How to use multiple root-hints files to recursively resolve different zones?

[Danny Bautista]

I have unbound set up to do recursive domain name resolution using the 
internic.net root-hints file, but I would also like to be able to 
recursively resolve OpenNIC domain names using the hints for OpenNIC. 
I'm using the config below, and whenever I try to lookup opennic.glue, 
it just tries the regular nameservers rather than the ones specified in 
the "glue" auth-zone root-hints file (and fails, of course). What am I 
doing wrong? Is auth-zone even the right approach?


server:
   interface: 127.0.0.1
   interface: ::1
   chroot: ""
   use-syslog: yes
   do-daemonize: no
   username: "unbound"
   directory: "/etc/unbound"
   tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
   root-hints: root.hints
   trust-anchor-file: trusted-key.key
   log-servfail: yes

auth-zone:
   name: "glue"
   #master: 75.127.96.89
   zonefile: "/etc/unbound/opennic.hints"
   for-downstream: no
   for-upstream:yes
   fallback-enabled: yes

remote-control:
     control-enable: yes
     control-interface: 127.0.0.1
     control-port: 8953
     server-key-file: "/etc/unbound/unbound_server.key"
     server-cert-file: "/etc/unbound/unbound_server.pem"
     control-key-file: "/etc/unbound/unbound_control.key"
     control-cert-file: "/etc/unbound/unbound_control.pem"