That's all very nice, but it seems to do more with the fact that each person gets his/her own subdomain. And given that I found three xss's in about five minutes [edit: and then like ten more in the next five seconds, after realizing any input box works] doesn't give me confidence in their abilities.<p><a href="http://www.pinkbike.com/news/search/?q=%3C%2Ftitle%3E%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E&x=0&y=0" rel="nofollow">http://www.pinkbike.com/news/search/?q=%3C%2Ftitle%3E%3Cscri...</a><p><a href="http://www.pinkbike.com/product/compare/?items=466,%22%3E%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E" rel="nofollow">http://www.pinkbike.com/product/compare/?items=466,%22%3E%3C...</a><p><a href="http://www.pinkbike.com/photo/list/?date=all&text=%3C/title%3E%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E" rel="nofollow">http://www.pinkbike.com/photo/list/?date=all&text=%3C/ti...</a><p><a href="http://www.pinkbike.com/buysell/list/?q=%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E&category=0&pmin=&pmax=&region=3" rel="nofollow">http://www.pinkbike.com/buysell/list/?q=%3Cscript%3Ealert%28...</a><p><a href="http://www.pinkbike.com/forum/search/?q=%3C/title%3E%3Cscript%3Ealert%28%22xss%22%29%3B%3C%2Fscript%3E" rel="nofollow">http://www.pinkbike.com/forum/search/?q=%3C/title%3E%3Cscrip...</a><p>Edit: I've stopped adding xss's. It's actually harder to find input boxes which <i>don't</i> lead to xss's than ones which do.
Summary (he really should have said this part upfront):<p>He is (ab)using subdomains, by giving every user a different subdomain on his site. So a typical page can have links to hundreds of different subdomains on the page.<p>For a normal site disabling prefetching is not necessary or a good idea.<p>This article should be renamed: "Why using hundreds of unique subdomains is not a good idea." Besides all the DNS queries, you are also messing with caches.<p>I don't know anything about his site, but I don't see any reason that every user needs a unique subdomain.
The real issue is that the cost per query is negligible here and DNS providers shouldn't charge by the query yet almost <i>all</i> of them do. They have to have some metric to separate the big guys from the little guys and charge the big guys more, but this is a crude way to do it.<p>Consider that publishers often have little control of how many DNS requests they get, so to charge for something out of your control seems utterly bizarre to me. Nice to see in this instance, publisher was able to make a meaningful improvement.<p>Also keep in mind, I used to run the largest free DNS service in the world so I'm well aware of what I'm talking about and am totally biased on these matters. :-)
I'm surprised the article doesn't actually tell you the meta http-equiv to disable DNS prefetching. It mentions that it helped out tremendously, though. Here it is:<p><meta http-equiv="x-dns-prefetch-control" content="off" /><p>or, if you're more into HTML5:<p><meta http-equiv="x-dns-prefetch-control" content="off">
Before everyone goes rushing off to disable DNS prefetching, remember that DNS prefetching is generally a good thing that exists to make websites faster. And the faster your site is the more pageviews you can expect. Faster sites also have a lower bounce rate and better pagerank from Google.
This implies that providers are either severely limiting their caches, or expiring in a shorter than posted TTL. Even though pinkbike looks like it has thousands of users, one would expect the front pages to be largely identical for most user sessions, so the ISP dns caches should already have most of those username.domain.com records cached. Either that or the ISP's DNS servers are more numerous and distributed, with fewer customers each, or something like that.<p>Anybody at an ISP that can fill us in on DNS TTL mangling or cache limiting?
I am actually rather shocked that people are being charged extra for DNS - surely the answer is to get any sort of cheap VPS and put DNS on that box? Then again, why are you depending for all aspects of your site's working at all, on a service which costs $2/month?<p>Even a 128MB RAM VPS could comfortably handle a huge number of requests.
Create an A Record for your highest queried subdomain.
Those will be cached and eventually decrease the number of queries. Depending on the number of subdomain you can create and remove it on signup and cancellation.