diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh
index c61b806c..de4d7d8e 100755
--- a/image-recipe/build-auto-installer-iso.sh
+++ b/image-recipe/build-auto-installer-iso.sh
@@ -1786,6 +1786,26 @@ insecure = true
 REGCONF
 chown -R 1000:1000 /mnt/target/home/archipelago/.config
 
+# Install netavark + aardvark-dns for container DNS resolution on archy-net.
+# Debian 12's podman defaults to CNI which lacks DNS. Netavark provides built-in DNS.
+if [ -f /usr/lib/podman/netavark ] && [ -f /usr/lib/podman/aardvark-dns ]; then
+    mkdir -p /mnt/target/usr/lib/podman
+    cp /usr/lib/podman/netavark /mnt/target/usr/lib/podman/netavark
+    cp /usr/lib/podman/aardvark-dns /mnt/target/usr/lib/podman/aardvark-dns
+    chmod +x /mnt/target/usr/lib/podman/netavark /mnt/target/usr/lib/podman/aardvark-dns
+    # Configure podman to use netavark backend (enables container DNS)
+    mkdir -p /mnt/target/home/archipelago/.config/containers
+    cat > /mnt/target/home/archipelago/.config/containers/containers.conf <<'CONTAINERSCONF'
+[network]
+network_backend = "netavark"
+CONTAINERSCONF
+    chown -R 1000:1000 /mnt/target/home/archipelago/.config/containers
+    echo "   Installed netavark + aardvark-dns (container DNS enabled)"
+else
+    echo "   WARNING: netavark/aardvark-dns not found on build host — container DNS will not work"
+    echo "   Install with: apt install aardvark-dns netavark"
+fi
+
 # Laptop support: ignore lid close so server keeps running
 mkdir -p /mnt/target/etc/systemd/logind.conf.d
 cat > /mnt/target/etc/systemd/logind.conf.d/lid-ignore.conf <<'LIDCONF'