The idea of DHCP snooping is to prevent an attacker to present itself as a DHCP

server and or flood the ligitimate DHCP server with

fake requests in order to eat all of the available addresses so the client cannot
lease an address.
Well how all that work.
When you configure DHCP snooping on a switch all of the switch ports asuume the
role of a untrusted ports.
Before definition of a untrusted port we should define what actually is trusted
port.
Trusted port is a port which will allow all of the DHCP messages sent between the
client and server.(dhcpdiscover,dhcpoffer,dhcprequest, dhcp ack)
Trusted ports are ussually defined between switch and router or switch and switch.
They must be defined when you know what is the topoligy and how the DHCP community
will flow.
Usually untrusted ports are ports which connect the switch to the end user devices.
Untrusted port will prevent DHCP server messages (dhcpoffer,dhcpreq) which are
initiated from the client side.
Also switch will keep state information regarding dhcp binding on an accesss port.
For example if a client on host B request a lease for address 10.10.10.1 from dhcp
server A the switch will create that binding table information.
In that way if an attacker attempt to execute dhcp starvation attack. Switch will
realize what is happening and will block all of the
fake requests.