How to best to do OCSP validation with DNS RR of OCSP url

We currently have OCSP configured in our LTM, and it's been working for a few weeks. We have one "responder" listed, which points to a DNS pool of 8 (identically configured) individual responders. Last night we had an issue where nobody could log into our virtual server because of an OCSP issue. We had to disable the authentication profile on our virtual server.

 

So now I'm wondering if we did this correctly.

 

1) Should I create 8 individual responder objects, and link them into the authentication profile? How will the F5 deal with an unavailable/down responder?

 

2) Should I create my own OCSP VIP, and create a pool with some sort of monitor?

 

3) Anything else? I guess I could use APM, which we aren't yet. Will that help any?