Note: We’ve gotten feedback from a number of hosting providers that this email should have included a list of affected domain names. Agreed, and sorry about that! We’ve filed a couple of Boulder issues to improve our mailing process. However, rather than rush out those changes, I’m just going to post the list of affected domains. You can cross-reference this with the list of domains that you serve with a simple grep command:
fgrep --line-regexp --file servfail-list-other.txt YOUR_DOMAIN_LIST.txt
fgrep --line-regexp --file servfail-list-namebright.txt YOUR_DOMAIN_LIST.txt
Note that I’ve divided these into two lists: One for domains that use Namebright as their DNS provider, and one for the rest of the affected domains. This is because Namebright domains make up by far the largest share, at 30%, and if we can get in touch with Namebright and help them fix their nameservers, we will fix the issue with many of these domains at once. Also note that both lists contain only public data. The list of domains that Let’s Encrypt has issued certificates for is available in Certificate Transparency logs, and their CAA SERVFAIL status can be easily queried against public nameservers.
servfail-list-namebright.txt (95.2 KB)
servfail-list-other.txt (239.6 KB)
If you’d like to check any given domain name, please try unboundtest.com, a site I recently set up for this purpose.