IPv6 address](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#ipv6-address). Additionally, Cloudflare can provide unique [destination IPv4 addresses upon request](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip).
 :::
 
-DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/en-gb/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with 0.0.0.0 for IPv4 queries or :: for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an '[Override](/cloudflare-one/policies/gateway/dns-policies/#override)' action can redirect the DNS query to a block page hosted by the service provider.
+DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/en-gb/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an `[Override](/cloudflare-one/policies/gateway/dns-policies/#override)` action can redirect the DNS query to a block page hosted by the service provider.
 
 ![Figure 2: A DNS policy to prevent users from navigating to malicious domains. The action is to override and redirect the DNS query to a block page hosted by the service provider.](~/assets/images/reference-architecture/gateway-dns-for-isp/gateway-dns-for-isp-image-02.svg)
 
-To achieve more precise control over which domains are allowed or blocked, the service provider can configure additional 'Allowed Domains' and 'Blocked Domains' policies. By setting these policies with [lower precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence) than the 'Security Risks' policy, the service provider can override the 'Security Risks' policy for specific domains.
+To achieve more precise control over which domains are allowed or blocked, the service provider can configure additional Allowed Domain and Blocked Domains policies. By setting these policies with [lower precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence) than the Security Risks policy, the service provider can override the Security Risks policy for specific domains.
 
-To streamline the management of allowed and blocked domains, [lists](/cloudflare-one/policies/gateway/lists/) can be utilized. These lists are easily updated through the dashboard or via [APIs](/api/operations/zero-trust-lists-update-zero-trust-list), making policy adjustments more efficient.
+To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/policies/gateway/lists/). Lists are easily updated through the dashboard or via [APIs](/api/operations/zero-trust-lists-update-zero-trust-list), making policy adjustments more efficient.
 
 ![Figure 3: DNS policies are applied according to their order of precedence. In this example, the 'Allow List Policy' and 'Block List Policy' will be considered before the 'Security List' policy.](~/assets/images/reference-architecture/gateway-dns-for-isp/gateway-dns-for-isp-image-03.svg)
 
 Additionally, all DNS queries forwarded to Cloudflare Gateway are logged and can be exported to external systems using [Logpush](/cloudflare-one/insights/logs/logpush/).
 
 :::note[Miscategorization of domains]
-In cases of a miscategorization of domains, a [categorization change request](/security-center/investigate/change-categorization/#change-categorization-via-the-cloudflare-dashboard) can be raised directly from the Cloudflare dashboard.
+In cases of a miscategorization of domains, raise a [categorization change request](/security-center/investigate/change-categorization/#change-categorization-via-the-cloudflare-dashboard) directly from the Cloudflare dashboard.
 :::
 
 ## Additional offerings based on DNS filtering capabilities
 
-Service providers can enhance their offerings by utilizing Cloudflare Gateway DNS policies to deliver additional value-added services alongside the base DNS security service. By utilizing the same solution, service providers can develop customized content category filtering services. These services can be easily constructed using Cloudflare's built-in [content categories](/cloudflare-one/policies/gateway/domain-categories/#content-categories) and [application types](/cloudflare-one/policies/gateway/application-app-types/), as well as the service provider's own custom allow and block lists.
+Service providers can enhance their offerings by using Cloudflare Gateway DNS policies to deliver additional value-added services alongside the base DNS security service. By using the same solution, service providers can develop customized content category filtering services. These services can be easily constructed using Cloudflare's built-in [content categories](/cloudflare-one/policies/gateway/domain-categories/#content-categories) and [application types](/cloudflare-one/policies/gateway/application-app-types/), as well as the service provider's own custom allow and block lists.
 
 Some potential applications include:
 - **Parental Control Services**: This service can block categories such as adult themes, child abuse, violence, and questionable content to ensure a safer online environment for children. 
 - **Educational Services**: Designed for schools and educational organizations, this service can extend beyond parental controls by blocking additional categories like CIPA, gambling, and entertainment, thereby promoting a focused learning atmosphere.
 - **Enterprise Services**: This offering allows businesses to easily restrict access to non-work-related domains, including categories such as entertainment, social networking, gambling, shopping & auctions, society & lifestyle, and sports.
 
-To differentiate these additional services from the core DNS security offering, the service provider would create additional DNS locations, one for each service. Cloudflare would be able to distinguish DNS queries for these services if the service provider sends them to one of the unique identifiers of a location. Each location has a unique [DoH](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-https) and [DoT](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-tls) hostname, and a unique [destination IPv6 address](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#ipv6-address). Cloudflare can also provision [dedicated destination IPv4 addresses](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip) per location.
+To differentiate these additional services from the core DNS security offering, the service provider would create additional DNS locations, one for each service. Cloudflare would be able to distinguish DNS queries for these services if the service provider sends them to one of the unique identifiers of a location. Each location has a unique [DoH](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-https) and [DoT](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-tls) hostname and a unique [destination IPv6 address](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#ipv6-address). Cloudflare can also provision [dedicated destination IPv4 addresses](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip) per location.
 
 ## Related resources
 
