diff --git a/src/setup.ts b/src/setup.ts
index ca44f3a..acf6253 100644
--- a/src/setup.ts
+++ b/src/setup.ts
@@ -68,7 +68,7 @@ export async function runSetup() {
       execFileSync("truncate", ["-s", "256M", CONFIG.baseRootfs], {
         stdio: "pipe",
       });
-      execFileSync("sudo", ["/usr/sbin/mkfs.ext4", "-q", CONFIG.baseRootfs], {
+      execFileSync("sudo", ["mkfs.ext4", "-q", CONFIG.baseRootfs], {
         stdio: "pipe",
       });
       execFileSync("sudo", ["mount", CONFIG.baseRootfs, ext4Mount], {
@@ -78,9 +78,9 @@ export async function runSetup() {
         stdio: "pipe",
       });
 
-      // DNS
+      // DNS — copy host resolv.conf for chroot package install, then set static
       execSync(
-        `echo "nameserver 8.8.8.8" | sudo tee ${ext4Mount}/etc/resolv.conf > /dev/null`
+        `sudo cp /etc/resolv.conf ${ext4Mount}/etc/resolv.conf`
       );
 
       // Inittab for serial console
@@ -112,7 +112,12 @@ EOF`);
          "rc-update add sshd default && ssh-keygen -A && " +
          "echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config && " +
          "mkdir -p /run/openrc && touch /run/openrc/softlevel"],
-        { stdio: "pipe", timeout: 120_000 }
+        { stdio: "inherit", timeout: 120_000 }
+      );
+
+      // Set static DNS for runtime (replace host resolv.conf used during install)
+      execSync(
+        `echo "nameserver 8.8.8.8" | sudo tee ${ext4Mount}/etc/resolv.conf > /dev/null`
       );
 
       // Networking init script