diff --git a/app/controllers/private_controller.rb b/app/controllers/private_controller.rb
new file mode 100644
index 0000000..5ac411a
--- /dev/null
+++ b/app/controllers/private_controller.rb
@@ -0,0 +1,23 @@
+class PrivateController < ApplicationController
+  # This a private trusted API
+  skip_before_action :verify_authenticity_token
+
+  # PUT /replace_ds
+  def replace_ds
+    parent, child, ds = replace_ds_params.values_at(:parent, :child, :ds)
+    Domain.replace_ds(parent, child, ds)
+
+    render json: { ok: true }
+  end
+
+  private
+
+  def replace_ds_params
+    params.require(:parent)
+    params.require(:child)
+    params.require(:ds)
+    params.permit(ds: [])
+
+    params
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 8281d12..828eef4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,38 +1,42 @@
 Rails.application.routes.draw do
   # Override devise user removal
   devise_scope :users do
     delete :users, to: redirect('/')
   end
   devise_for :users
 
   root to: redirect('/domains')
 
   resources :groups, only: [:show] do
     get :search_member,
         to: 'groups#search_member', on: :member
     post :members,
          to: 'groups#create_member', as: :create_member, on: :member
     delete 'member/:user_id',
            to: 'groups#destroy_member', as: :destroy_member, on: :member
   end
 
   resources :domains do
     resources :records, except: [:index, :show] do
       # Reuse records#update instead of introducing new controller actions
       #
       # rubocop:disable Style/AlignHash
       put :disable, to: 'records#update', on: :member,
           defaults: { record: { disabled: true } }
       put :enable,  to: 'records#update', on: :member,
           defaults: { record: { disabled: false } }
       # rubocop:enable Style/AlignHash
     end
   end
 
   # Admin
   namespace :admin do
     root to: redirect('/admin/groups')
 
     resources :groups, except: [:show]
   end
+
+  # Private
+  put 'private/replace_ds', to: 'private#replace_ds'
 end
+