In the settings of my computer system, the DNS Server is set on the loopback (127.0.0.1 dns), why is my windows desktop using a DNS server as localhost?

413    Asked by Amitraj in SQL Server , Asked on Jan 3, 2022

Should I be concerned that my windows desktop is using a DNS server as a localhost? Is it due to the presence of malware? Is it due to the default windows? 

My research of the related problem increased my understanding of the topic via these lines - The Domain Name System (DNS) Server is a server that is specifically used for matching website hostnames (like example.com)to their corresponding Internet Protocol or IP addresses. The DNS server contains a database of public IP addresses and their corresponding domain names.

Answered by ananya Pawar

First, no, this is not default Windows behavior. Windows client operating systems do not ship with a 127.0.0.1 DNS server. (Windows Server-based operating systems do, but not desktop/client OSes.)


Second, yes, you probably want to find out what service is listening on that port and take a much closer look at it. Step one is to run netstat -a -b from a command prompt or Powershell. This will list all of the current open connections and listening ports, and the applications associated with them. This should allow you to figure out which application or service is listening on UDP 53. The fact that it's running its own DNS server is not necessarily an indication of malware, but it certainly could be malware, so I wouldn't ignore it and would want to investigate it to understand it better.



Your Answer

Interviews

Parent Categories