fixed typo in resolver that cause hostnames not to be marked as authenticated (with DNSSec)

usually this wasn’t a problem as this is only the fallback after no IPs
have been discovered.

this also isn‘t a security issue as worst case is the hostname doesn’t get
accepeted as fallback in cert validation.

thanks @genofire for spotting this