diff --git a/doc/manual/build/man/cascade-config.1 b/doc/manual/build/man/cascade-config.1
index 48406a97..c0dd3a6e 100644
--- a/doc/manual/build/man/cascade-config.1
+++ b/doc/manual/build/man/cascade-config.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE-CONFIG" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE-CONFIG" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade-config \- Manage configuration
 .SH SYNOPSIS
@@ -53,7 +53,7 @@ Note: Only some setting changes are honoured by Cascade at this point.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascade-health.1 b/doc/manual/build/man/cascade-health.1
new file mode 100644
index 00000000..906a03a1
--- /dev/null
+++ b/doc/manual/build/man/cascade-health.1
@@ -0,0 +1,67 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "CASCADE-HEALTH" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
+.SH NAME
+cascade-health \- Check the health of Cascade
+.sp
+Added in version 0.1.0\-alpha2.
+
+.SH SYNOPSIS
+.sp
+\fBcascade health\fP
+.SH DESCRIPTION
+.sp
+Check the health of Cascade.
+.sp
+Exits with code zero if Cascade is healthy, non\-zero otherwise.
+.SH SEE ALSO
+.INDENT 0.0
+.TP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
+Cascade online documentation
+.TP
+\fBcascade\fP(1)
+\fI\%Cascade CLI\fP
+.TP
+\fBcascaded\fP(1)
+\fI\%Cascade Daemon\fP
+.TP
+\fBcascaded\-config.toml\fP(5)
+\fI\%Configuration File Format\fP
+.TP
+\fBcascaded\-policy.toml\fP(5)
+\fI\%Policy File Format\fP
+.UNINDENT
+.SH AUTHOR
+NLnet Labs <cascade@nlnetlabs.nl>
+.SH COPYRIGHT
+2025–2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/doc/manual/build/man/cascade-hsm.1 b/doc/manual/build/man/cascade-hsm.1
index a28dff31..385f783b 100644
--- a/doc/manual/build/man/cascade-hsm.1
+++ b/doc/manual/build/man/cascade-hsm.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE-HSM" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE-HSM" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade-hsm \- Manage HSMs
 .SH SYNOPSIS
@@ -222,7 +222,7 @@ longer than this will be truncated to fit.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascade-keyset.1 b/doc/manual/build/man/cascade-keyset.1
index 10b43f93..6067d809 100644
--- a/doc/manual/build/man/cascade-keyset.1
+++ b/doc/manual/build/man/cascade-keyset.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE-KEYSET" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE-KEYSET" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade-keyset \- Execute manual key roll or key removal commands
 .SH SYNOPSIS
@@ -126,7 +126,7 @@ Continue when removing the underlying keys fails.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascade-policy.1 b/doc/manual/build/man/cascade-policy.1
index 713c719a..f660568f 100644
--- a/doc/manual/build/man/cascade-policy.1
+++ b/doc/manual/build/man/cascade-policy.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE-POLICY" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE-POLICY" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade-policy \- Manage policies
 .SH SYNOPSIS
@@ -67,7 +67,7 @@ Reload all the policies from the files.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascade-status.1 b/doc/manual/build/man/cascade-status.1
new file mode 100644
index 00000000..6d8d6ba4
--- /dev/null
+++ b/doc/manual/build/man/cascade-status.1
@@ -0,0 +1,66 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "CASCADE-STATUS" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
+.SH NAME
+cascade-status \- Show the status of Cascade
+.sp
+Added in version 0.1.0\-alpha2.
+
+.SH SYNOPSIS
+.sp
+\fBcascade status\fP
+.SH DESCRIPTION
+.sp
+Displays an at\-a\-glance status report for Cascade indicating what it is
+currently doing and noting any issues that require operator action.
+.SH SEE ALSO
+.INDENT 0.0
+.TP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
+Cascade online documentation
+.TP
+\fBcascade\fP(1)
+\fI\%Cascade CLI\fP
+.TP
+\fBcascaded\fP(1)
+\fI\%Cascade Daemon\fP
+.TP
+\fBcascaded\-config.toml\fP(5)
+\fI\%Configuration File Format\fP
+.TP
+\fBcascaded\-policy.toml\fP(5)
+\fI\%Policy File Format\fP
+.UNINDENT
+.SH AUTHOR
+NLnet Labs <cascade@nlnetlabs.nl>
+.SH COPYRIGHT
+2025–2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/doc/manual/build/man/cascade-template.1 b/doc/manual/build/man/cascade-template.1
index 6e7b8027..6d06803e 100644
--- a/doc/manual/build/man/cascade-template.1
+++ b/doc/manual/build/man/cascade-template.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE-TEMPLATE" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE-TEMPLATE" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade-template \- Print example config or policy files
 .SH SYNOPSIS
@@ -56,7 +56,7 @@ Generate a policy template.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascade-zone.1 b/doc/manual/build/man/cascade-zone.1
index acfb3d1f..7cd60aa0 100644
--- a/doc/manual/build/man/cascade-zone.1
+++ b/doc/manual/build/man/cascade-zone.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE-ZONE" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE-ZONE" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade-zone \- Manage zones
 .SH SYNOPSIS
@@ -42,6 +42,10 @@ cascade-zone \- Manage zones
 .sp
 \fBcascade zone\fP \fB[OPTIONS]\fP \fI\%reload\fP \fB<NAME>\fP
 .sp
+\fBcascade zone\fP \fB[OPTIONS]\fP \fI\%approve\fP \fB<\-\-unsigned|\-\-signed>\fP  \fB<NAME>\fP \fB<SERIAL>\fP
+.sp
+\fBcascade zone\fP \fB[OPTIONS]\fP \fI\%reject\fP \fB<\-\-unsigned|\-\-signed>\fP  \fB<NAME>\fP \fB<SERIAL>\fP
+.sp
 \fBcascade zone\fP \fB[OPTIONS]\fP \fI\%status\fP \fB[\-\-detailed]\fP \fB<NAME>\fP
 .sp
 \fBcascade zone\fP \fB[OPTIONS]\fP \fI\%history\fP \fB<NAME>\fP
@@ -77,6 +81,16 @@ Reload a zone.
 .UNINDENT
 .INDENT 0.0
 .TP
+.B approve
+Approve a zone being reviewed.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reject
+Reject a zone being reviewed.
+.UNINDENT
+.INDENT 0.0
+.TP
 .B status
 Get the status of a single zone.
 .UNINDENT
@@ -152,6 +166,38 @@ Import a CSK from an HSM.
 .B \-h, \-\-help
 Print the help text (short summary with \fB\-h\fP, long help with \fB\-\-help\fP).
 .UNINDENT
+.SH OPTIONS FOR ZONE APPROVE
+.INDENT 0.0
+.TP
+.B <\-\-unsigned|\-\-signed>
+Whether the zone to approve is at the unsigned or signed review stage.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B <NAME>
+The name of the zone to approve.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B <SERIAL>
+The serial number of the zone to approve.
+.UNINDENT
+.SH OPTIONS FOR ZONE REJECT
+.INDENT 0.0
+.TP
+.B <\-\-unsigned|\-\-signed>
+Whether the zone to reject is at the unsigned or signed review stage.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B <NAME>
+The name of the zone to reject.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B <SERIAL>
+The serial number of the zone to reject.
+.UNINDENT
 .SH OPTIONS FOR ZONE STATUS
 .INDENT 0.0
 .TP
@@ -162,7 +208,7 @@ identifiers in use, as well as the new DNSKEY records during key rolls.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascade.1 b/doc/manual/build/man/cascade.1
index 72da750e..2ab15411 100644
--- a/doc/manual/build/man/cascade.1
+++ b/doc/manual/build/man/cascade.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADE" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADE" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascade \- Cascade CLI
 .SH SYNOPSIS
@@ -64,6 +64,9 @@ Print version.
 \fBcascade\-config\fP(1)
 Manage Cascade\(aqs configuration.
 .TP
+\fBcascade\-health\fP(1)
+Check the health of Cascade.
+.TP
 \fBcascade\-zone\fP(1)
 Manage zones.
 .TP
@@ -82,7 +85,7 @@ Print example config or policy files.
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascaded\fP(1)
diff --git a/doc/manual/build/man/cascaded-config.toml.5 b/doc/manual/build/man/cascaded-config.toml.5
index 20eee872..749ff9c8 100644
--- a/doc/manual/build/man/cascaded-config.toml.5
+++ b/doc/manual/build/man/cascaded-config.toml.5
@@ -27,19 +27,27 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADED-CONFIG.TOML" "5" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADED-CONFIG.TOML" "5" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascaded-config.toml \- Cascade configuration file
 .sp
 Cascade uses the TOML format for its configuration file. A template can be
 generated using \fBcascade template config\fP\&. The provided values to the options
 below are the default values and are serving as a hint to the option\(aqs format.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+All changes to the configuration file require running \fBcascade config
+reload\fP for them to take effect. Currently, most options additionally
+require a restart of the server.
+.UNINDENT
+.UNINDENT
 .SH EXAMPLE
 .INDENT 0.0
 .INDENT 3.5
 .sp
-.nf
-.ft C
+.EX
 version = \(dqv1\(dq
 policy\-dir = \(dq/etc/cascade/policies\(dq
 zone\-state\-dir = \(dq/var/lib/cascade/zone\-state\(dq
@@ -51,7 +59,7 @@ dnst\-binary\-path = \(dq/usr/libexec/cascade/cascade\-dnst\(dq
 
 [daemon]
 log\-level = \(dqinfo\(dq
-log\-target = { type = \(dqfile\(dq, path = \(dq/dev/stdout\(dq }
+log\-target = { type = \(dqstdout\(dq }
 daemonize = false
 
 [remote\-control]
@@ -71,8 +79,7 @@ servers = [\(dq127.0.0.1:4542\(dq, \(dq[::1]:4542\(dq]
 
 [server]
 servers = [\(dq127.0.0.1:4543\(dq, \(dq[::1]:4543\(dq]
-.ft P
-.fi
+.EE
 .UNINDENT
 .UNINDENT
 .SH OPTIONS
@@ -161,7 +168,7 @@ can be backed up and restored in the event of filesystem corruption.
 The path to the dnst binary Cascade should use.
 .sp
 Cascade relies on a Cascade specific verison of the (not yet officially
-released) \fBdnst\fP program (<\fI\%https://github.com/NLnetLabs/dnst\fP>) in order
+released) \fBdnst\fP program (<\X'tty: link https://github.com/NLnetLabs/dnst'\fI\%https://github.com/NLnetLabs/dnst\fP\X'tty: link'>) in order
 to perform DNSSEC key management.  You can specify an absolute path here, or
 just \fBdnst\fP if it is in $PATH.
 .UNINDENT
@@ -192,23 +199,45 @@ following levels are defined:
 .UNINDENT
 .INDENT 0.0
 .TP
-.B log\-target = { type = \(dqfile\(dq, path = \(dq/dev/stdout\(dq }
+.B log\-target = { type = \(dqstdout\(dq }
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-target = { type = \(dqstderr\(dq }
 .UNINDENT
 .INDENT 0.0
 .TP
 .B log\-target = { type = \(dqsyslog\(dq }
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-target = { type = \(dqfile\(dq, path = \(dqcascaded.log\(dq }
 The location the daemon writes logs to.
 .INDENT 7.0
 .IP \(bu 2
 type \fBfile\fP: Logs are appended line\-by\-line to the specified file path.
 .sp
-It can be set to \fB/dev/stdout\fP or \fB/dev/stderr\fP for standard output and
-error, respectively.  If it is a terminal, ANSI escape codes may be used
-to style the output.
+If it is a terminal, ANSI escape codes may be used to style the output.
+.IP \(bu 2
+type \fBstdout\fP: Logs are written to stdout. (The default)
+.sp
+If it is a terminal, ANSI escape codes may be used to style the output.
+.IP \(bu 2
+type \fBstderr\fP: Logs are written to stderr.
+.sp
+If it is a terminal, ANSI escape codes may be used to style the output.
 .IP \(bu 2
 type \fBsyslog\fP: Logs are written to the UNIX syslog.
 .sp
 This option is only supported on UNIX systems.
+.INDENT 2.0
+.INDENT 3.5
+Changed in version 0.1.0\-alpha2: Added types \fBstdout\fP and \fBstderr\fP which should be used instead of
+\fBfile\fP values \fB/dev/stdout\fP and \fB/dev/stderr\fP which do not work
+properly in some cases, e.g. when running under systemd.
+
+.UNINDENT
+.UNINDENT
 .UNINDENT
 .UNINDENT
 .INDENT 0.0
@@ -260,7 +289,7 @@ supported; only names can be used.
 .INDENT 7.0
 .INDENT 3.5
 When using systemd, you should rely on its \(aqUser=\(aq and \(aqGroup=\(aq
-options instead.  See <\fI\%https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#User=\fP>.
+options instead.  See <\X'tty: link https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#User='\fI\%https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#User=\fP\X'tty: link'>.
 .UNINDENT
 .UNINDENT
 .UNINDENT
@@ -370,7 +399,7 @@ Default Cascade config file
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascaded-policy.toml.5 b/doc/manual/build/man/cascaded-policy.toml.5
index ce11ebe5..1c05acfc 100644
--- a/doc/manual/build/man/cascaded-policy.toml.5
+++ b/doc/manual/build/man/cascaded-policy.toml.5
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADED-POLICY.TOML" "5" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADED-POLICY.TOML" "5" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascaded-policy.toml \- Cascade policy file format
 .sp
@@ -54,12 +54,20 @@ internal copy of the policy.
 Only policy files stored in the configured policy directory and having a
 \fB\&.toml\fP extension will be loaded by Cascade.\(ga
 .UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+In the current alpha release, changes to some policy options (e.g. review
+hook) also require a server restart in addition to running \fBcascade policy
+reload\fP to take effect.
+.UNINDENT
+.UNINDENT
 .SH EXAMPLE
 .INDENT 0.0
 .INDENT 3.5
 .sp
-.nf
-.ft C
+.EX
 version = \(dqv1\(dq
 
 [loader]
@@ -116,8 +124,7 @@ required = false
 
 [server.outbound]
 send\-notify\-to = []
-.ft P
-.fi
+.EE
 .UNINDENT
 .UNINDENT
 .SH OPTIONS
@@ -170,12 +177,16 @@ It will receive the following information via environment variables:
 .IP \(bu 2
 \fBCASCADE_SERIAL\fP: The serial number of the zone (decimal integer).
 .IP \(bu 2
-\fBCASCADE_SERVER\fP: The TCP/UDP port where Cascade is serving the zone for
-review, formatted \fB<ip\-addr>:<port>\fP\&.
+\fBCASCADE_SERVER\fP: The combined address and port where Cascade is serving
+the zone for review, formatted as \fB<ip\-addr>:<port>\fP\&.
 .IP \(bu 2
-\fBCASCADE_CONTROL\fP: The address of Cascade\(aqs HTTP API server, for sending
-approvals and rejections.
+\fBCASCADE_SERVER_IP\fP: Just the address of the above server.
+.IP \(bu 2
+\fBCASCADE_SERVER_PORT\fP: Just the port of the above server.
 .UNINDENT
+.sp
+Added in version 0.1.0\-alpha2: \fBCASCADE_SERVER_IP\fP and \fBCASCADE_SERVER_PORT\fP\&.
+
 .sp
 The command will be called from an unspecified directory, and it must be
 accessible to Cascade (i.e. after it has dropped privileges). Its exit code
@@ -401,7 +412,7 @@ The HSM server to use.
 If this is set, the named HSM server (which must be configured via \fBcascade
 hsm add\fP) will be used for generating new DNSSEC keys.
 .sp
-See \fI\%https://cascade.docs.nlnetlabs.nl/en/latest/hsms.html\fP for more
+See \X'tty: link https://cascade.docs.nlnetlabs.nl/en/latest/hsms.html'\fI\%https://cascade.docs.nlnetlabs.nl/en/latest/hsms.html\fP\X'tty: link' for more
 information.
 .UNINDENT
 .INDENT 0.0
@@ -473,7 +484,7 @@ Supported options:
 .IP \(bu 2
 \fBcounter\fP: increment the serial number every time.
 .IP \(bu 2
-\fBunixtime\fP: use the current Unix time, in seconds.
+\fBunix\-time\fP: use the current Unix time, in seconds.
 .IP \(bu 2
 \fBdate\-counter\fP: format the number as \fB<YYYY><MM><DD><xx>\fP in decimal.
 \fB<xx>\fP is a simple counter to allow up to 100 versions per day.
@@ -573,8 +584,12 @@ It will receive the following information via environment variables:
 .IP \(bu 2
 \fBCASCADE_SERIAL\fP: The serial number of the signed zone (decimal integer).
 .IP \(bu 2
-\fBCASCADE_SERVER\fP: The TCP/UDP port where Cascade is serving the zone for
-review, formatted \fB<ip\-addr>:<port>\fP\&.
+\fBCASCADE_SERVER\fP: The combined address and port where Cascade is serving
+the zone for review, formatted as \fB<ip\-addr>:<port>\fP\&.
+.IP \(bu 2
+\fBCASCADE_SERVER_IP\fP: Just the address of the above server.
+.IP \(bu 2
+\fBCASCADE_SERVER_PORT\fP: Just the port of the above server.
 .UNINDENT
 .sp
 The command will be called from an unspecified directory, and it must be
@@ -606,7 +621,7 @@ Default policies directory
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/build/man/cascaded.1 b/doc/manual/build/man/cascaded.1
index 911356b1..5274ca06 100644
--- a/doc/manual/build/man/cascaded.1
+++ b/doc/manual/build/man/cascaded.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "CASCADED" "1" "Oct 06, 2025" "0.1.0-rc1" "Cascade"
+.TH "CASCADED" "1" "Oct 17, 2025" "0.1.0-alpha2" "Cascade"
 .SH NAME
 cascaded \- DNSSEC signer
 .SH SYNOPSIS
@@ -39,7 +39,7 @@ cascaded \- DNSSEC signer
 solution.
 .sp
 For more information about Cascade, please refer to the Cascade documentation
-at \fI\%https://cascade.docs.nlnetlabs.nl\fP\&.
+at \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'\&.
 .SH OPTIONS
 .INDENT 0.0
 .TP
@@ -71,6 +71,11 @@ Defaults to \fBinfo\fP, unless set in the config file.
 Where logs should be written to [possible values: stdout, stderr,
 file:<PATH>, syslog].
 .UNINDENT
+.sp
+Changed in version 0.1.0\-alpha2: Added types \fBstdout\fP and \fBstderr\fP\&. Type \fBfile\fP with values \fB/dev/stdout\fP
+and \fB/dev/stderr\fP can still be used but may not work properly in some
+cases, e.g. when running under systemd.
+
 .INDENT 0.0
 .TP
 .B \-d, \-\-daemonize
@@ -117,7 +122,7 @@ Default directory for KMIP state files
 .SH SEE ALSO
 .INDENT 0.0
 .TP
-.B \fI\%https://cascade.docs.nlnetlabs.nl\fP
+.B \X'tty: link https://cascade.docs.nlnetlabs.nl'\fI\%https://cascade.docs.nlnetlabs.nl\fP\X'tty: link'
 Cascade online documentation
 .TP
 \fBcascade\fP(1)
diff --git a/doc/manual/source/conf.py b/doc/manual/source/conf.py
index 02d4732b..829dd92f 100644
--- a/doc/manual/source/conf.py
+++ b/doc/manual/source/conf.py
@@ -240,9 +240,8 @@
     ('man/cascaded-policy.toml', 'cascaded-policy.toml', 'Cascade policy file format', author, 5),
     ('man/cascade', 'cascade', 'Cascade CLI', author, 1),
     ('man/cascade-config', 'cascade-config', 'Manage configuration', author, 1),
-    ('man/cascade-health', 'cascade-health', 'Check health', author, 1),
-    ('man/cascade-hsm', 'cascade-hsm', 'Manage HSMs', author, 1),
     ('man/cascade-health', 'cascade-health', 'Check the health of Cascade', author, 1),
+    ('man/cascade-hsm', 'cascade-hsm', 'Manage HSMs', author, 1),
     ('man/cascade-keyset', 'cascade-keyset', 'Execute manual key roll or key removal commands', author, 1),
     ('man/cascade-policy', 'cascade-policy', 'Manage policies', author, 1),
     ('man/cascade-status', 'cascade-status', 'Show the status of Cascade', author, 1),
diff --git a/doc/manual/source/man/cascade.rst b/doc/manual/source/man/cascade.rst
index 7ceb9aaa..bf803d9d 100644
--- a/doc/manual/source/man/cascade.rst
+++ b/doc/manual/source/man/cascade.rst
@@ -43,7 +43,7 @@ Commands
 
           Manage Cascade's configuration.
 
-        :doc:`cascade-health`\ (1)
+        :doc:`cascade-health <cascade-health>`\ (1)
 
           Check the health of Cascade. 
 
diff --git a/pkg/debian/postinst b/pkg/debian/postinst
index 1aedffd6..2d2ca533 100755
--- a/pkg/debian/postinst
+++ b/pkg/debian/postinst
@@ -10,6 +10,7 @@ create_user() {
 case "$1" in
 configure)
     create_user
+    mkdir -p /etc/cascade/policies
     ;;
 esac
 
diff --git a/pkg/debian/postrm b/pkg/debian/postrm
index 1dce1745..ae245cf0 100755
--- a/pkg/debian/postrm
+++ b/pkg/debian/postrm
@@ -11,7 +11,7 @@ purge)
         rm ${CONFIG_FILE_PATH}
     fi
 
-    # TODO: Remove the user account and home dir?
+    # TODO: Remove the user account and home dir and /etc/cascade/policies?
     ;;
 esac
 
diff --git a/pkg/rpm/rpmlintrc b/pkg/rpm/rpmlintrc
new file mode 100644
index 00000000..1ed344c0
--- /dev/null
+++ b/pkg/rpm/rpmlintrc
@@ -0,0 +1 @@
+addFilter('bad-manual-page-folder')
diff --git a/pkg/rpm/scriptlets.toml b/pkg/rpm/scriptlets.toml
index 7ff1e66b..ce07b4df 100644
--- a/pkg/rpm/scriptlets.toml
+++ b/pkg/rpm/scriptlets.toml
@@ -17,6 +17,8 @@ if [ $1 -eq 1 ] ; then
         useradd --system --user-group ${USER_ID} --home-dir /var/lib/${USER_ID} --create-home
     fi
 
+    mkdir -p /etc/cascade/policies
+
     # Run commands equivalent to what the RPM systemd macros would do
     systemd_post cascaded.service
     systemd_triggers