diff --git a/bad-key-revoker_main.patch b/bad-key-revoker_main.patch
index b4c6ee6..9795b52 100644
--- a/bad-key-revoker_main.patch
+++ b/bad-key-revoker_main.patch
@@ -1,16 +1,16 @@
 diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
-index a78efee19..1c08b7035 100644
+index 2d6d17f16..e09948cfc 100644
 --- a/cmd/bad-key-revoker/main.go
 +++ b/cmd/bad-key-revoker/main.go
-@@ -14,6 +14,7 @@ import (
- 	"time"
+@@ -15,6 +15,7 @@ import (
  
  	"github.com/honeycombio/beeline-go"
+ 	"github.com/jmhodges/clock"
 +	"github.com/letsencrypt/boulder/bdns"
  	"github.com/letsencrypt/boulder/cmd"
  	"github.com/letsencrypt/boulder/core"
  	"github.com/letsencrypt/boulder/db"
-@@ -345,6 +346,9 @@ func main() {
+@@ -348,6 +349,9 @@ func main() {
  			TLS       cmd.TLSConfig
  			RAService *cmd.GRPCClientConfig
  
@@ -20,7 +20,7 @@ index a78efee19..1c08b7035 100644
  			// MaximumRevocations specifies the maximum number of certificates associated with
  			// a key hash that bad-key-revoker will attempt to revoke. If the number of certificates
  			// is higher than MaximumRevocations bad-key-revoker will error out and refuse to
-@@ -372,6 +376,12 @@ func main() {
+@@ -375,6 +379,12 @@ func main() {
  
  		Syslog  cmd.SyslogConfig
  		Beeline cmd.BeelineConfig
@@ -33,7 +33,7 @@ index a78efee19..1c08b7035 100644
  	}
  	configPath := flag.String("config", "", "File path to the configuration file for this service")
  	flag.Parse()
-@@ -417,6 +427,30 @@ func main() {
+@@ -424,6 +434,32 @@ func main() {
  	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
  	rac := rapb.NewRegistrationAuthorityClient(conn)
  
@@ -47,24 +47,26 @@ index a78efee19..1c08b7035 100644
 +	if len(config.Common.DNSResolver) != 0 {
 +		config.BadKeyRevoker.DNSResolvers = append(config.BadKeyRevoker.DNSResolvers, config.Common.DNSResolver)
 +	}
++	servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers)
++	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
 +	if !config.Common.DNSAllowLoopbackAddresses {
 +		r := bdns.New(
 +			dnsTimeout,
-+			bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers),
++			servers,
 +			scope,
 +			clk,
 +			dnsTries,
 +			logger)
 +		resolver = r
 +	} else {
-+		r := bdns.NewTest(dnsTimeout, bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers), scope, clk, dnsTries, logger)
++		r := bdns.NewTest(dnsTimeout, servers, scope, clk, dnsTries, logger)
 +		resolver = r
 +	}
 +
  	var smtpRoots *x509.CertPool
  	if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
  		pem, err := ioutil.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
-@@ -438,6 +472,7 @@ func main() {
+@@ -445,6 +481,7 @@ func main() {
  		config.BadKeyRevoker.Mailer.Username,
  		smtpPassword,
  		smtpRoots,
diff --git a/core_interfaces.patch b/core_interfaces.patch
index 7fab6b9..e529adc 100644
--- a/core_interfaces.patch
+++ b/core_interfaces.patch
@@ -1,8 +1,8 @@
 diff --git a/core/interfaces.go b/core/interfaces.go
-index edbf531fa..1de27cc82 100644
+index 4e03131cb..43468ca3b 100644
 --- a/core/interfaces.go
 +++ b/core/interfaces.go
-@@ -96,6 +96,7 @@ type PolicyAuthority interface {
+@@ -94,6 +94,7 @@ type PolicyAuthority interface {
  	WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
  	ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
  	ChallengeTypeEnabled(t AcmeChallenge) bool
diff --git a/docker-compose.patch b/docker-compose.patch
index 2fe0737..2bd7a87 100644
--- a/docker-compose.patch
+++ b/docker-compose.patch
@@ -1,9 +1,9 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index ec5150a2a..ea23aa838 100644
+index 713667d60..0a384c8ab 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
 @@ -4,10 +4,11 @@ services:
-     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.5_2021-06-11}
+     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.6_2021-07-12}
      environment:
        FAKE_DNS: 10.77.77.77
 -      BOULDER_CONFIG_DIR: test/config
diff --git a/expiration-mailer_main.patch b/expiration-mailer_main.patch
index 3ed6803..0834469 100644
--- a/expiration-mailer_main.patch
+++ b/expiration-mailer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
-index 95c8a035..2ff70d7d 100644
+index 9f56157dd..8cc77676c 100644
 --- a/cmd/expiration-mailer/main.go
 +++ b/cmd/expiration-mailer/main.go
 @@ -20,6 +20,7 @@ import (
@@ -42,7 +42,7 @@ index 95c8a035..2ff70d7d 100644
  }
  
  func initStats(stats prometheus.Registerer) mailerStats {
-@@ -507,6 +517,30 @@ func main() {
+@@ -510,6 +520,32 @@ func main() {
  	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
  	sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn))
  
@@ -56,24 +56,26 @@ index 95c8a035..2ff70d7d 100644
 +	if len(c.Common.DNSResolver) != 0 {
 +		c.Mailer.DNSResolvers = append(c.Mailer.DNSResolvers, c.Common.DNSResolver)
 +	}
++	servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
++	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
 +	if !c.Common.DNSAllowLoopbackAddresses {
 +		r := bdns.New(
 +			dnsTimeout,
-+			bdns.NewStaticProvider(c.Mailer.DNSResolvers),
++			servers,
 +			scope,
 +			clk,
 +			dnsTries,
 +			logger)
 +		resolver = r
 +	} else {
-+		r := bdns.NewTest(dnsTimeout, bdns.NewStaticProvider(c.Mailer.DNSResolvers), scope, clk, dnsTries, logger)
++		r := bdns.NewTest(dnsTimeout, servers, scope, clk, dnsTries, logger)
 +		resolver = r
 +	}
 +
  	var smtpRoots *x509.CertPool
  	if c.Mailer.SMTPTrustedRootFile != "" {
  		pem, err := ioutil.ReadFile(c.Mailer.SMTPTrustedRootFile)
-@@ -542,6 +576,7 @@ func main() {
+@@ -545,6 +581,7 @@ func main() {
  		c.Mailer.Username,
  		smtpPassword,
  		smtpRoots,
diff --git a/install b/install
index e39c8e1..db5d3fa 100755
--- a/install
+++ b/install
@@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5"
 
 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2021-07-12"
+boulderTag="release-2021-08-02"
 
 #
 # Color configuration
diff --git a/mail-tester.go b/mail-tester.go
index 4d2e605..3658f21 100644
--- a/mail-tester.go
+++ b/mail-tester.go
@@ -83,17 +83,19 @@ func main() {
 	if len(c.Common.DNSResolver) != 0 {
 		c.Mailer.DNSResolvers = append(c.Mailer.DNSResolvers, c.Common.DNSResolver)
 	}
+	servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
+	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
 	if !c.Common.DNSAllowLoopbackAddresses {
 		r := bdns.New(
 			dnsTimeout,
-			bdns.NewStaticProvider(c.Mailer.DNSResolvers),
+			servers,
 			scope,
 			clk,
 			dnsTries,
 			logger)
 		resolver = r
 	} else {
-		r := bdns.NewTest(dnsTimeout, bdns.NewStaticProvider(c.Mailer.DNSResolvers), scope, clk, dnsTries, logger)
+		r := bdns.NewTest(dnsTimeout, servers, scope, clk, dnsTries, logger)
 		resolver = r
 	}