;; ANSWER SECTION:
ocsp.apple.com. 3593 IN CNAME ocsp-lb.apple.com.akadns.net.
ocsp-lb.apple.com.akadns.net. 53 IN CNAME ocsp.g.aaplimg.com.
ocsp.g.aaplimg.com. 8 IN A 17.253.21.201
ocsp.g.aaplimg.com. 8 IN A 17.253.119.201
"ocsp-lb.apple.com.akadns.net" is an entry indicating DNS based load balancing, done by Akamai.
Even with lots of redundancy, there are still lots of ways all that can fall over. You can have a batch of servers that soft-fail: they're not responding to real queries but the load balancer thinks they're healthy.
dig ocsp.apple.com reports:
"ocsp-lb.apple.com.akadns.net" is an entry indicating DNS based load balancing, done by Akamai.
Even with lots of redundancy, there are still lots of ways all that can fall over. You can have a batch of servers that soft-fail: they're not responding to real queries but the load balancer thinks they're healthy.