diff --git a/pkg/apis/kops/validation/instancegroup.go b/pkg/apis/kops/validation/instancegroup.go
index 349e8fbbf888d..c32f251e9cabe 100644
--- a/pkg/apis/kops/validation/instancegroup.go
+++ b/pkg/apis/kops/validation/instancegroup.go
@@ -242,7 +242,7 @@ func CrossValidateInstanceGroup(g *kops.InstanceGroup, cluster *kops.Cluster, cl
 		if cluster.GetCloudProvider() != kops.CloudProviderAWS && cluster.GetCloudProvider() != kops.CloudProviderGCE {
 			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "role"), "APIServer role only supported on AWS and GCE"))
 		}
-		if cluster.UsesNoneDNS() {
+		if cluster.UsesNoneDNS() && cluster.GetCloudProvider() != kops.CloudProviderGCE {
 			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "role"), "APIServer cannot be used with topology.dns.type=None"))
 		}
 	}
diff --git a/pkg/apis/kops/validation/instancegroup_test.go b/pkg/apis/kops/validation/instancegroup_test.go
index 23485c2e92ce5..01eeaf41db61f 100644
--- a/pkg/apis/kops/validation/instancegroup_test.go
+++ b/pkg/apis/kops/validation/instancegroup_test.go
@@ -512,6 +512,7 @@ func createMinimalInstanceGroup() *kops.InstanceGroup {
 }
 
 func TestCrossValidateAPIServerRole(t *testing.T) {
+	noneDNSTopology := &kops.TopologySpec{DNS: kops.DNSTypeNone}
 	grid := []struct {
 		Description    string
 		Cluster        *kops.Cluster
@@ -539,6 +540,30 @@ func TestCrossValidateAPIServerRole(t *testing.T) {
 			},
 			ExpectedErrors: 0,
 		},
+		{
+			Description: "APIServer role allowed on GCE with dns=None",
+			Cluster: &kops.Cluster{
+				Spec: kops.ClusterSpec{
+					CloudProvider: kops.CloudProviderSpec{
+						GCE: &kops.GCESpec{},
+					},
+					Networking: kops.NetworkingSpec{Topology: noneDNSTopology},
+				},
+			},
+			ExpectedErrors: 0,
+		},
+		{
+			Description: "APIServer role forbidden on AWS with dns=None",
+			Cluster: &kops.Cluster{
+				Spec: kops.ClusterSpec{
+					CloudProvider: kops.CloudProviderSpec{
+						AWS: &kops.AWSSpec{},
+					},
+					Networking: kops.NetworkingSpec{Topology: noneDNSTopology},
+				},
+			},
+			ExpectedErrors: 1,
+		},
 		{
 			Description: "APIServer role forbidden on DO",
 			Cluster: &kops.Cluster{
diff --git a/tests/e2e/templates/apiserver-gce.yaml.tmpl b/tests/e2e/templates/apiserver-gce.yaml.tmpl
index aa8fd6ad423c7..48e4da313c31c 100644
--- a/tests/e2e/templates/apiserver-gce.yaml.tmpl
+++ b/tests/e2e/templates/apiserver-gce.yaml.tmpl
@@ -49,7 +49,7 @@ spec:
     type: Public
   topology:
     dns:
-      type: Public
+      type: None
 
 ---