I want to set OpenDMARC to support multiple domains and only show the header for the domain sending the email.
Adding more than one AuthservID doesn't do it. the header shows as
Authentication-Results: domain1.com; dmarc=none header.from=domain2.com
You are misunderstanding the syntax of the Authentication-Results: header.
The first field, in your case domain1.com, is essentially a site ID for the service that performed authentication verification. Different sites do this slightly differently, but it is not intended to correlate to the recipient domain. It is intended to identify who performed authentication validation. Yahoo, for example, puts specific hostnames in that field, such as mta1315.mail.gq1.yahoo.com. Google and Hotmail both just use more generic mx.google.com and hotmail.com identifiers respectively.
Refer to section 2.4 of RFC 7001 "Message Header Field for Indicating Message Authentication Status" (https://www.rfc-editor.org/rfc/rfc7001#page-13) for full details.
Only the SPF and DKIM identifiers - domain2.com in your example above - or each instance of agari.com in my example below:
Authentication-Results: mx.google.com; spf=pass (google.com: domain of chris@agari.com designates 2607:f8b0:400e:c03::22b as permitted sender) smtp.mail=chris@agari.com; dkim=pass header.i=@agari.com; dmarc=pass (p=REJECT dis=NONE) header.from=agari.com
relate to the recipient domain. Note that because our email is hosted with google apps, the identifier is mx.google.com, telling me who validated email authentication.
I would recommend configuring AuthservID to a value that represents either the machine that performed authentication, or perhaps an organizational name or identifier if appropriate for your site.
