`platform start` fails on corporate networks due to hardcoded DNS (nameserver 1.1.1.1)

[rpnegro]

Pre-requisities

• I am using the newest version of the platform.

Describe the bug
agentstack platform start fails at the "Setting up internal networking" step with k3s: command not found (exit code 127). The root cause is that k3s was never actually installed because the DNS configuration step hardcodes nameserver 1.1.1.1 in /etc/resolv.conf, which is unreachable on corporate networks that only allow internal DNS servers. Since the k3s install command uses curl -sfL (silent + fail), the download failure is swallowed and the step reports [DONE] even though nothing was installed.

To Reproduce

1. Block access to port 53 from the hardcoded DNS or be on a corporate network that blocks external DNS (e.g., outbound port 53 to 1.1.1.1 / 8.8.8.8 is blocked)
2. Run agentstack platform delete
3. Run agentstack platform start
4. Installation fails at "Setting up internal networking" with /bin/bash: line 1: k3s: command not found

Expected behavior
The platform should either inherit DNS settings from the Windows host or allow users to specify custom DNS servers. The k3s installation step should fail loudly if the download doesn't succeed.

Logs / Screenshots / Code snippets

Installing k3s [DONE]
Installing Helm [DONE]
Detecting host IP address [DONE]
Setting up internal networking [ERROR]

Setting up internal networking
Command: ['wsl.exe', '--user', 'root', '--distribution', 'agentstack', '--', 'k3s', 'kubectl', 'apply', '-f', '-']
/bin/bash: line 1: k3s: command not found
Exit code: 127

Manual verification inside the distro confirms DNS is the issue:

# Ping works (connectivity is fine)
wsl -d agentstack --user root -- ping -c 2 1.1.1.1
# 2 packets transmitted, 2 received, 0% packet loss

# But DNS resolution hangs
wsl -d agentstack --user root -- getent hosts get.k3s.io
# (no output, hangs indefinitely)

# Replacing with corporate DNS fixes it
wsl -d agentstack --user root -- chattr -i /etc/resolv.conf
wsl -d agentstack --user root -- sh -c "echo 'nameserver <CORPORATE_DNS>' > /etc/resolv.conf"
wsl -d agentstack --user root -- getent hosts get.k3s.io
# (resolves successfully)

Set-up:

• Windows with WSL2
• Corporate network with internal DNS servers only

Additional context

• Workaround: After platform start creates the distro and fails, manually fix /etc/resolv.conf with your corporate DNS servers, install k3s by hand, then re-run agentstack platform start.
• Suggested fixes:
  • Inherit DNS from the Windows host (e.g., parse ipconfig /all)
  • Add a --dns CLI flag to agentstack platform start
  • Validate that k3s was actually installed before proceeding (check exit code of curl, not just which k3s)
• Compounding issue: If Rancher Desktop is installed, its binaries on the Windows PATH (/mnt/c/Program Files/Rancher Desktop/...) can cause which k3s and which helm to return hits inside the agentstack WSL distro, skipping installation entirely. This is a separate but related issue.