In your last drawing, in fact, not 2 DMZs and a LAN, but 3 LAN segments going through 2 firewalls, possibly with different Internet access rights.
DMZ - correctly depicted in the first figure.
DMZ is relevant for attacks from outside. If you need to restrict access to certain servers within the LAN, then no one bothers you to separate them into a separate network and protect them with your firewall. But this is no longer a DMZ, but simply a closed segment of the internal network. Within your network, you can fence any garden you like. Whether you want to separate networks, or not, you want to protect with a firewall, etc. The main thing is not to forget to prescribe routes.

I would say that there may not just be 2 DMZs or more, but in general the concept of DMZ is gradually becoming obsolete. In modern ITU practice, filters are increasingly configured individually for each server in the form of a centrally administered policy, and for user hosts virtual point-to-point connections with authorization, encryption and access policies are generally used + system-level filtering tools are used. Those. in fact, each host can be considered as a separate zone from the point of view of shielding. Moreover, filtering inside the host can be not only by network addresses and ports, but also by applications and users, i.e. the boundary of the security zone in terms of screening may not even be at the host level, but at the level of an individual application or user.

1. Proceeding from the name DMZ - a zone without strict control for external traffic. From the point of view of the external ITU, this area is equivalent to the external network, i.e. maximum severity. Since the DMZ and LAN need to be protected in different ways, they are indicated separately.
2. The topology with one ITU screen for DMZ and LAN is specified in the wiki (a router with external channels may not filter traffic at all).