Does the Zero Trust dashboard automatically add DNS entries for tunnels?

I’m trying to understand the Cloudflare Zero Trust Tunnels and I have a question.

When I’m creating my tunnel (using the web dashboard), it asks me for an optional subdomain. However, when I enter something that doesn’t exist it displays the following message:

Warning: No DNS record found for this domain. The policy may not execute as expected.

Is this expected? Am I supposed to define a CNAME/A record in the DNS before using the subdomain here?

Are you creating a public hostname for the tunnel or for an access application?

I also often see this warning for my sub-domains…

But when I check the DNS dashboard, the sub-domain for the tunnel has been created…