When an OCSP request with an unknown CA is sent to EJBCA, we use the "default responder", which can be a CA or an OCSP key binding.
In OCSP key bindings, you can specify if non-existing certificates should receive special handling, instead of returning unknown. You can configure Good, Revoked or Unauthorized to be returned.
This setting is ignored when an unknown CA is sent.
Implement handling of this option for the default responder (except non-existing is good, which does not make sense in this case).