diff --git a/all.yml b/all.yml
index ebf9098819637196bf971c17b0cea08c5c3beed2..67830dafb264ce0a3c8275690f81603d93cdd8c9 100755
--- a/all.yml
+++ b/all.yml
@@ -11,7 +11,7 @@
 - import_playbook: plays/monitoring.yml
 
 # Services that only apply to a subset of server
-- import_playbook: plays/cas.yml
+# - import_playbook: plays/cas.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
 - import_playbook: plays/etherpad.yml
diff --git a/hosts b/hosts
index 77612b931d5c6be5cf2d46f4e7f07237abc58197..e6818cd10a6c44ae769054bd8bf7dfb54ed09a71 100644
--- a/hosts
+++ b/hosts
@@ -16,9 +16,19 @@ git
 radius  # We use certbot to manage LE certificates
 reverseproxy
 
-[dhcp]
-routeur-sam.adm.crans.org
-#routeur-daniel.adm.crans.org
+[dhcp:children]
+routeurs_vm
+
+[dns_auth_master]
+silice.adm.crans.org
+
+[dns_authoritative:children]
+dns_auth_master
+freebox
+ovh_physical
+
+[dns_recursive:children]
+routeurs_vm
 
 [dovecot]
 owl.adm.crans.org
@@ -29,6 +39,10 @@ ethercalc-srv.adm.crans.org
 [framadate]
 voyager.adm.crans.org
 
+[freebox]
+boeing.adm.crans.org
+titanic.adm.crans.org
+
 [git]
 gitzly.adm.crans.org
 
@@ -38,9 +52,8 @@ horde.adm.crans.org
 [irc]
 irc.adm.crans.org
 
-[keepalived]
-routeur-sam.adm.crans.org
-#routeur-daniel.adm.crans.org
+[keepalived:children]
+routeurs_vm
 
 [ldap_server]
 tealc.adm.crans.org
@@ -48,24 +61,35 @@ sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
 
+[monitoring]
+monitoring.adm.crans.org
+
+[nginx]
+charybde.adm.crans.org
+
 [nginx_rtmp]
 fluxx.adm.crans.org
 
+[nginx:children]
+reverseproxy
+
 [postfix]
-boeing.adm.crans.org
 mailman.adm.crans.org
 redisdead.adm.crans.org
-soyouz.adm.crans.org
-sputnik.adm.crans.org
-titanic.adm.crans.org
 zamok.adm.crans.org
 
-[radius]
-routeur-sam.adm.crans.org
+[postfix:children]
+freebox
+ovh_physical
+
+[radius:children]
+routeurs_vm
 
 [re2o]
 re2o-newinfra.adm.crans.org
-routeur-sam.adm.crans.org
+
+[re2o:children]
+radius
 
 [reverseproxy]
 hodaur.adm.crans.org
@@ -73,17 +97,24 @@ hodaur.adm.crans.org
 [roundcube]
 roundcube-srv.adm.crans.org
 
+[routeurs_vm]
+routeur-daniel.adm.crans.org
+routeur-jack.adm.crans.org
+routeur-sam.adm.crans.org
+
 [virtu]
 sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
 
 [crans_routeurs:children]
-dhcp
-keepalived
+# dhcp  TODO: Really needed ?
+# keepalived
+routeurs_vm
 
 [crans_physical]
 omnomnom.adm.crans.org
+charybde.adm.crans.org
 
 [crans_physical:children]
 backups
@@ -112,13 +143,14 @@ owl.adm.crans.org
 owncloud.adm.crans.org
 #re2o-ldap.adm.crans.org
 roundcube.adm.crans.org
-#routeur-daniel.adm.crans.org
-routeur-sam.adm.crans.org
 #silice.adm.crans.org
 tracker.adm.crans.org
 voyager.adm.crans.org
 #unifi.adm.crans.org
 
+[crans_vm:children]
+routeurs_vm
+
 [ovh_physical]
 sputnik.adm.crans.org
 
diff --git a/plays/dns.yml b/plays/dns.yml
index b261acaa7293ba4dc0ace4eb27b24e0231c9acce..4e61330fbcfc8e2174ab732e058e89602b78189f 100755
--- a/plays/dns.yml
+++ b/plays/dns.yml
@@ -1,12 +1,12 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy recursive DNS cache server
-- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
+- hosts: dns_recursive
   roles:
     - bind-recursive
 
 # Deploy authoritative DNS server
-- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
+- hosts: dns_authoritative
   vars:
     certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
     certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
@@ -18,7 +18,7 @@
   roles:
     - bind-authoritative
 
-- hosts: silice.adm.crans.org
+- hosts: dns_auth_master
   vars:
     re2o:
       server: re2o.adm.crans.org
diff --git a/plays/monitoring.yml b/plays/monitoring.yml
index ca8fc85a006bf8beff366f0fcbb71d43b438247f..2a6c6bcd8d03d78d714c34a6162948d2ed8822f2 100755
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@@ -1,7 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy Prometheus and Grafana on monitoring server
-- hosts: monitoring.adm.crans.org
+- hosts: monitoring
   vars:
     # Prometheus targets.json
     prometheus:
@@ -64,13 +64,13 @@
 
 
 # Monitor all hosts
-- hosts: server,test_vm
+- hosts: server
   vars:
     adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
   roles: ["prometheus-node-exporter"]
 
 # Export nginx metrics
-- hosts: charybde.adm.crans.org,hodaur.adm.crans.org
+- hosts: nginx
   vars:
     adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
   roles: ["prometheus-nginx-exporter"]