1. Set 'allow-transfer' to 'any' is danger because possible to hijack your domain
2. The trick for secondary worked, create 'a record' to assign to your secondary server IP (better use 'ns2' or 'ns3').
At this moment, secondary dns only work for bind and nsd.
To make sure, update to 2014092607.