Not really a bug in our code, more undefined behavior I’d say. The root cause behind this is the localzonepath. On Debian this includes the RFC1918 zones, like 168.192.in-addr.arpa. This causes the duplication definition. In normal operation this prevents queries for NAT IPs to be sent to the internet. We don’t touch this file and trust the distro.
You can exclude loading of that file by adding dns::localzonepath: unmanaged to /etc/foreman-installer/custom-hiera.yaml or manually removing it from zones.rfc1918.
EL7 ships /etc/named.rfc1912.zones (RFC1912: Common DNS Operational and Configuration Errors) and doesn’t include the RFC1918 zones so you won’t see the issue there.
I hope this clarifies things and I’d appreciate what you as a user think is the best solution for us.
On a side note: I’m rethinking the DNS deployment model and intend to gather feedback to come up with a RFC.