"DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message." RFC 6376
A DKIM-Signature contains the domain tag (d=) on which to lookup the DKIM key and a selector (s=). This allows for multiple DKIM keys being used for a single domain. e.g. "d=example.com; s=mail;" refers to the selector "mail" on the domain "example.com". The DKIM key is found on the "_domainkey" subdomain. The full DKIM lookup would look as following: "mail._domainkey.example.com. TXT".
DKIM lookups are only done when a message has a DKIM-Signature. The impala query provides insight into domain names using DKIM on their domain.
Impala Query:
select domainname, count(1) as tot from dns.staging where qname LIKE '%._domainkey.%' and qtype = 16 group by domainname order by tot desc