I can see why Google would not require G Suite customers to set up DKIM, but why do they not have it set up for google.com? It seems like it would have added another barrier of defense in the case of this bug.
It is setup for google.com but you'll need to receive a message from Google to see the selector used. It's not possible[1] to establish if domain is DKIM enabled by doing DNS queries without knowing the selector used.
[1] You'd need permissions to enumerate the entire DKIM zone of the domain which you wouldn't have for a random domain and whilst you could by to bruteforce all selector names combinations between 1 and 63 characters long I wouldn't recommend doing so.
[1] You'd need permissions to enumerate the entire DKIM zone of the domain which you wouldn't have for a random domain and whilst you could by to bruteforce all selector names combinations between 1 and 63 characters long I wouldn't recommend doing so.