diff --git a/zns-daemon/src/config.rs b/zns-daemon/src/config.rs
index 84360c5..d05b6b8 100644
--- a/zns-daemon/src/config.rs
+++ b/zns-daemon/src/config.rs
@@ -6,11 +6,12 @@ use zns::labelstring::LabelString;
 static CONFIG: OnceLock<Config> = OnceLock::new();
 
 pub struct Config {
-    pub zauth_url: String,
+    pub zauth_url: Option<String>,
     pub db_uri: String,
     pub authoritative_zone: LabelString,
     pub port: u16,
     pub address: IpAddr,
+    pub default_soa: bool,
 }
 
 impl Config {
@@ -25,7 +26,7 @@ impl Config {
             dotenv().ok();
             Config {
                 db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
-                zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"),
+                zauth_url: env::var("ZAUTH_URL").ok(),
                 authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")),
                 port: env::var("ZNS_PORT")
                     .map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
@@ -34,6 +35,10 @@ impl Config {
                     .unwrap_or(String::from("127.0.0.1"))
                     .parse()
                     .expect("ZNS_ADDRESS is invalid"),
+                default_soa: env::var("ZNS_DEFAULT_SOA")
+                    .unwrap_or(String::from("true"))
+                    .parse()
+                    .expect("ZNS_DEFAULT_SOA should have value `true` or `false`"),
             }
         })
     }
diff --git a/zns-daemon/src/handlers/query.rs b/zns-daemon/src/handlers/query.rs
index 79040ce..6ddf5dd 100644
--- a/zns-daemon/src/handlers/query.rs
+++ b/zns-daemon/src/handlers/query.rs
@@ -37,7 +37,9 @@ impl ResponseHandler for QueryHandler {
                     if rrs.is_empty() {
                         rrs.extend(try_wildcard(question, connection)?);
                         if rrs.is_empty() {
-                            if question.qtype == Type::Type(RRType::SOA) {
+                            if question.qtype == Type::Type(RRType::SOA)
+                                && Config::get().default_soa
+                            {
                                 rrs.extend([get_soa(&question.qname)?])
                             } else {
                                 return Err(ZNSError::NXDomain {
@@ -87,7 +89,7 @@ fn try_wildcard(question: &Question, connection: &mut PgConnection) -> Result<Ve
 
 fn get_soa(name: &LabelString) -> Result<RR, ZNSError> {
     let auth_zone = Config::get().authoritative_zone.clone();
-    let rdata = if &Config::get().authoritative_zone == name {
+    let rdata = if &auth_zone == name {
         // Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record
         Ok(SoaRData {
             mname: auth_zone,
diff --git a/zns-daemon/src/handlers/update/authenticate.rs b/zns-daemon/src/handlers/update/authenticate.rs
index b2a2369..446fd7c 100644
--- a/zns-daemon/src/handlers/update/authenticate.rs
+++ b/zns-daemon/src/handlers/update/authenticate.rs
@@ -18,15 +18,20 @@ pub async fn authenticate(
     zone: &LabelString,
     connection: &mut PgConnection,
 ) -> Result<bool, ZNSError> {
-    if zone.as_slice().len() > Config::get().authoritative_zone.as_slice().len() {
-        let username = &zone.as_slice()
-            [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
+    if zone.len() > Config::get().authoritative_zone.len() {
+        let ssh_verified = match &Config::get().zauth_url {
+            Some(url) => {
+                let username = &zone.as_slice()
+                    [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
 
-        let ssh_verified = validate_ssh(&username.to_lowercase(), sig)
-            .await
-            .map_err(|e| ZNSError::Servfail {
-                message: e.to_string(),
-            })?;
+                validate_ssh(&username.to_lowercase(), url, sig)
+                    .await
+                    .map_err(|e| ZNSError::Servfail {
+                        message: e.to_string(),
+                    })?
+            }
+            None => false,
+        };
 
         if ssh_verified {
             Ok(true)
@@ -40,14 +45,14 @@ pub async fn authenticate(
     }
 }
 
-async fn validate_ssh(username: &String, sig: &Sig) -> Result<bool, reqwest::Error> {
+async fn validate_ssh(
+    username: &String,
+    zauth_url: &String,
+    sig: &Sig,
+) -> Result<bool, reqwest::Error> {
     let client = reqwest::Client::new();
     Ok(client
-        .get(format!(
-            "{}/users/{}/keys",
-            Config::get().zauth_url,
-            username
-        ))
+        .get(format!("{}/users/{}/keys", zauth_url, username))
         .header(ACCEPT, "application/json")
         .send()
         .await?
diff --git a/zns-daemon/src/handlers/update/mod.rs b/zns-daemon/src/handlers/update/mod.rs
index b7a6cb1..a2c973e 100644
--- a/zns-daemon/src/handlers/update/mod.rs
+++ b/zns-daemon/src/handlers/update/mod.rs
@@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler {
             let rlen = rr.name.as_slice().len();
 
             // Check if rr has same zone
-            if rlen < zlen || !(&zone.qname == &rr.name.as_slice()[rlen - zlen..].into()) {
+            if rlen < zlen || !(zone.qname == rr.name.as_slice()[rlen - zlen..].into()) {
                 return Err(ZNSError::Refused {
                     message: "RR has different zone from Question".to_string(),
                 });