The basic purpose of spoofing is to confuse a DNS server into giving out bad information. The way it works is that an attacker sends a recursive query to the victim's server, using the victim's server to resolve the query. The answer to the query is in a zone the attacker controls. The answer given by the attacker's name server includes an authoritative record for a domain name controlled by a third party. That authoritative record is FALSE. The victim's server caches the bogus record. (Most modern servers will not cache a fake record because it does not fall in the same parent zone as the record that was requested.)

Once spoofed the victim's resolver will continue to use the false record it has in its cache, potentially misdirecting E-Mail, or any other internet service. This is a potential major security leak for credit card information, trade secrets, and other highly sensitive information.

Recent surveys indicate that 25-30% of servers on the Internet are spoofable. Further readings on DNS spoofing.