diff --git a/DnsServerCore/Dns/Zones/SecondaryZone.cs b/DnsServerCore/Dns/Zones/SecondaryZone.cs
index 6e70fb9c..f015a6cc 100644
--- a/DnsServerCore/Dns/Zones/SecondaryZone.cs
+++ b/DnsServerCore/Dns/Zones/SecondaryZone.cs
@@ -100,14 +100,25 @@ namespace DnsServerCore.Dns.Zones
 
             DnsQuestionRecord soaQuestion = new DnsQuestionRecord(name, DnsResourceRecordType.SOA, DnsClass.IN);
             DnsDatagram soaResponse;
+            NameServerAddress[] primaryNameServers = null;
 
-            if (primaryNameServerAddresses == null)
+            if (string.IsNullOrEmpty(primaryNameServerAddresses))
             {
                 soaResponse = await secondaryZone._dnsServer.DirectQueryAsync(soaQuestion);
             }
             else
             {
-                DnsClient dnsClient = new DnsClient(primaryNameServerAddresses);
+                primaryNameServers = primaryNameServerAddresses.Split(delegate (string address)
+                {
+                    NameServerAddress nameServer = NameServerAddress.Parse(address);
+
+                    if (nameServer.Protocol != zoneTransferProtocol)
+                        nameServer = nameServer.ChangeProtocol(zoneTransferProtocol);
+
+                    return nameServer;
+                }, ',');
+
+                DnsClient dnsClient = new DnsClient(primaryNameServers);
 
                 foreach (NameServerAddress nameServerAddress in dnsClient.Servers)
                 {
@@ -138,9 +149,7 @@ namespace DnsServerCore.Dns.Zones
 
             AuthRecordInfo authRecordInfo = soaRR[0].GetAuthRecordInfo();
 
-            if (!string.IsNullOrEmpty(primaryNameServerAddresses))
-                authRecordInfo.PrimaryNameServers = primaryNameServerAddresses.Split(NameServerAddress.Parse, ',');
-
+            authRecordInfo.PrimaryNameServers = primaryNameServers;
             authRecordInfo.ZoneTransferProtocol = zoneTransferProtocol;
             authRecordInfo.TsigKeyName = tsigKeyName;
 
@@ -291,7 +300,18 @@ namespace DnsServerCore.Dns.Zones
 
                 if (!_resync)
                 {
-                    DnsClient client = new DnsClient(primaryNameServers);
+                    //check for update; use UDP transport
+                    List<NameServerAddress> udpNameServers = new List<NameServerAddress>(primaryNameServers.Count);
+
+                    foreach (NameServerAddress primaryNameServer in primaryNameServers)
+                    {
+                        if (primaryNameServer.Protocol == DnsTransportProtocol.Udp)
+                            udpNameServers.Add(primaryNameServer);
+                        else
+                            udpNameServers.Add(primaryNameServer.ChangeProtocol(DnsTransportProtocol.Udp));
+                    }
+
+                    DnsClient client = new DnsClient(udpNameServers);
 
                     client.Proxy = _dnsServer.Proxy;
                     client.PreferIPv6 = _dnsServer.PreferIPv6;
@@ -339,47 +359,38 @@ namespace DnsServerCore.Dns.Zones
                     }
                 }
 
-                //update available; do zone transfer with TLS or TCP transport
+                //update available; do zone transfer with TLS, QUIC, or TCP transport
+                List<NameServerAddress> updatedNameServers = new List<NameServerAddress>(primaryNameServers.Count);
 
                 switch (zoneTransferProtocol)
                 {
                     case DnsTransportProtocol.Tls:
                     case DnsTransportProtocol.Quic:
+                        //change name server protocol to TLS/QUIC
+                        foreach (NameServerAddress primaryNameServer in primaryNameServers)
                         {
-                            //change name server protocol to TLS/QUIC
-                            List<NameServerAddress> updatedNameServers = new List<NameServerAddress>(primaryNameServers.Count);
-
-                            foreach (NameServerAddress primaryNameServer in primaryNameServers)
-                            {
-                                if (primaryNameServer.Protocol == zoneTransferProtocol)
-                                    updatedNameServers.Add(primaryNameServer);
-                                else
-                                    updatedNameServers.Add(primaryNameServer.ChangeProtocol(zoneTransferProtocol));
-                            }
-
-                            primaryNameServers = updatedNameServers;
-                            break;
+                            if (primaryNameServer.Protocol == zoneTransferProtocol)
+                                updatedNameServers.Add(primaryNameServer);
+                            else
+                                updatedNameServers.Add(primaryNameServer.ChangeProtocol(zoneTransferProtocol));
                         }
 
+                        break;
+
                     default:
+                        //change name server protocol to TCP
+                        foreach (NameServerAddress primaryNameServer in primaryNameServers)
                         {
-                            //change name server protocol to TCP
-                            List<NameServerAddress> updatedNameServers = new List<NameServerAddress>(primaryNameServers.Count);
-
-                            foreach (NameServerAddress primaryNameServer in primaryNameServers)
-                            {
-                                if (primaryNameServer.Protocol == DnsTransportProtocol.Tcp)
-                                    updatedNameServers.Add(primaryNameServer);
-                                else
-                                    updatedNameServers.Add(primaryNameServer.ChangeProtocol(DnsTransportProtocol.Tcp));
-                            }
-
-                            primaryNameServers = updatedNameServers;
-                            break;
+                            if (primaryNameServer.Protocol == DnsTransportProtocol.Tcp)
+                                updatedNameServers.Add(primaryNameServer);
+                            else
+                                updatedNameServers.Add(primaryNameServer.ChangeProtocol(DnsTransportProtocol.Tcp));
                         }
+
+                        break;
                 }
 
-                DnsClient xfrClient = new DnsClient(primaryNameServers);
+                DnsClient xfrClient = new DnsClient(updatedNameServers);
 
                 xfrClient.Proxy = _dnsServer.Proxy;
                 xfrClient.PreferIPv6 = _dnsServer.PreferIPv6;