diff --git a/bundles/bind/files/named.conf.local b/bundles/bind/files/named.conf.local
index 749ce14..0198d49 100644
--- a/bundles/bind/files/named.conf.local
+++ b/bundles/bind/files/named.conf.local
@@ -27,7 +27,10 @@ view "${view['name']}" {
 
   % for zone in zones:
   zone "${zone}" {
-    type master;
+    type ${type};
+% if type == 'slave':
+    masters { ${master_ip}; };
+% endif
     file "/var/lib/bind/${view['name']}/db.${zone}";
   };
   % endfor
diff --git a/bundles/bind/files/named.conf.options b/bundles/bind/files/named.conf.options
index 8a64abc..7478143 100644
--- a/bundles/bind/files/named.conf.options
+++ b/bundles/bind/files/named.conf.options
@@ -7,4 +7,10 @@ options {
 
   max-cache-size 30%;
   querylog yes;
+
+% if type == 'master':
+  notify yes;
+  also-notify { ${' '.join([f'{ip};' for ip in slave_ips])} };
+  allow-transfer { ${' '.join([f'{ip};' for ip in slave_ips])} };
+% endif
 };
diff --git a/bundles/bind/items.py b/bundles/bind/items.py
index 0a96813..f62c5d3 100644
--- a/bundles/bind/items.py
+++ b/bundles/bind/items.py
@@ -1,6 +1,18 @@
-from ipaddress import ip_address
+from ipaddress import ip_address, ip_interface
 from datetime import datetime
 
+if node.metadata.get('bind/type') == 'master':
+    zones = node.metadata.get('bind/zones')
+    master_ip = None
+    slave_ips = [
+        ip_interface(repo.get_node(slave).metadata.get('network/external/ipv4')).ip
+            for slave in node.metadata.get('bind/slaves')
+    ]
+else:
+    zones = repo.get_node(node.metadata.get('bind/master_node')).metadata.get('bind/zones')
+    master_ip = ip_interface(repo.get_node(node.metadata.get('bind/master_node')).metadata.get('network/external/ipv4')).ip
+    slave_ips = []
+
 directories[f'/var/lib/bind'] = {
     'purge': True,
     'needed_by': [
@@ -35,6 +47,11 @@ files['/etc/bind/named.conf'] = {
     ],
 }
 files['/etc/bind/named.conf.options'] = {
+    'content_type': 'mako',
+    'context': {
+        'type': node.metadata.get('bind/type'),
+        'slave_ips': sorted(slave_ips),
+    },
     'owner': 'root',
     'group': 'bind',
     'needs': [
@@ -72,8 +89,10 @@ views = [
 files['/etc/bind/named.conf.local'] = {
     'content_type': 'mako',
     'context': {
+        'type': node.metadata.get('bind/type'),
+        'master_ip': master_ip,
         'views': views,
-        'zones': sorted(node.metadata.get('bind/zones')),
+        'zones': sorted(zones),
     },
     'owner': 'root',
     'group': 'bind',
@@ -117,7 +136,7 @@ for view in views:
         ],
     }
 
-    for zone, records in node.metadata.get('bind/zones').items():
+    for zone, records in zones.items():
         files[f"/var/lib/bind/{view['name']}/db.{zone}"] = {
             'group': 'bind',
             'source': 'db',
diff --git a/bundles/bind/metadata.py b/bundles/bind/metadata.py
index c423480..10cc137 100644
--- a/bundles/bind/metadata.py
+++ b/bundles/bind/metadata.py
@@ -9,6 +9,7 @@ defaults = {
     },
     'bind': {
         'zones': {},
+        'slaves': {},
     },
     'telegraf': {
         'config': {
@@ -24,6 +25,17 @@ defaults = {
 }
 
 
+@metadata_reactor.provides(
+    'bind/type',
+)
+def type(metadata):
+    return {
+        'bind': {
+            'type': 'slave' if metadata.get('bind/master_node', None) else 'master',
+        }
+    }
+
+
 @metadata_reactor.provides(
     'dns',
 )
@@ -39,6 +51,9 @@ def dns(metadata):
     'bind/zones',
 )
 def collect_records(metadata):
+    if metadata.get('bind/type') == 'slave':
+        return {}
+    
     zones = {}
     
     for other_node in repo.nodes:
@@ -76,13 +91,41 @@ def collect_records(metadata):
     'bind/zones',
 )
 def ns_records(metadata):
+    if metadata.get('bind/type') == 'slave':
+        return {}
+
+    nameservers = [
+        node.metadata.get('bind/hostname'),
+        *[
+            repo.get_node(slave).metadata.get('bind/hostname')
+                for slave in node.metadata.get('bind/slaves')
+        ]
+    ]
     return {
         'bind': {
             'zones': {
                 zone: [
-                    {'name': '@', 'type': 'NS', 'value': f"{metadata.get('bind/hostname')}."},
-                    {'name': '@', 'type': 'NS', 'value': f"{metadata.get('bind/secondary_hostname')}."},
+                    {'name': '@', 'type': 'NS', 'value': f"{nameserver}."}
+                        for nameserver in nameservers
                 ] for zone in metadata.get('bind/zones').keys()
             },
         },
     }
+
+
+@metadata_reactor.provides(
+    'bind/slaves',
+)
+def slaves(metadata):
+    if metadata.get('bind/type') == 'slave':
+        return {}
+    
+    return {
+        'bind': {
+            'slaves': [
+                other_node.name
+                    for other_node in repo.nodes
+                    if other_node.has_bundle('bind') and other_node.metadata.get('bind/master_node', None) == node.name
+            ],
+        },
+    }
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index a1823bf..519bb98 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -18,7 +18,6 @@
         'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
         'bind': {
             'hostname': 'resolver.name',
-            'secondary_hostname': 'second.resolver.name',
             'zones': {
                 'sublimity.de': [],
                 'freibrief.net': [],
diff --git a/nodes/netcup.secondary.py b/nodes/netcup.secondary.py
index 9a45c6d..a211d30 100644
--- a/nodes/netcup.secondary.py
+++ b/nodes/netcup.secondary.py
@@ -2,6 +2,7 @@
     'hostname': '46.38.240.85',
     'groups': [
         'debian-10',
+        'dnsserver',
     ],
     'bundles': [
         'wireguard',
@@ -21,6 +22,10 @@
                 'ipv4': '10.0.11.2/24',
             },
         },
+        'bind': {
+            'master_node': 'htz.mails',
+            'hostname': 'second.resolver.name',
+        },
         'wireguard': {
             'my_ip': '172.30.0.3/24',
             'peers': {