Enhancing the Certificate Check process for Secure Node Tracking System
Updated Jan. 17th 2019 – The new Secure Node tracker version includes improvements to further verify node configuration. We expect to see a decrease in node count for Secure Nodes that are not properly configured. If your node dropped and not receiving payment, please confirm it is properly configured. Should you believe this is an error, please submit a ticket via ZenHelp.
The Secure Node certificate check process (certcheck) was updated to match Super Node logic.
Updated Jan. 17th 2019 – The new Secure Node tracker version includes improvements to further verify node configuration. We expect to see a decrease in node count for Secure Nodes that are not properly configured. If your node dropped and not receiving payment, please confirm it is properly configured. Should you believe this is an error, please submit a ticket via ZenHelp.
The Secure Node certificate check process (certcheck) was updated to match Super Node logic.
Currently for Secure Nodes, if the tracking server cannot establish a TLS connection to zen running on a node, it will check TLS peer connections from other nodes to see if they have a connection to the first node.
On Super Nodes, there is no fall back to check peer connections to the target node. Instead, the tracking server performs a handshake with zend after establishing the connection and checks the data returned.
In order for this to work for Secure Nodes the following must be in place
- No maxconnections set in zen.conf. The Tracking Server must be able to establish a connection.
- The port and IP address must be set in zen.conf. Only one IPv4 or IPv6 is required, but it is suggested to have both to help the network.
- The Nodetracker must establish the outgoing connection to the tracking servers from the same IP address specified in zen.conf
- A DNS record has to be in place, either IPv4 or IPv6, for the same IP as in zen.conf
- Nodetracker version must be 0.3.1 or above
Notices have been sent out to all node operators explaining how to update from older versions to v0.3.1. Older versions will no longer be eligible for earnings starting on December 18th, 2018.
On or about December 19th, the TLS peer checking fall back method will be disabled and the direct handshake method will be enabled.
A drop in node count is expected. Some of these will be due to misconfiguration. It is also suspected there may also be a small percentage of node operators who have figured out how to exploit the tracking system by running multiple trackers against one instance of zend. The new method should detect most of these situations and create Exceptions for those nodes.
Guides are available depending on how your node was set up:
Tracker update guide
Tracker update guide for Legacy (PM2 or monit)
