It is normal to setup different views for different users, in short, you don't want to someone, which you doesn't want see hosts on your network. Because we will setup access list. Below is example how we can to that. In this example you need to setup two access list. One will name internal (network, and second one will be named external (network Remember that you are in /var/named/chroot/ directory

[root@security1 etc]# cat named.conf
acl "internal" {127/8; 192.168.100/24;};
acl "external" {192.168.200/24;};
options {
           recursion no;
           directory "/var/named";

view "internal" {
           match-clients {"internal";};
           recursion yes;
           zone "" {
             type master;
             file "setenforce.internal";

view "external" {
           match-clients {"external";};
           zone "" {
             type master;
             file "setenforce.external";

In this point you should think about selinux and permissions and owner for new created file.

[root@security1 etc]# chcon --reference=named.conf.old named.conf selinux stuff
[root@security1 etc]# chmod 644 named.conf
[root@security1 etc]# chown root:named named.conf

Now you need to define file setenforce.internal and setenforce.external. Like we do before, change permissions and selinux type.

[root@security1 named]# touch setenforce.{internal,external}
[root@security1 named]# cat > setenforce.internal
[root@security1 named]# cat > setenforce.external

Add some dns record in setenforce.internal file, for example:

test IN CNAME ns

Don't forget to increment SOA record, and look for proper permissions. Restart service named, and try host security1 from security2, and cracker20.