Applications running on the gateway aren’t Tor control protocol filtered. These have direct access. There’s not a lot such applications to my knowledge except nyx, onioncircuits and vanguards. Pluggable transports do not use Tor control protocol as far as I know. Even if they did, unrestricted access is OK as these applications are trusted and the workstation can’t learn about that (only white listed, filtered Tor control protozoic access).
Leaks from workstation to clearnet are very unlikely as long as we don’t enable IP forwarding. A computer connected over LAN direct connection to another computer doesn’t easily get clearnet internet access. (That 's what IP forwarding is for.) Even if gateway had full unrestricted clearnet access, that wouldn’t allow the workstation accessing any clearnet access. Restricting what gateway leaves the gateway is useful for accidental misconfiguration by users and to anonymize APT upgrade traffic.
resolver: None. No special package. Debian standard / default one. libc gethostbyname. My testing instructions above are sufficient. No special/extra DNS resolver package such as bind9 / unbound / dnsmasq required.
It’s a huge jump from “no DNS resolver” to “sophisticated DNS resolver”. Worth going for DNSCrypt? Fingerprintable at ISP level. Required in initial implementation? Also a ton harder to implement.
If run in VM it asks the virtualizer which then asks the host operating system which then uses the host’s /etc/resolv.conf which probably for most users the IP address of their home router which then uses their internet service provider (ISP) DNS server.
It would be very similar if not the same as using nslookup check.torproject.org on the host operating system.