Stopping OCSP certificate queries on Bind9
It seems like to me letsencrypt or self-signed certs was "somewhat" of an option for DoT with bind9 some years ago. However, my question is on a server that does not support DNSSEC where I'm using a cert from a trusted authority what configuration options are available in Bind9 to keep it from periodically throughout the day re-querying the DNS domain ip recursively up through the ocsp url. I do not mind it querying its own domain, but the ocsp url should not be hit. Is there an option like there was in NetApp where you can disable OCSP validation checks? I was think there was a way to do this when DNSSEC is available.
|