diff --git a/Vagrantfile b/Vagrantfile
index 51f5515..1a636d1 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -8,7 +8,7 @@
 # you're doing.
 Vagrant.configure("2") do |config|
 
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
   config.vm.hostname = 'kaz-vm'
 
   config.vm.provider "virtualbox" do |vb|
diff --git a/files/snster-kaz/hoster-a/kaz1/provision.sh b/files/snster-kaz/hoster-a/kaz1/provision.sh
index b9b1534..cac5e1b 100644
--- a/files/snster-kaz/hoster-a/kaz1/provision.sh
+++ b/files/snster-kaz/hoster-a/kaz1/provision.sh
@@ -5,9 +5,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
 DIR=`dirname $0`
 cd `dirname $0`
 
-# disable systemd-resolved which conflicts with nsd
-echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
-systemctl stop systemd-resolved
+DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
+if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
+then
+	# disable systemd-resolved which conflicts with nsd
+	echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+	systemctl stop systemd-resolved
+fi
 
 DEBIAN_FRONTEND=noninteractive apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
diff --git a/files/snster-kaz/hoster-b/kaz2/provision.sh b/files/snster-kaz/hoster-b/kaz2/provision.sh
index c42beda..3965d3e 100644
--- a/files/snster-kaz/hoster-b/kaz2/provision.sh
+++ b/files/snster-kaz/hoster-b/kaz2/provision.sh
@@ -5,9 +5,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
 DIR=`dirname $0`
 cd `dirname $0`
 
-# disable systemd-resolved which conflicts with nsd
-echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
-systemctl stop systemd-resolved
+DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
+if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
+then
+	# disable systemd-resolved which conflicts with nsd
+	echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+	systemctl stop systemd-resolved
+fi
 
 DEBIAN_FRONTEND=noninteractive apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
diff --git a/files/snster-kaz/isp-a/infra/provision.sh b/files/snster-kaz/isp-a/infra/provision.sh
index 88f20d2..dce16a4 100644
--- a/files/snster-kaz/isp-a/infra/provision.sh
+++ b/files/snster-kaz/isp-a/infra/provision.sh
@@ -7,13 +7,17 @@ cd `dirname $0`
 
 # Email's mail account email@isp-a.sns
 useradd -m -s "/bin/bash" -p `mkpasswd --method=sha-512 email` email || true
-addgroup email mail
+adduser email mail
 #mkdir /home/hacker/mail
 #touch /home/hacker/mail/Drafts /home/hacker/mail/Queue /home/hacker/mail/Sent /home/hacker/mail/Trash
 
-# disable systemd-resolved which conflicts with nsd
-echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
-systemctl stop systemd-resolved
+DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
+if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
+then
+	# disable systemd-resolved which conflicts with nsd
+	echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+	systemctl stop systemd-resolved
+fi
 
 # manage isp-a.sns zone
 apt-get update
diff --git a/files/snster-kaz/main.yml b/files/snster-kaz/main.yml
index d088e20..e7ead7d 100644
--- a/files/snster-kaz/main.yml
+++ b/files/snster-kaz/main.yml
@@ -7,14 +7,14 @@ header:
 config:
   prefix: kaz
   nat-bridge: lxcbr0
-  default-master: bullseye
+  default-master: bookworm
 
 masters:
-  bullseye:
+  bookworm:
     backend: lxc
     template: debian
     parameters:
-      release: bullseye
+      release: bookworm
       arch: amd64
     family: debian
 
@@ -23,9 +23,8 @@ masters:
     template: download
     parameters:
       dist: alpine
-      release: 3.18
+      release: 3.21
       arch: amd64
-      no-validate: true
     family: alpine
 
 disabled-groups:
diff --git a/files/snster-kaz/mica/infra/provision.sh b/files/snster-kaz/mica/infra/provision.sh
index 0f7153e..dd6de29 100644
--- a/files/snster-kaz/mica/infra/provision.sh
+++ b/files/snster-kaz/mica/infra/provision.sh
@@ -5,9 +5,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
 DIR=`dirname $0`
 cd `dirname $0`
 
-# disable systemd-resolved which conflicts with nsd
-echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
-systemctl stop systemd-resolved
+DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
+if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
+then
+	# disable systemd-resolved which conflicts with nsd
+	echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+	systemctl stop systemd-resolved
+fi
 
 # manage mica.sns zone
 apt-get update
diff --git a/files/snster-kaz/tld-sns/ns/provision.sh b/files/snster-kaz/tld-sns/ns/provision.sh
index 24d6748..f0eef97 100644
--- a/files/snster-kaz/tld-sns/ns/provision.sh
+++ b/files/snster-kaz/tld-sns/ns/provision.sh
@@ -6,9 +6,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
 DIR=`dirname $0`
 cd `dirname $0`
 
-# disable systemd-resolved which conflicts with nsd
-echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
-systemctl stop systemd-resolved
+DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
+if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
+then
+	# disable systemd-resolved which conflicts with nsd
+	echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+	systemctl stop systemd-resolved
+fi
 
 apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
diff --git a/files/snster-kaz/transit-a/router/provision.sh b/files/snster-kaz/transit-a/router/provision.sh
index fa989c8..be2fca6 100755
--- a/files/snster-kaz/transit-a/router/provision.sh
+++ b/files/snster-kaz/transit-a/router/provision.sh
@@ -20,8 +20,8 @@ touch /etc/network/keepdhcp
 
 # Force lxc bridged interface metric (else, it grows to 200+interface_index, which can be large with successive  stop/start)
 # This metric must be lower than the one exported by BGP for the default route (static part below)
-mkdir /etc/udhcpc
-echo "IF_METRIC=200" > /etc/udhcpc/udhcpc.conf
+mkdir -p /etc/udhcpc
+echo "IF_METRIC=200" >> /etc/udhcpc/udhcpc.conf
 
 
 # customize bird config (BGP)
diff --git a/files/vm-provision.sh b/files/vm-provision.sh
index df20a18..1d52104 100755
--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@@ -177,7 +177,7 @@ auth:
     git clone https://framagit.org/flesueur/snster.git
     cd snster
     # git checkout tags/v1.1.0
-    git checkout fe59ef1f
+    git checkout 34b7c57cb7480cb4b3a84d14a1a46b60d0eb5967
     ./install.sh
 
     # BTRFS avec hotfix sale de SNSTER
@@ -187,7 +187,7 @@ auth:
     mkfs.btrfs -f /root/btrfs.img
     echo "/root/btrfs.img	/var/lib/lxc	btrfs	loop	0	0" >> /etc/fstab
     mount /var/lib/lxc
-    sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
+    sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.11/dist-packages/backends/LxcBackend.py
 
     # SNSTER KAZ
     cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root