Incorrectly configured BIND (distributing zones to the right and to the left and allowing recursion) is often used for DDOS.
So if you are not ready to figure out how to administer it, it’s better not to start.
Use a third-party paid or free DNS thread - there will be much less headaches.

You have a problem with the transfer or with the BIND configuration (or whatever you have)
If there is not enough IP address for the second DNS, you can use the free dns.he.net service (Hurikeyns support both Primary and Secondary. Choose the type of zone yourself).
When transferring, you simply change the IP addresses of the DNS servers in the config, and at the registrar - to which the domain is parked and that's it. Their names will remain the same.

Hetzner allocates additional IP addresses upon request, you just need to argue why this is needed. Then they include it in the subscriber. They also justify their refusals.
If your registrar (where the domains were registered) requires NS servers located on different IPs, then
- either get a second IP from Hetzner
- or use free services on the Internet (which are indicated in the last paragraph above)
* at the same time, you indicate their IP addresses in the registrar panel domains
If your registrar doesn't care (I have one, for example), assign the same ip (A-record) for ns1 and ns2 on your ns server (which, as I understand it, now works on the server in hetzner). Then just specify in the panel (domain registrar) ns1 ... ns2 ... and the same IP.
It’s easy to figure out the configs, and there are even tools on the network .
The most basic is the A record, in which you are sent to the ip address of the server. If the previous "rates" ns suited, then leave the TTL old. And update (at the time of editing the config) the first field (serial number) in the SOA record YYYYMMDD[nn], where nn is how many times you updated the config for the specified day. For example, for the first time today it will be like 2012131201
cname in the situation described does not need to be changed, like mx.
Other options can be found on google.

DNS from Yandex implies the use of only their servers. If you put both servers from Yandex (configured independently) and your own dns (running on the server), then Yandex will rewrite the settings every time. If you plan to use only servers from Yandex for the domain , then there will be no problems.
Here is an example of correspondence with them (11/26/2012).

Primary and secondary DNS should not be kept in the same place even if they have different IP addresses. Better in general in different countries. In any case, you need to understand well what you are doing.
Personally, I still keep the primary DNS. I use BuddyNS as secondary DNS servers . For half a year there were no complaints. Synchronization with the primary DNS server is instantaneous. You can use it for free, but I prefer to pay $ 5 once every half a year, so as not to confirm my existence every month.
There are various online services for checking DNS, for example: IntoDNS , DNSsy . At least they help to avoid stupid mistakes.

Thank you very much for sharing this information, I'm new to this field and something new I learned. For a complete DNS check, you can also use this tool https://dnschecker.org/domain-health-checker.php . Compared to other online tools, it provides you a complete report of DNS health check, MX record check, Mail(MX) record blacklist check, domain IP blacklist check, DMARC check, SMTP check for mail records and SPF records check . And also provide other SEO tools as well.