The term "spoofing" describes the sending of non-secure data in response to a DNS query. It can be used to redirect queries to a rogue DNS server and can be malicious in nature.
Starting with SP4, you can filter out these non-secure records by using regedt32 to navigate to:
On the Edit menu, Add Value name SecureResponses, a type REG_DWORD entry, and set the
data to 1.