Cannot resolve Apple Container names on macOS from a VM (Fedora 43) running on Parallels Desktop

Environment:

• Tahoe 26.3
• Parallels Desktop 26 for Mac Pro Edition, version 26.2.2 (57373)
• Apple Container 0.9.0 (https://github.com/apple/container)

Overview:
Apple Container is running on macOS, and the following DNS configuration exists on macOS:

/etc/resolver/containerization.box
---
domain box
search box
nameserver 127.0.0.1
port 2053
---

This was created as follows:
$ sudo container system dns create box

Issue:
Container name resolution fails from the Parallels VM (Fedora 43).

$ resolvectl query pgsql17.box
pgsql17.box: resolve call failed: Query timed out

pgsql17.box is the Apple Container container name. It is reachable from macOS itself (e.g., ping pgsql17.box succeeds).

Investigation:
A packet capture on the VM showed that DNS responses are being received successfully; however, the source port does not appear to be translated correctly.

Below is the packet capture output when running resolvectl query pgsql17.box. Only A record exchanges are shown for clarity.

10.211.55.3 -- VM IP address
10.211.55.1 -- DNS server provided by Parallels

(1) 13:06:51.514627 IP 10.211.55.3.60116 > 10.211.55.1.53: 55341+ [1au] A? pgsql17.box. (40)
(2) 13:06:51.518683 IP 10.211.55.1.2053 > 10.211.55.3.60116: UDP, length 45
(3) 13:06:51.518725 IP 10.211.55.3 > 10.211.55.1: ICMP 10.211.55.3 udp port 60116 unreachable, length 81

A query is sent in (1), and a response is received in (2). However, the source port in the response is 2053 instead of the expected 53. Port 2053 is the DNS server port specified for Apple Container in /etc/resolver/containerization.box. Because the source port in the received response is incorrect, the VM returns a Destination Unreachable (Port Unreachable) ICMP message in (3).

Root Cause Hypothesis:
When a port other than 53 is specified in /etc/resolver/*, prl_naptd does not appear to correctly rewrite the source port of DNS response packets.