I also just discovered dnsflagday.net, ran edsncomp against my zone on stretch pdns-server 4.0.3-1+deb9u2 and it complained about "edns1=noerror,badversion,soa" (https://ednscomp.isc.org/ednscomp/1fa3f65433). Not fatal for dnsflagday apparently, but still failures. So I pinned https://repo.powerdns.com/ to get pdns-server 4.1.5-1pdns.stretch and now it passes ( https://ednscomp.isc.org/ednscomp/15a52244dd) - didn't even have to change anything in pdns.conf. If at all possible, consider backporting to 4.0 whatever patches fixed edns compliance in 4.1?
> To get a clean slate on 4.0, you need to disable the packet cache. How do you disable it exactly? I also found https://github.com/PowerDNS/pdns/issues/6806 saying this but it doesn't mention a setting. I tried disable-packetcache per https://doc.powerdns.com/md/recursor/settings/#disable-packetcache but it seems to be a recursor setting, not authoritative. I couldn't find a packet cache setting on https://doc.powerdns.com/md/authoritative/settings/ or https://doc.powerdns.com/md/authoritative/performance/#packet-cache other than cache-ttl/max-cache-entries. (I'm using a bind backend, in case it matters.)
