Incorrect, it uses the name servers defined for NAME_SERVERS, it does not use whatever your host is using.
To resolve the vpn endpoint (if its a name) and to do all name resolution for the application e.g. resolving peers/seeds from name to ip (if talking about a torrent client).
Before AND after the tunnel is connected, but once connected all future name server lookup is restricted to vpn tunnel only, if the tunnel goes down then name server lookup for the endpoint is done via cached lookups in the form of hosts file.
Not all vpn providers provide name servers to use, and even if they do not all vpn name servers are publicly accessible, so name resolution for the vpn endpoint (prior to being connected to the vpn) would be blocked resulting in the inability to establish a connection.
Firstly lets correctly define what name server ip leakage really is, this is leaking your ISP assigned ip via name server lookup, this cannot happen with this image, as mentioned above name server lookup is restricted to vpn tunnel only once connected, in the above scenario firefox will be using a public name server (1.1.1.1) but the requests will be coming from your vpn provider ip address and will not be from your isp assigned ip address, thus no leak.
For anybody else reading this, please keep in mind that nickydd9 is using a firefox browser in a container, and thus all traffic is sent down the vpn tunnel, if you are using a browser via privoxy (proxy) then this is a different scenario and name server leakage will occur.