diff --git a/gestion/gen_confs/bind.py b/gestion/gen_confs/bind.py
index 8c6451e6..4335ba72 100755
--- a/gestion/gen_confs/bind.py
+++ b/gestion/gen_confs/bind.py
@@ -445,19 +445,6 @@ class dns(gen_config) :
     }
 
 
-    EXTRAS = {
-        'crans.org' : [
-             TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
-        ]
-    }
-
     hostname = short_name(gethostname())
     serial = int(time.time()) + 1000000000
     TTL = 3600
@@ -467,6 +454,38 @@ class dns(gen_config) :
     else:
         restart_cmd = '/etc/init.d/bind9 reload'
 
+    def __init__(self, *args, **kwargs):
+        xmpp_cert = ssl.get_server_certificate(('xmpp.crans.org', 443), ca_certs='/etc/ssl/certs/ca-certificates.crt')
+        self.EXTRAS = {
+        'crans.org' : [
+             TLSA('crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('www.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('intranet2.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('git.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('nagios.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('pad.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('news.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('asterisk.crans.org.', 5061, 'tcp', None, 3, 2),
+             TLSA('smtp.crans.org.', 465, 'tcp', None, 3, 2),
+             TLSA('imap.crans.org.', 993, 'tcp', None, 3, 2),
+             TLSA('xmpp', 5222, 'tcp', xmpp_cert, 3, 2),
+             TLSA('xmpp', 5269, 'tcp', xmpp_cert, 3, 2),
+             TLSA('xmpp', 443, 'tcp', xmpp_cert, 3, 2),
+             TLSA('jabber', 443, 'tcp', xmpp_cert, 3, 2),
+        ],
+        'wifi.crans.org' : [
+             TLSA('wifi.crans.org.', 443, 'tcp', None, 3, 2),
+        ],
+        }
+        super(dns, self).__init__(*args, **kwargs)
 
     def gen_soa(self, ns_list, serial, ttl):
         return SOA(ns_list[0], 'root.crans.org', serial, 21600, 3600, 1209600, ttl)