diff --git a/update-zones.py b/update-zones.py
index 23481cb..655a306 100755
--- a/update-zones.py
+++ b/update-zones.py
@@ -44,11 +44,13 @@ def git_changed_files(reference_branch, target_branch):
     return output.strip().splitlines()
 
 
-def pdns_managed_zones():
+def pdns_managed_zones(secondary_only=False):
+    command = ["pdnsutil", "list-all-zones"]
+    if secondary_only:
+        command += ["slave"]
+
     try:
-        all_zones = run(
-            ["pdnsutil", "list-all-zones"], check=True, capture_output=True, text=True
-        )
+        all_zones = run(command, check=True, capture_output=True, text=True)
         zones = all_zones.stdout.strip().splitlines()
     except CalledProcessError as e:
         print(
@@ -75,6 +77,14 @@ def calculate_changed_zones(files, zones):
     return sorted(set(files).intersection(zones))
 
 
+def remove_secondary_zones(changed_zones):
+    """
+    Remove DNS zones from the given set where the current server is a secondary DNS server.
+    """
+    secondary_zones = pdns_managed_zones(secondary_only=True)
+    return sorted(set(changed_zones).difference(secondary_zones))
+
+
 def generate_diff(zone, reference_branch, target_branch):
     diffresult = run(
         ["git", "diff", f"{reference_branch}..{target_branch}", "--", zone],
@@ -190,6 +200,19 @@ def get_changelog(reference_branch, target_branch):
     return r.stdout.strip()
 
 
+def update_reference_branch(reference_branch, target_branch):
+    """
+    Update the local git reference branch to track the target branch.
+    """
+    run(
+        ["git", "branch", "-D", reference_branch],
+        check=True,
+        stdout=DEVNULL,
+        stderr=DEVNULL,
+    )
+    run(["git", "branch", reference_branch, target_branch], check=True)
+
+
 def main(reference_branch, target_branch, audit_email_address, audit_sender_address):
     changed_files = git_changed_files(
         reference_branch=reference_branch, target_branch=target_branch
@@ -206,8 +229,13 @@ def main(reference_branch, target_branch, audit_email_address, audit_sender_addr
 
     changed_zones = calculate_changed_zones(changed_files, zones_in_pdns)
 
+    changed_zones = remove_secondary_zones(changed_zones)
+
     if not changed_zones:
         print("no zones changed")
+
+        update_reference_branch(reference_branch, target_branch)
+
         return
 
     diffs = []
@@ -246,13 +274,7 @@ def main(reference_branch, target_branch, audit_email_address, audit_sender_addr
 
     changelog = get_changelog(reference_branch, target_branch)
 
-    run(
-        ["git", "branch", "-D", reference_branch],
-        check=True,
-        stdout=DEVNULL,
-        stderr=DEVNULL,
-    )
-    run(["git", "branch", reference_branch, target_branch], check=True)
+    update_reference_branch(reference_branch, target_branch)
 
     send_audit_mail(diffs, audit_email_address, audit_sender_address, changelog)