Hello Okta Support,

We are intermittently encountering the following error while using Okta Verify with ID token validation in our backend service:

VerifierIssue: error sending request for url (https://xxxxxx.okta.com/oauth2/default/v1/keys)

Caused by:

0: client error (Connect)

1: dns error: failed to lookup address information: Name or service not known

2: failed to lookup address information: Name or service not known

This issue doesn't occur consistently — most of the time the request to fetch the JWKS from the endpoint works correctly, but occasionally it fails with the above DNS resolution error.

Additional context:

• We are using the id_token from Okta and verifying it on our backend.
• The endpoint being hit is https://xxxxxx.okta.com/oauth2/default/v1/keys.
• Our DNS and internet connectivity appear to be stable at the time of the error.
• The request is sent using a Rust-based backend service, which uses standard libraries for HTTP and DNS resolution.

Questions:

Is there any known intermittent issue or maintenance affecting the okta.com DNS resolution?

1. Is there a more stable or recommended way to cache the keys from the JWKS endpoint to reduce the frequency of such lookups?
2. Are there recommended timeout and retry configurations for this endpoint?

Looking forward to your guidance on resolving or mitigating this issue.

Thank you.