diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go
index eb923619ab..b3475af67d 100644
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@@ -68,7 +68,6 @@ type CreateClusterOptions struct {
 	ContainerRuntime           string
 	OutDir                     string
 	DisableSubnetTags          bool
-	DNSZone                    string
 	NodeSecurityGroups         []string
 	ControlPlaneSecurityGroups []string
 	AssociatePublicIP          *bool
diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go
index 24d549bd8b..d9c68e18b5 100644
--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@@ -145,6 +145,8 @@ type NewClusterOptions struct {
 	Topology string
 	// DNSType is the DNS type to use; "public" or "private". Defaults to "public".
 	DNSType string
+	// DNSZone is the DNS zone to use.
+	DNSZone string
 
 	// APILoadBalancerClass determines whether to use classic or network load balancers for the API
 	APILoadBalancerClass string
@@ -1376,16 +1378,17 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 func setupDNSTopology(opt *NewClusterOptions, cluster *api.Cluster) error {
 	switch strings.ToLower(opt.DNSType) {
 	case "":
-		switch cluster.Spec.GetCloudProvider() {
-		case api.CloudProviderHetzner, api.CloudProviderDO, api.CloudProviderAzure:
-			// Use dns=none if not specified
+		if opt.DNSZone != "" {
+			// Use dns=public if zone is specified
+			cluster.Spec.Networking.Topology.DNS = api.DNSTypePublic
+		} else if cluster.UsesLegacyGossip() {
+			// Use dns=none if .k8s.local is specified instead of Gossip
+			klog.Warningf("Gossip is deprecated, using None DNS instead")
+			cluster.Spec.Networking.Topology.DNS = api.DNSTypeNone
+		} else if cluster.Spec.GetCloudProvider() == api.CloudProviderAWS || cluster.Spec.GetCloudProvider() == api.CloudProviderGCE {
+			cluster.Spec.Networking.Topology.DNS = api.DNSTypePublic
+		} else {
 			cluster.Spec.Networking.Topology.DNS = api.DNSTypeNone
-		default:
-			if cluster.UsesLegacyGossip() {
-				cluster.Spec.Networking.Topology.DNS = api.DNSTypePrivate
-			} else {
-				cluster.Spec.Networking.Topology.DNS = api.DNSTypePublic
-			}
 		}
 	case "public":
 		cluster.Spec.Networking.Topology.DNS = api.DNSTypePublic