I recently inherited a corporate network and one of the devices kept having errors connecting to mapped network drives with errors pertaining to the server time being different than the computer's time. This was not the case, but I found a form where people attributed that to using the wrong DNS server. I checked the DNS settings on the computer and to my surprise the DNS server was set to the loopback (127.0.0.1). I didn't realize windows computers had DNS servers installed on them.
First question, is this default windows behavior?
I used telnet to verify that there was actually a process accepting connections on 127.0.0.1:53 and it was.
Second question, should I be concerned about something like this from a malware perspective?