The technical implementation isn't finalized yet, however the process for node rewards will be something like:

• The node executes a shielded zero-knowledge transaction containing an unshielded payment address and the node's domain name or IP address which is valid for a certain time period.
• Once per block, a random XX% sampling is taken and those nodes are checked for being operational (a random block will be requested from each and verified against the longest chain).
• After a node is verified operational a non-shielded transaction will be sent to it.

There's going to be two-tiers of nodes; fully trusted and unverified. The difference with fully trusted nodes is that these nodes must have a valid TLS certificate. Getting a TLS certificate is free as long as the node has a domain name. These types of nodes will be awarded by unique root domain name (given that no IP addresses are duplicated).

Unverified nodes are nodes that do not have authentic TLS certificates and will be paid from a smaller allocation. There will be maximum limitations on how many unverified nodes can be awarded per network subnet to prevent abuse. Ultimately that threshhold will be decided by the DAO. I'd expect that a significant portion of this group would consist of botnets and such so the awards for these would be kept low.

For the most part the unverified nodes are the wild-wild west and incentivizing the fully trusted nodes is the goal.