feat: forward guest DNS to Docker's embedded resolver

[alimx07]

Description

On Docker user custom networks the DNS resolver (127.0.0.11) is loopback only and unreachable by the unikernel guest. Detect this case per container, expose the resolver via a virtual resolver IP (Last Subnet IP) using tc redirects between the tap and lo + a PREROUTING DNAT (for DNS server ports), and rewrite the guest's resolv.conf to point at that IP in our unikernel is linux one.

Three TC rules added on tap and lo:

• Tap : Pass ARP requests on resolvIP into host
• Tap : Redirect packets to resolvIP into lo
• Lo : Redirect packets with src=ResolvIP into Tap

Related issues

• Related DNS issues in user-defined docker networks #575

How was this tested?

Tested in user custom docker network with urunc container u1 and normal one u2:

u1 lookup on github.com

/ # nslookup github.com
Server:		172.24.255.254
Address:	172.24.255.254:53

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.3

u1 lookup on u2

/ # nslookup u2.
Server:		172.24.255.254
Address:	172.24.255.254:53

Non-authoritative answer:

Non-authoritative answer:
Name:	u2
Address: 172.24.0.3

u2 lookup on u1

Server:		127.0.0.11
Address:	127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name:	u1
Address: 172.24.0.2

LLM usage

Checklist

• I have read the contribution guide.
• The linter passes locally (make lint).
• The e2e tests of at least one tool pass locally (make test_ctr, make test_nerdctl, make test_docker, make test_crictl).
• If LLMs were used: I have read the llm policy.

[netlify]

✅ Deploy Preview for urunc ready!

Name	Link
🔨 Latest commit	a743f29
🔍 Latest deploy log	https://app.netlify.com/projects/urunc/deploys/6a40d0f1510b05000819b3b7
😎 Deploy Preview	https://deploy-preview-793--urunc.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.