The term "spoofing" describes the sending of non-secure data in response to a DNS query. It can be used to redirect queries to a rogue DNS server and can be malicious in nature.

Starting with SP4, you can filter out these non-secure records by using regedt32 to navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

On the Edit menu, Add Value name SecureResponses, a type REG_DWORD entry, and set the data to 1.