Port 53: What's Using It and Is It Safe to Kill?

Port 53 is DNS. Here's what a listener on it actually means on a Mac, whether it's safe to stop, and how to check what owns it.

Port 53 is DNS, the service that turns domain names into IP addresses. Your Mac sends DNS queries constantly, but that’s outbound traffic. A process actually listening on port 53 is less common than you might expect, and on a stock Mac there usually isn’t one.

What typically listens on port 53

On a default macOS install, nothing listens on 53. DNS resolution is handled by mDNSResponder, the system resolver, but it sends outbound queries and listens on port 5353 for multicast DNS (Bonjour), not on 53. A listener on port 53 shows up when something acts as a local DNS server:

  • dnsmasq: A lightweight local DNS and DHCP server developers install (often via Homebrew) for custom local domains.
  • Docker and VPNs: Docker Desktop and some VPN clients run a local resolver on 53.
  • Internet Sharing: Turning on macOS Internet Sharing makes mDNSResponder act as a DNS proxy for the shared clients, and only then does it bind 53.

DNS uses both UDP and TCP on 53, with UDP handling most queries.

Is it safe to kill?

It depends on the owner. If the listener is dnsmasq, Docker, or another tool you installed, stopping that tool cleanly is fine:

sudo brew services stop dnsmasq

If lsof shows mDNSResponder, that means Internet Sharing is on. Don’t kill it; it’s a core service that launchd restarts, and force-killing it disrupts name resolution. Turn off Internet Sharing instead, in System Settings > General > Sharing > Internet Sharing.

Is it suspicious?

A local resolver you set up is expected. An unfamiliar process listening on 53 is worth checking, since DNS interception is a technique used to redirect traffic. Confirm the owning process name before doing anything; if it’s a tool you installed or Internet Sharing you enabled, it’s benign.

How to find what’s on port 53 on macOS

sudo lsof -i :53

The sudo matters because DNS processes can run as root and won’t show otherwise. The COMMAND column tells you whether it’s dnsmasq, Docker, or mDNSResponder.

Portie shows port 53 with its owning process in its live view, so you can tell at a glance what is actually handling DNS on your Mac.

Common questions

What is using port 53 on my Mac?

On a stock Mac, usually nothing listens on port 53. macOS resolves DNS through mDNSResponder, which sends outbound queries and listens on 5353 for Bonjour, not on 53. A listener on 53 means a local resolver you added (dnsmasq, Docker, a VPN) or Internet Sharing is on. Run sudo lsof -i :53 to check.

Is it safe to kill the process on port 53?

If a tool you installed (dnsmasq, Docker) owns it, stopping that tool is fine. If it's mDNSResponder acting as a DNS proxy because Internet Sharing is on, don't kill it; turn Internet Sharing off instead, since launchd just restarts the service.

Why would port 53 be open?

Your Mac makes outbound DNS queries constantly, but a listener on 53 is not the default. It appears when something acts as a local DNS server: dnsmasq, Docker Desktop, a VPN client, or macOS Internet Sharing.

Try Portie Free

See every open port on your Mac, which app owns it, and kill processes from the list.

Download Free
← Back to all ports