DNS spoofing works by forcing a DNS "client" to generate a request to a "server", then spoofing the response from the "server".
One way this works is through the scheme that most DNS servers support "recursive" queries. You can therefore send a request to any DNS server asking for it to resolve a name-to-address. That DNS server will then send the proper queries to the proper servers in order to discover the appropriate information. However, an intruder can predict what request that victim server will send out to satisfy the request, and can spoof the response, which will arrive before the real response arrives.
This is useful because DNS servers will "cache" information for a certain amount of time. If an intruder can successfully spoof a response for "www.microsoft.com", any legitimate users of that DNS server will then be redirected to the intruder's site.