diff --git a/concepts/nat-traversal.mdx b/concepts/nat-traversal.mdx
index b899077..5c3853d 100644
--- a/concepts/nat-traversal.mdx
+++ b/concepts/nat-traversal.mdx
@@ -52,6 +52,10 @@ Both peers try to connect to each other **at the same time**. When peer A sends
Because both mappings are now established and both firewalls expect traffic from each other, the packets get through and a direct connection is formed.
+
+
+
+
### 4. Fallback to Relay
If NAT traversal fails (some networks use particularly strict configurations), iroh automatically falls back to routing traffic through the relay server. This ensures connections always work, even if they can't be direct.
diff --git a/connecting/dht-address-lookup.mdx b/connecting/dht-address-lookup.mdx
index 7297c55..bb0827f 100644
--- a/connecting/dht-address-lookup.mdx
+++ b/connecting/dht-address-lookup.mdx
@@ -11,6 +11,10 @@ while DHT address lookup puts them on the BitTorrent Mainline DHT. That removes
dependency on a hosted server: any endpoint can publish and resolve without a
central party, at the cost of slower lookups than DNS.
+
+
+
+
DHT address lookup is not enabled by default. It lives in the separate
[`iroh-mainline-address-lookup`](https://crates.io/crates/iroh-mainline-address-lookup)
crate, which you add alongside `iroh`.
diff --git a/connecting/dns-address-lookup.mdx b/connecting/dns-address-lookup.mdx
index 4f8c901..5b320d9 100644
--- a/connecting/dns-address-lookup.mdx
+++ b/connecting/dns-address-lookup.mdx
@@ -8,6 +8,10 @@ An endpoint publishes a signed record that maps its `EndpointId` to its home rel
URL (and optionally its direct addresses), and resolves the same kind of record for
endpoints it wants to dial.
+
+
+
+
## How records are published and resolved
Each endpoint creates a set of records with its addressing information, and puts it into a signed [Pkarr](https://pkarr.org) packet. The packet is signed by the endpoint's secret key.
diff --git a/connecting/local-address-lookup.mdx b/connecting/local-address-lookup.mdx
index 518424d..e2c41a5 100644
--- a/connecting/local-address-lookup.mdx
+++ b/connecting/local-address-lookup.mdx
@@ -12,6 +12,10 @@ work. This can be a Wi-Fi network, an Ethernet network, or even a mobile
hotspot. mDNS is not designed to work over the internet or across different
networks.
+
+
+
+
## Usage
mDNS address lookup is not enabled by default. It lives in the separate
diff --git a/what-is-iroh.mdx b/what-is-iroh.mdx
index 41ebbbf..9697f19 100644
--- a/what-is-iroh.mdx
+++ b/what-is-iroh.mdx
@@ -122,7 +122,7 @@ exact same signed record using the
[DHT address lookup](/connecting/dht-address-lookup).
-
+
### Direct connections
@@ -158,21 +158,9 @@ just needs to learn the other's local address. See
An iroh application is a stack of small layers, each with one job:
-```mermaid
-flowchart TB
- app["Your application"]
- protocols["Protocols
blobs, docs, gossip, yours"]
- router["Router
dispatches connections by ALPN"]
- endpoint["Endpoint
identity, address lookup, NAT, relay"]
- quic["QUIC + TLS 1.3"]
- transport["Transport
UDP default, Tor, Nym, BLE"]
-
- app --- protocols
- protocols --- router
- router --- endpoint
- endpoint --- quic
- quic --- transport
-```
+
+
+
- **Transport** carries encrypted bytes between machines. UDP is the default;
you can swap in [Tor](/transports/tor), [Nym](/transports/nym), or