diff --git a/mreg/api/permissions.py b/mreg/api/permissions.py
index 21c38089..22b46f29 100644
--- a/mreg/api/permissions.py
+++ b/mreg/api/permissions.py
@@ -10,6 +10,7 @@
 SUPERUSER_GROUP = 'SUPERUSER_GROUP'
 ADMINUSER_GROUP = 'ADMINUSER_GROUP'
 DNS_WILDCARD_GROUP = 'DNS_WILDCARD_GROUP'
+DNS_UNDERSCORE_GROUP = 'DNS_UNDERSCORE_GROUP'
 
 
 def get_settings_groups(group_setting_name):
@@ -134,9 +135,11 @@ def _deny_superuser_only_names(data=None, name=None, view=None, request=None):
             if 'host' in data:
                 name = data['host'].name
 
-    # Underscore is allowed for non-superuser in SRV records
+    # Underscore is allowed for non-superuser in SRV records,
+    # and for members of <DNS_UNDERSCORE_GROUP> in all records.
     if '_' in name and not isinstance(view, (mreg.api.v1.views.SrvDetail,
-                                             mreg.api.v1.views.SrvList)):
+                                             mreg.api.v1.views.SrvList)) \
+                   and not request_in_settings_group(request, DNS_UNDERSCORE_GROUP):
         return True
 
     # Except for super-users, only members of the DNS wildcard group can create wildcard records.
diff --git a/mreg/api/v1/tests/test_host_permissions.py b/mreg/api/v1/tests/test_host_permissions.py
index 742871a3..db392607 100644
--- a/mreg/api/v1/tests/test_host_permissions.py
+++ b/mreg/api/v1/tests/test_host_permissions.py
@@ -282,9 +282,24 @@ def test_can_not_add_txt_to_host_without_ip(self):
 
 
 class Underscore(MregAPITestCase):
-    """Test that only superusers can create entries with an underscore."""
 
+    """Test that superusers can create entries with an underscore, but regular users can't."""
     def test_can_create_hostname_with_prefix_underscore(self):
+        data1 = {'name': '_host1.example.org', 'ipaddress': '10.0.0.1'}
+        data2 = {'name': 'host2._sub.example.org', 'ipaddress': '10.0.0.2'}
+        superuser_client = self.client
+        self.client = self.get_token_client(superuser=False)
+        self.assert_post_and_403('/hosts/', data1)
+        self.assert_post_and_403('/hosts/', data2)
+        self.client = superuser_client
+        self.assert_post('/hosts/', data1)
+        self.assert_post('/hosts/', data2)
+
+    """Members in DNS_UNDERSCORE_GROUP can create entries with an underscore."""
+    def test_special_group_members_create_underscore(self):
+        self.client = self.get_token_client(superuser=False, adminuser=True)
+        self.add_user_to_groups('DNS_UNDERSCORE_GROUP')
+        path = '/api/v1/hosts/'
         data1 = {'name': '_host1.example.org', 'ipaddress': '10.0.0.1'}
         data2 = {'name': 'host2._sub.example.org', 'ipaddress': '10.0.0.2'}
         self.assert_post('/hosts/', data1)
diff --git a/mregsite/settings.py b/mregsite/settings.py
index 2bd58bed..dde5796f 100644
--- a/mregsite/settings.py
+++ b/mregsite/settings.py
@@ -329,3 +329,4 @@
     NETWORK_ADMIN_GROUP = "default-networkadmin-group"
     HOSTPOLICYADMIN_GROUP = "default-hostpolicyadmin-group"
     DNS_WILDCARD_GROUP = "default-dns-wildcard-group"
+    DNS_UNDERSCORE_GROUP = "default-dns-underscore-group"