diff --git a/lib/dyndnsd.rb b/lib/dyndnsd.rb
index 8bbda1b..1916baa 100644
--- a/lib/dyndnsd.rb
+++ b/lib/dyndnsd.rb
@@ -31,6 +31,7 @@ module Dyndnsd
   class Daemon
     def initialize(config, db, updater, responder)
       @users = config['users']
+      @domain = config['domain']
       @db = db
       @updater = updater
       @responder = responder
@@ -45,6 +46,14 @@ module Dyndnsd
       @updater.update(@db)
     end
     
+    def is_fqdn_valid?(hostname)
+      return false if hostname.length < @domain.length + 2
+      return false if not hostname.end_with?(@domain)
+      name = hostname.chomp(@domain)
+      return false if not name.match(/^[a-zA-Z0-9_-]+\.$/)
+      true
+    end
+    
     def call(env)
       return @responder.response_for(:method_forbidden) if env["REQUEST_METHOD"] != "GET"
       return @responder.response_for(:not_found) if env["PATH_INFO"] != "/nic/update"
@@ -55,8 +64,8 @@ module Dyndnsd
       
       hostname = params["hostname"]
       
-      # Check if hostname(s) match rules
-      #return @responder.response_for(:hostname_malformed) if XY
+      # Check if hostname match rules
+      return @responder.response_for(:hostname_malformed) if not is_fqdn_valid?(hostname)
       
       user = env["REMOTE_USER"]
       
diff --git a/spec/daemon_spec.rb b/spec/daemon_spec.rb
index 8f9b2d6..5c57762 100644
--- a/spec/daemon_spec.rb
+++ b/spec/daemon_spec.rb
@@ -5,6 +5,7 @@ describe Dyndnsd::Daemon do
   
   def app
     config = {
+      'domain' => 'example.org',
       'users' => {
         'test' => {
           'password' => 'secret',
@@ -79,7 +80,27 @@ describe Dyndnsd::Daemon do
   end
   
   it 'forbids invalid hostnames' do
-    pending
+    authorize 'test', 'secret'
+    
+    get '/nic/update?hostname=test'
+    last_response.should be_ok
+    last_response.body.should == 'notfqdn'
+    
+    get '/nic/update?hostname=test.example.com'
+    last_response.should be_ok
+    last_response.body.should == 'notfqdn'
+    
+    get '/nic/update?hostname=test.example.org.me'
+    last_response.should be_ok
+    last_response.body.should == 'notfqdn'
+    
+    get '/nic/update?hostname=foo.test.example.org'
+    last_response.should be_ok
+    last_response.body.should == 'notfqdn'
+    
+    get '/nic/update?hostname=in%20valid.example.org.me'
+    last_response.should be_ok
+    last_response.body.should == 'notfqdn'
   end
   
   it 'outputs status per hostname' do