wikipedia.org:
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

In DirectAdmin:

Configuration:
In /usr/local/directadmin/conf/directadmin.conf check or add: dkim=1
(you may remove the two domain key lines in the DNS inside DirectAdmin if already exist)

Retrieve code in DirectAdmin by subdomain (manually) or in disable / enable the menu:
# cd /usr/local/directadmin/scripts
# ./dkim_create.sh example.com
or
# ./dkim_create.sh sub.example.com

Identical result for a DNS and for a DNS of a sub domain in DirectAdmin:
x._domainkey TXT “v=DKIM1; k=rsa; p=…”

DNS on the name server for a domain and for a sub domain:
(subdomain resell2 is an example):
x._domainkey TXT v=DKIM1; k=rsa; p=…
x._domainkey.resell2 TXT v=DKIM1; k=rsa; p=…

For a sub domain like www.:
Strict DKIM in DMARC configuration with ‘adkim=s’ is possible.
And DKIM setup ‘v=DKIM1; p=’ works for a 100% score.
On the other hand, DNS amplification in a DDoS attack is a threat in case of a wildcard record.

You may decide not to have a DKIM record.
If not a server name, then SPF ‘v=spf1 -all’ and DMARC ‘reject’ is needed for a 100% score.

This is the way internet.nl makes the DKIM field gray:
Checks if the domain is configured for not sending email. For this test this is translated as:
The SPF record with ‘v=spf1 -all’ and the DMARC record contains ‘v=DMARC1;p=reject;’.
(If ‘true’, the DKIM test could be considered as not relevant.)
In case of ‘_’ : (‘not tested’, grey’) or ‘%’ : (‘error’, grey ).

Notes:
In order to avoid spaces, edit the key before pasting
Extra setup is in /etc/exim.dkim.conf