Should DKIM selector names be unguessable?
I reviewed the document and found the author(s) don't understand DNS propogation of new entries. When updating old entries there are configurable cache times that can be several days. However, new entries need to be fetched from the authoritative name servers before the can be cached.
If keys are being rotated by the suggested process of rotating keys behind three CNAMEs, the there may be significant delays while cached entries are updated. This can be mitigated by dropping the TTL on record to be updated in the period before it is updated. The CNAME rotations may also be problematic in the case an emergency key rotation is required.
Randomizing the key names does provide some small measure of protection against the public key being retrieved in advance of use. Once the key is in use, I would assume that it could have been harvested for the purpose of generating an alternate signing key.