Hi Maxim, I'm not really familiar with NGINX source code or with the C language for that matter, so could you please provide more detail on why does NGING require a non-blocking DNS resolver? Couldn't it rely on child processes or threads to not block?by hablutzel1 - Nginx Mailing List - English
Hi, while testing the latest NGINX source code around ~1.21.7, I’ve observed that enabling "ssl_stapling" without configuring a “resolver”, makes NGINX cache the OCSP responder IP indefinitely, so, if the CA later changes the OCSP responder IP, NGINX is still going to try to get OCSP queries from the old IP (possibly inoperative now), irrespective of the DNS record TTL. Now, I'mby hablutzel1 - Nginx Mailing List - English