diff --git a/app/controllers/records_controller.rb b/app/controllers/records_controller.rb
index 6d525f8..4ff086b 100644
--- a/app/controllers/records_controller.rb
+++ b/app/controllers/records_controller.rb
@@ -1,55 +1,61 @@
 class RecordsController < ApplicationController
   before_action :authenticate_user!
 
   before_action :domain
   before_action :record, only: [:edit, :update, :destroy]
 
   # GET /records/new
   def new
     @record = domain.records.build
   end
 
   # GET /records/1/edit
   def edit
   end
 
   # POST /records
   def create
     @record = domain.records.new(new_record_params)
 
     if @record.save
       redirect_to domain, notice: 'Record was successfully created.'
     else
       render :new
     end
   end
 
   # PATCH/PUT /records/1
   def update
     if @record.update(edit_record_params)
       redirect_to domain, notice: 'Record was successfully updated.'
     else
       render :edit
     end
   end
 
   # DELETE /records/1
   def destroy
     @record.destroy
     redirect_to domain, notice: 'Record was successfully destroyed.'
   end
 
   private
 
   def edit_record_params
-    params.require(:record).permit(:name, :content, :ttl, :prio, :disabled).tap { |r|
+    if @record.type == 'SOA'
+      permitted = [:contact, :serial, :refresh, :retry, :expire, :nx]
+    else
+      permitted = [:name, :content, :ttl, :prio, :disable]
+    end
+
+    params.require(:record).permit(*permitted).tap { |r|
       r[:drop_privileges] = true if not admin?
     }
   end
 
   def new_record_params
     params.require(:record).permit(:name, :content, :ttl, :type, :prio).tap { |r|
       r[:drop_privileges] = true if not admin?
     }
   end
 end
diff --git a/app/views/records/_soa_form.html.erb b/app/views/records/_soa_form.html.erb
new file mode 100644
index 0000000..4eb0e38
--- /dev/null
+++ b/app/views/records/_soa_form.html.erb
@@ -0,0 +1,12 @@
+<%= bootstrap_form_for([@domain, @record], layout: :horizontal, label_col: 'col-sm-2', control_col: 'col-sm-8') do |f| %>
+
+  <%= f.static_control :type %>
+  <%= f.static_control :primary_ns %>
+  <%= f.email_field :contact %>
+  <%= f.text_field :refresh %>
+  <%= f.text_field :retry %>
+  <%= f.text_field :nx %>
+
+  <%= f.submit 'Save', class: 'btn btn-primary col-sm-offset-2' %>
+
+<% end %>
diff --git a/app/views/records/edit.html.erb b/app/views/records/edit.html.erb
index fe2105a..30fe345 100644
--- a/app/views/records/edit.html.erb
+++ b/app/views/records/edit.html.erb
@@ -1,3 +1,3 @@
 <h1>Editing record</h1>
 
-<%= render 'form' %>
+<%= render @record.type == 'SOA' ? 'soa_form' : 'form' %>
diff --git a/config/initializers/00_settings.rb b/config/initializers/00_settings.rb
index 98b65c6..52838f4 100644
--- a/config/initializers/00_settings.rb
+++ b/config/initializers/00_settings.rb
@@ -1,18 +1,17 @@
 WebDNS = Base
 
 WebDNS.settings[:soa_defaults] = {
   primary_ns: 'ns.example.com',
   contact: 'domainmaster@example.com',
   serial: 1,
   refresh: 10_800,
   retry: 3600,
   expire: 604_800,
   nx: 3600
 }
 
 WebDNS.settings[:serial_strategy] = Strategies::Date
 
-# Don't allow to create SOA records
-WebDNS.settings[:prohibit_records_types] = ['SOA']
+WebDNS.settings[:prohibit_records_types] = []
 
 WebDNS.settings[:mail_from] = 'webdns@example.com'
diff --git a/test/models/soa_test.rb b/test/models/soa_test.rb
index 4096ca2..a96a30f 100644
--- a/test/models/soa_test.rb
+++ b/test/models/soa_test.rb
@@ -1,69 +1,60 @@
 require 'test_helper'
 
 class SOATest < ActiveSupport::TestCase
   def setup
     domain = create(:domain)
     @record = domain.soa
   end
 
   test 'bump_serial!' do
     @record.save!
 
     assert_serial_update @record do
       @record.bump_serial!
     end
   end
 
   test 'updating attributes bumps serial' do
     @record.save!
 
     assert_serial_update @record do
       @record.contact = 'admin@example.com'
       @record.save!
     end
   end
 
-  test 'drop privileges' do
-    @record.contact = 'admin@example.com'
-    @record.drop_privileges = true
-    assert_not @record.editable?
-
-    @record.save
-    assert_not_empty @record.errors[:type]
-  end
-
   class DateSerialTests < ActiveSupport::TestCase
     setup do
       domain = create(:date_domain)
       @record = domain.soa
     end
 
     test 'last bump of the day' do
       assert_equal Strategies::Date, @record.domain.serial_strategy
 
       freeze_time do
         last_for_day = Time.now.strftime('%Y%m%d99').to_i
         @record.serial = last_for_day
         @record.save!
 
         assert_serial_update @record do
           @record.bump_serial!
         end
       end
     end
 
     test 'existing serial points to a future date' do
       assert_equal Strategies::Date, @record.domain.serial_strategy
 
       freeze_time do
         future_day = (Time.now + 1.week).strftime('%Y%m%d00').to_i
         @record.serial = future_day
         @record.save!
 
         assert_serial_update @record do
           @record.bump_serial!
         end
       end
     end
   end
 end