It is normal to setup different views for different users, in short, you don't want to someone, which you doesn't want see hosts on your network. Because we will setup access list. Below is example how we can to that. In this example you need to setup two access list. One will name internal (network 192.168.100.0/24), and second one will be named external (network 192.168.200.0/24). Remember that you are in /var/named/chroot/ directory

[root@security1 etc]# cat named.conf
acl "internal" {127/8; 192.168.100/24;};
acl "external" {192.168.200/24;};
options {
           recursion no;
           directory "/var/named";
};

view "internal" {
           match-clients {"internal";};
           recursion yes;
           zone "setenforce.com" {
             type master;
             file "setenforce.internal";
          };
};

view "external" {
           match-clients {"external";};
           zone "setenforce.com" {
             type master;
             file "setenforce.external";
          };
};

In this point you should think about selinux and permissions and owner for new created file.

[root@security1 etc]# chcon --reference=named.conf.old named.conf selinux stuff
[root@security1 etc]# chmod 644 named.conf
[root@security1 etc]# chown root:named named.conf

Now you need to define file setenforce.internal and setenforce.external. Like we do before, change permissions and selinux type.

[root@security1 named]# touch setenforce.com.zone setenforce.{internal,external}
[root@security1 named]# cat setenforce.com.zone > setenforce.internal
[root@security1 named]# cat setenforce.com.zone > setenforce.external

Add some dns record in setenforce.internal file, for example:

test IN CNAME ns

Don't forget to increment SOA record, and look for proper permissions. Restart service named, and try host test.setenforce.com security1 from security2, and cracker20.