Hi!
This is essentially similar to scenarios involving a 'kill switch' or 'blocking non-VPN traffic'.
When Tailscale/VPN goes down for any reason, it stops traffic from client devices (including DNS traffic) from leaving via the WAN which can prevent IP/DNS leaks.
But the Tailscale "Kill Switch" is not support yet.
If you have related requirement, may refer to the threads you saw like this one Tailscale and "Block Non-VPN Traffic" - #8 by hansome