diff --git a/api/dns.go b/api/dns.go
index a1739d3..ad41103 100644
--- a/api/dns.go
+++ b/api/dns.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"database/sql"
+	"fmt"
 	"log"
 	"net/http"
 	"strconv"
@@ -20,10 +21,23 @@ type FormError struct {
 
 func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool {
 	ownedByUser := (user.ID == record.UserID)
+	if !ownedByUser {
+		return false
+	}
 
 	if !record.Internal {
-		publicallyOwnedByUser := (record.Name == user.Username || strings.HasSuffix(record.Name, "."+user.Username))
-		return ownedByUser && publicallyOwnedByUser
+		userOwnedDomains := []string{
+			fmt.Sprintf("%s", user.Username),
+			fmt.Sprintf("%s.endpoints", user.Username),
+		}
+
+		for _, domain := range userOwnedDomains {
+			isInSubDomain := strings.HasSuffix(record.Name, "."+domain)
+			if domain == record.Name || isInSubDomain {
+				return true
+			}
+		}
+		return false
 	}
 
 	owner, err := database.FindFirstDomainOwnerId(dbConn, record.Name)
diff --git a/database/users.go b/database/users.go
index ca0d2bb..63e7957 100644
--- a/database/users.go
+++ b/database/users.go
@@ -55,11 +55,6 @@ func FindOrSaveUser(dbConn *sql.DB, user *User) (*User, error) {
 		return nil, err
 	}
 
-	// _, err = dbConn.Exec(`UPDATE users SET mail = ?, username = ?, display_name = ? WHERE id = ?;`, user.Mail, user.Username, user.DisplayName, user.ID)
-	// if err != nil {
-	// 	return nil, err
-	// }
-
 	return user, nil
 }