[Architecture Center] Copyedits to RAD

[crwaters16]

No description provided.

[cloudflare-workers-and-pages]

Deploying cloudflare-docs with    Cloudflare Pages

Latest commit:	ccd6343
Status:	✅  Deploy successful!
Preview URL:	https://2eddffe4.cloudflare-docs-7ou.pages.dev
Branch Preview URL:	https://claire-rad-gateway-dns-revie.cloudflare-docs-7ou.pages.dev

View logs

[github-actions]

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/reference-architecture/diagrams/sase/gateway-dns-for-isp/	https://claire-rad-gateway-dns-revie.cloudflare-docs-7ou.pages.dev/reference-architecture/diagrams/sase/gateway-dns-for-isp/

[maxvp]

Suggested change

Today these limitations can be addressed through cloud-based solutions like [Cloudflare Gateway](/cloudflare-one/policies/gateway/), our Secure Web Gateway service. Cloudflare Gateway's DNS filtering capabilities allow service providers to offer enhanced security as a value-added service for residential and mobile subscribers or B2B clients. With easy-to-create policies backed by Cloudflare's [extensive threat intelligence](https://www.cloudflare.com/en-gb/security/), service providers can effectively safeguard their customers from accessing potentially [harmful domains](/cloudflare-one/policies/gateway/domain-categories/#security-categories).

Today these limitations can be addressed through cloud-based solutions like [Cloudflare Gateway](/cloudflare-one/policies/gateway/), our Secure Web Gateway service. Cloudflare Gateway's DNS filtering capabilities allow service providers to offer enhanced security as a value-added service for residential and mobile subscribers or B2B clients. With easy-to-create policies backed by Cloudflare's [extensive threat intelligence](https://www.cloudflare.com/security/), service providers can effectively safeguard their customers from accessing potentially [harmful domains](/cloudflare-one/policies/gateway/domain-categories/#security-categories).

Language-agnostic link

[maxvp]

Suggested change

DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/en-gb/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an `[Override](/cloudflare-one/policies/gateway/dns-policies/#override)` action can redirect the DNS query to a block page hosted by the service provider.

DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a **[Block](/cloudflare-one/policies/gateway/dns-policies/#block)**, where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an **[Override](/cloudflare-one/policies/gateway/dns-policies/#override)** action can redirect the DNS query to a block page hosted by the service provider.

Added bold to refer to actions within the UI.