diff --git a/CHANGELOG.md b/CHANGELOG.md
index c264c83..ce0d6c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 3.7.1
+
+IMPROVEMENTS:
+
+- fix [TypeError](https://github.com/cmur2/dyndnsd/issues/205) when user has no hosts configured
+
 ## 3.7.0 (September 16th, 2022)
 
 IMPROVEMENTS:
diff --git a/lib/dyndnsd.rb b/lib/dyndnsd.rb
index 2554569..5a236c6 100644
--- a/lib/dyndnsd.rb
+++ b/lib/dyndnsd.rb
@@ -215,10 +215,11 @@ module Dyndnsd
       invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
       return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
 
+      # we can trust this information since user was authorized by middleware
       user = env['REMOTE_USER']
 
       # check for hostnames that the user does not own
-      forbidden_hostnames = hostnames - @users[user]['hosts']
+      forbidden_hostnames = hostnames - @users[user].fetch('hosts', [])
       return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
 
       if params['offline'] == 'YES'
diff --git a/spec/dyndnsd/daemon_spec.rb b/spec/dyndnsd/daemon_spec.rb
index 6164c09..14d1523 100644
--- a/spec/dyndnsd/daemon_spec.rb
+++ b/spec/dyndnsd/daemon_spec.rb
@@ -15,6 +15,9 @@ describe Dyndnsd::Daemon do
         'test' => {
           'password' => 'secret',
           'hosts' => ['foo.example.org', 'bar.example.org']
+        },
+        'test2' => {
+          'password' => 'ihavenohosts'
         }
       }
     }
@@ -99,6 +102,14 @@ describe Dyndnsd::Daemon do
     expect(last_response.body).to eq('notfqdn')
   end
 
+  it 'rejects request if user does not own any hostnames' do
+    authorize 'test2', 'ihavenohosts'
+
+    get '/nic/update?hostname=doesnotexisthost.example.org'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+  end
+
   it 'rejects request if user does not own one hostname' do
     authorize 'test', 'secret'