fix: install netavark + aardvark-dns for container DNS resolution

Fresh ISO installs use podman with CNI backend which lacks DNS.
Containers on archy-net can't resolve each other by name, causing:
- LND: "lookup bitcoin-knots: no such host"
- Any inter-container communication to fail

Fix: copy netavark + aardvark-dns from build host into ISO rootfs
and configure podman to use netavark backend. This enables automatic
DNS resolution on custom bridge networks (archy-net).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

image-recipe/build-auto-installer-iso.sh

@@ -1786,6 +1786,26 @@ insecure = true
 REGCONF
 chown -R 1000:1000 /mnt/target/home/archipelago/.config
 
+# Install netavark + aardvark-dns for container DNS resolution on archy-net.
+# Debian 12's podman defaults to CNI which lacks DNS. Netavark provides built-in DNS.
+if [ -f /usr/lib/podman/netavark ] && [ -f /usr/lib/podman/aardvark-dns ]; then
+    mkdir -p /mnt/target/usr/lib/podman
+    cp /usr/lib/podman/netavark /mnt/target/usr/lib/podman/netavark
+    cp /usr/lib/podman/aardvark-dns /mnt/target/usr/lib/podman/aardvark-dns
+    chmod +x /mnt/target/usr/lib/podman/netavark /mnt/target/usr/lib/podman/aardvark-dns
+    # Configure podman to use netavark backend (enables container DNS)
+    mkdir -p /mnt/target/home/archipelago/.config/containers
+    cat > /mnt/target/home/archipelago/.config/containers/containers.conf <<'CONTAINERSCONF'
+[network]
+network_backend = "netavark"
+CONTAINERSCONF
+    chown -R 1000:1000 /mnt/target/home/archipelago/.config/containers
+    echo "   Installed netavark + aardvark-dns (container DNS enabled)"
+else
+    echo "   WARNING: netavark/aardvark-dns not found on build host — container DNS will not work"
+    echo "   Install with: apt install aardvark-dns netavark"
+fi
+
 # Laptop support: ignore lid close so server keeps running
 mkdir -p /mnt/target/etc/systemd/logind.conf.d
 cat > /mnt/target/etc/systemd/logind.conf.d/lid-ignore.conf <<'LIDCONF'