If you are running PowerDNS authoritative Server 4.0.x (shipped with Debian Stretch), you might get warnings about EDNS compliance for preparation on DNS flag day – Here's how to fix it :-)
The ISC blog states, that PowerDNS authoritative server since Version 4.1 is fully compliant.
Version 4.0 is prone to minor problems with EDNS compliance when run in default config – or "in some corner cases" as ISC says:
PowerDNS recursor 4.2 (to be released soon) will be the first one to no longer accommodate non-compliance.
On the authoritative side, PowerDNS 4.1 is fully compliant; 4.0 has some corner cases that ednscomp notices but that are not a problem in practice – disabling caching removes those edge cases.
By default, PowerDNS uses a packet cache which improves performance, when answering to identical questions.
Unfortunately, it breaks EDNS compliance. If you have not that much queries and a backend, which is respodning fast enough you might want to disable that packet cache in your
pdns.conf, which defaults to a TTL of 20 seconds if not explicitly configured.
To disable that cache add the following directive to your
cache-ttl=0Yes, that's all. Then reload your PDNS service to apply your changes.
Disabling the PacketCache might lead to degraded performance on servers with heavy load and/or slow backends.
I did not notice any performance penalties, but if you do on your system, you might want to leave that cache enabled.
As ISC says, this bug is not a big problem and should not affect name resolution at all.
If that's not an option either, you might want to switch to PowerDNS >= 4.1 (i.e. by using PowerDNS' repositories) and fix that bug with an upgrade ;-)