QUIC reporting MISCONFIGURED on long-term running node

My node has been in place for years happily making me some STROJ tokens, but over the last few days I have been seeing lots of UP/DOWN emails and my QUIC is now reporting MISCONFIGURED.

• Router forwarding rules are still in place (TCP & UDP)
• Verified Port is open with Open Port Check Tool - Test Port Forwarding on Your Router
• Confirmed my domain is still being resolved by my provider (asuscomm.com)

The only thing that seems abnormal is are my /app/identity keys & sizes based on a prior post I read, could it be due to the age of my node that the certs expired? Do I need to generate new ones?

sudo docker exec -it storagenode ls -l /app/identity
total 24
-rw-r--r-- 1 1000 1000  558 Apr 11  2021 ca.1618101406.cert
-rw-r--r-- 1 1000 1000 1088 Apr 11  2021 ca.cert
-rw------- 1 1000 1000  241 Apr 10  2021 ca.key
-rw-r--r-- 1 1000 1000 1100 Apr 11  2021 identity.1618101406.cert
-rw-r--r-- 1 1000 1000 1630 Apr 11  2021 identity.cert
-rw------- 1 1000 1000  241 Apr 10  2021 identity.key

Lastly - I noticed my node is running v1.122.1 and the pop-up is reporting this as the minimum version - Watchtower last found an update on 10/8 is this correct?

In complete transparency, I upgraded my Ubuntu release a few weeks ago, but I don’t believe that upgrade was related.

No. If you would do so, it would be basically a quickest way to destroy your node.

None of your upgrades are related to the QUIC misconfigured. Just make sure that the 28967 UDP port is allowed in your firewall(s).

I wonder if it’s an ISP issue as I’ve seen it flipping between OK and MISCONFIGURED throughout the day…

Rather than using the ASUS provided DNS, I have dusted off an old No-IP address and would like to give this a shot for a while - is there an easy command to just update the DNS in the config?

docker update -e ADDRESS="parehouse.ddns.net:28967" storagenode

Asus router? Hmm… disable DDoS Prevention in the Firewall tab, disable AiProtection… check if you have double NAT situation in your LAN.

I had DDoS disabled, but have been running with AiProtection enabled in the past, removed it for now to ensure it’s unrelated.
Considering I am both the Asus Address fail while the NO-IP runs to success I think this is an issue with the DNS resolution - getting it updated is the next step for sure.

Depending on what else your node is running you can try disabling IPv6 (if enabled) and see if you get a stable QUIC status.

This appears to be the fix - moving from the ASUSCOMM.COM DNS provider to a DDNS.NET address has given me stability. I am still monitoring the old asuscomm.com DNS, and this URL (to the web interface) has been reporting up and down multiple times over the last few hours while the other DNS continues to report 100% uptime.

Solution - Avoid the Asus provided asuscomm.com Dynamic DNS service, it doesn’t appear to be a service they consider critical to their solution stack. Follow the docs and use a more traditional dynamic DNS provider. In may case I was able to use noip.com and a docker to keep me in a pattern I am comfortable in.

Circling back on this one to confirm the theory that the ASUS DDNS service is garbage, below is the uptime report for the last 7 days, while asuscomm.com experienced multiple outages, the ddns.net address had no outages with the exception of me applying patches and working on my node.

image600×433 59.7 KB

Asus needs to focus on hardware. Their software barely holds with sap and twigs, and they still attempt to dabble in Internet services…… it’s significantly better to not offer the service that is outside of their competency anyway than to offer horseshit that casts bad shadow on the rest of the operations. If they want it so much — pay someone else. I’m sure noip would be happy to sell them bespoke ddns service for their customers.