Why is my Windows desktop using a DNS Server on localhost?

First, no, this is not default Windows behavior. Windows client operating systems do not ship with a DNS server. (Windows Server-based operating systems do, but not desktop/client OSes.)

Second, yes, you probably want to find out what service is listening on that port and take a much closer look at it. Step one is to run netstat -a -b from a command prompt or Powershell. This will list all of the current open connections and listening ports, and the applications associated with them. This should allow you to figure out which application or service is listening on UDP 53.

The fact that its running its own DNS server is not necessarily an indication of malware, but it certainly could be malware, so I wouldn't ignore it and would want to investigate it to understand it better.


It may be a Windows service called 'Internet Connection Sharing', which 'includes a local DNS resolver', as the Wikipedia article states. I have identified that this was the case for me by following Xander's answer.