Note that FTL v6.2 embeds dnsmasq v2.92.
There have been adjustments to DNSSEC treatment since v2.90, but I am unaware whether those may contribute to what you are observing.
Note that Tailscale utilises a special (sort of private) IP range (100.64.0.0/10) that is reserved for CGNAT, as employed by ISPs, which could contribute to your observation. The expected answer from public DNS servers would be NXDOMAIN, but if your ISP's DNS servers would be used upstream, and your Tailscale range would by chance match your ISP's, DNS reverse lookup replies may actually yield names.
Conditionally forwarding lookups for your Tailscale range would likely avoid your issue, as long as it would indeed be tied to DNSSEC: By default, pihole-FTL/dnsmasq would not apply DNSSEC validation for such domain-specific forwards.