1.7.3 - root zone transfer and resolving SLD of delegated TLD

[ѽ҉ᶬḳ℠ via Unbound-users]

Hi, as the root zone is supporting AXFR/IXFR and in order not only to mitigate the amount of upstream queries to authoritative servers and speed up lookups but also to enhance privacy for client queries I am facilitating queries for delegated TLDs via auth-zone:. What I am struggling with is name:, particularly understanding: pertaining to that part of the namespace. The authority zone with the name closest to the name looked up is used. With the root zone containing various delegated TLD namespaces (https://www.iana.org/domains/root/dB) I am not sure what name: is supposed to be in order to resolve SLD of a delegated TLD's? Tried name: .  and then ran dig from the cli, utilizing the local copy of the root zone (transfer worked and zonefile: is present), but the SLD of the delegated TLD does not resolve, e.g.: # dig bbc.com ; <<>> DiG 9.11.2-P1 <<>> bbc.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11708 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;bbc.com.                       IN      A ;; AUTHORITY SECTION: com.                    172800  IN      NS      i.gtld-servers.net. com.                    172800  IN      NS      j.gtld-servers.net. com.                    172800  IN      NS      k.gtld-servers.net. com.                    172800  IN      NS      l.gtld-servers.net. com.                    172800  IN      NS      m.gtld-servers.net. com.                    172800  IN      NS      a.gtld-servers.net. com.                    172800  IN      NS      b.gtld-servers.net. com.                    172800  IN      NS      c.gtld-servers.net. com.                    172800  IN      NS      d.gtld-servers.net. com.                    172800  IN      NS      e.gtld-servers.net. com.                    172800  IN      NS      f.gtld-servers.net. com.                    172800  IN      NS      g.gtld-servers.net. com.                    172800  IN      NS      h.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net.     172800  IN      A       192.5.6.30 a.gtld-servers.net.     172800  IN      AAAA    2001:503:a83e::2:30 b.gtld-servers.net.     172800  IN      A       192.33.14.30 b.gtld-servers.net.     172800  IN      AAAA    2001:503:231d::2:30 c.gtld-servers.net.     172800  IN      A       192.26.92.30 c.gtld-servers.net.     172800  IN      AAAA    2001:503:83eb::30 d.gtld-servers.net.     172800  IN      A       192.31.80.30 d.gtld-servers.net.     172800  IN      AAAA    2001:500:856e::30 e.gtld-servers.net.     172800  IN      A       192.12.94.30 e.gtld-servers.net.     172800  IN      AAAA    2001:502:1ca1::30 f.gtld-servers.net.     172800  IN      A       192.35.51.30 f.gtld-servers.net.     172800  IN      AAAA    2001:503:d414::30 g.gtld-servers.net.     172800  IN      A       192.42.93.30 g.gtld-servers.net.     172800  IN      AAAA    2001:503:eea3::30 h.gtld-servers.net.     172800  IN      A       192.54.112.30 h.gtld-servers.net.     172800  IN      AAAA    2001:502:8cc::30 i.gtld-servers.net.     172800  IN      A       192.43.172.30 i.gtld-servers.net.     172800  IN      AAAA    2001:503:39c1::30 j.gtld-servers.net.     172800  IN      A       192.48.79.30 j.gtld-servers.net.     172800  IN      AAAA    2001:502:7094::30 k.gtld-servers.net.     172800  IN      A       192.52.178.30 k.gtld-servers.net.     172800  IN      AAAA    2001:503:d2d::30 l.gtld-servers.net.     172800  IN      A       192.41.162.30 l.gtld-servers.net.     172800  IN      AAAA    2001:500:d937::30 m.gtld-servers.net.     172800  IN      A       192.55.83.30 m.gtld-servers.net.     172800  IN      AAAA    2001:501:b1f9::30 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Oct 27 22:01:57 CEST 2018 ;; MSG SIZE  rcvd: 832 The unbound log (verbose level 4) reports: info: auth_zone . query bbc.com. A, domain ns.amarshallinc.com. notexact notexist, ce com., rrset NS What am I missing? --- On another note - with root-hints already in place I was wondering whether the same file can be utilized for master:? It seems redundant having to state instead:   master: 198.41.0.4   master: 199.9.14.201   master: 192.33.4.12   master: 199.7.91.13   master: 192.203.230.10   master: 192.5.5.241   master: 192.112.36.4   master: 198.97.190.53   master: 192.36.148.17   master: 192.58.128.30   master: 193.0.14.129 Notwithstanding that whilst root-hints can be automatically updated periodically such does not work in the auth-zone, or does it and I just missed it?