I wish to identify the process that is making DNS requests. Looking at the query gives me a clue, but doesn't help me identify the exact process.
I can see the local port number in Wireshark, but the request is too transient to be picked up by TCPView.
Is there a logging tool which will catch DNS requests and PID?
Process Monitor from Sysinternals will give you what you want. Limit the capture to just network activity and you'll see the activity along with the PID and process name. The operation will be <strong>UDP Send</strong> and the path will read something like this: pc-host-name:port -> dns-server:domain (note ":domain" indicates port 53 for dns). The process name and pid will be on the left.
At first I was going to recommend using Netmon 3.4 (from Microsoft) as this will show the process name and pid (pid needs to be added as a column). However, this seemed to have trouble for me as most of the traffic was not tagged with with the process name/pid. I'm not sure why this was the case but it may work for you.