Hi Andy,
since DAI uses the DHCP snooping binding table to check if an ARP packet is valid or not, you'll also need to configure DAI trusting on trunks (no DHCP snooping bindings on trusted interfaces).
From the c2960 12.2(55)SE configuration guide:
In a typical network configuration, you configure all switch ports connected to host ports as untrusted and configure all switch ports connected to switches as trusted.
HTH
Rolf