Dns

Everytime i refresh tor circuit i get new dns server. These are provided by tor exit nodes ?
If that’s true i’m worry that anyone who can setup exit node can mess with dns records and provide false urls to phishing pages or direct to other attacks.

Everytime i refresh tor circuit i get new dns server. These are provided by tor exit nodes ?
Yes.
If that's true i'm worry that anyone who can setup exit node can mess with dns records and provide false urls to phishing pages or direct to other attacks.
Not just DNS spoofing. MITM anything. https://www.whonix.org/wiki/Warning#Man-in-the-middle_attacks

Based on information above i commented out all nameservers on gateway. After that i try to access clearnet website (from gateway) and it not load, but when i try to do apt-get update (on gateway) it worked. I’m aware that apt uses stream isolation, but what special with stream isolation that it will allow to resolve dns even when /etc/resolv.conf is commented out?

Stream isolation directs the application directly to Tor SocksPorts which do support DNS.

Does dns on host os somehow interact with whonix ? Is ok to use my isp dns, or maybe some other third part is better? Any have dns providers suggestions ? Is possible to test if dns provider is legit ? Thanks guys

Does dns on host os somehow interact with whonix ?
No.
Is ok to use my isp dns,
Yes.
or maybe some other third part is better?
Up to you. (https://www.whonix.org/wiki/FAQ#Can_I_use_DNSCrypt_on_the_host.2C_in_my_router.2C_for_clearnet.3F)
Is possible to test if dns provider is legit ?
Hardly. Conceptually, snapshot in time only. They can be compromised or change any day without prior notice. Subtle manipulations would be difficult to spot and link to the DNS provider. Something like https://ooni.torproject.org/. I don't think you can do it without becoming a hobbyist project maintainer.