Should you create two CNAME records for the subdomain?
Yes, you need to create two CNAME records for the DKIM configuration to work correctly. Each CNAME record maps a selector name to a domain name where the DKIM public key is stored. The two selectors are typically named "selector1" and "selector2", but you can choose any names you like, as long as they are unique within the subdomain.
How are TXT attributes associated with CNAME records?
The TXT records are associated with the DKIM selectors, not the CNAME records. You need to create a TXT record for each DKIM selector, with the DKIM public key value. In your example, you would need to create two TXT records like this:
TXT selector1._domainkey.subdomain.domain.com "k=rsa; p=random_value"
TXT selector2._domainkey.subdomain.domain.com "k=rsa; p=random_value"
What is the reason for the "_domainkey" value?
The "_domainkey" part is a standard prefix used in the DKIM specification to identify the DNS record that contains the public key for a given selector. The full name of the DNS record should be in the form "selector._domainkey.example.com", where "selector" is the name of the DKIM selector, and "example.com" is the domain name of the email sender. By convention, the "_domainkey" label is used to separate the selector name from the domain name, to avoid any possible conflicts with other DNS records.
UPDATE:
Here is an example of the DNS records you might create for a subdomain called "subdomain.example.com", assuming you have one DKIM selector and one SPF policy
; DKIM records
selector1._domainkey.subdomain.example.com. IN CNAME selector1-subdomain-example-com._domainkey.example.onmicrosoft.com.
selector1-subdomain-example-com._domainkey.example.onmicrosoft.com. IN TXT "k=rsa; p=random_value"
; SPF record
subdomain.example.com. IN TXT "v=spf1 include:example.com -all"
In this example, the first line creates a CNAME record for the DKIM selector "selector1". The CNAME points to the domain name where the DKIM public key is stored, in this case "selector1-subdomain-example-com._domainkey.example.onmicrosoft.com". The second line creates a TXT record for the DKIM public key, which is associated with the DKIM selector "selector1".
The third line creates a TXT record for the SPF policy for the subdomain "subdomain.example.com". The SPF record syntax specifies that email should be sent from hosts listed in the "example.com" SPF policy. The "-all" directive specifies that any email that does not come from an authorized host should be rejected.
_domainkey
.