diff --git a/manifests/00-ingress-credentials-request.yaml b/manifests/00-ingress-credentials-request.yaml
index 98eac2c36a..db982cbbed 100644
--- a/manifests/00-ingress-credentials-request.yaml
+++ b/manifests/00-ingress-credentials-request.yaml
@@ -116,6 +116,13 @@ spec:
         attributes:
           - name: "serviceName"
             value: "internet-svcs"
+      - roles:
+          - "crn:v1:bluemix:public:iam::::serviceRole:Manager"
+          - "crn:v1:bluemix:public:iam::::serviceRole:Reader"
+          - "crn:v1:bluemix:public:iam::::serviceRole:Writer"
+        attributes:
+          - name: "serviceName"
+            value: "dns-svcs"
   secretRef:
     name: cloud-credentials
     namespace: openshift-ingress-operator
diff --git a/pkg/manifests/bindata.go b/pkg/manifests/bindata.go
index db0b2c274b..2424f83da2 100644
--- a/pkg/manifests/bindata.go
+++ b/pkg/manifests/bindata.go
@@ -18,7 +18,7 @@
 // manifests/00-cluster-role.yaml (3.181kB)
 // manifests/00-custom-resource-definition-internal.yaml (6.75kB)
 // manifests/00-custom-resource-definition.yaml (114.935kB)
-// manifests/00-ingress-credentials-request.yaml (4.54kB)
+// manifests/00-ingress-credentials-request.yaml (4.824kB)
 // manifests/00-namespace.yaml (508B)
 // manifests/0000_90_ingress-operator_00_prometheusrole.yaml (446B)
 // manifests/0000_90_ingress-operator_01_prometheusrolebinding.yaml (514B)
@@ -462,7 +462,7 @@ func manifests00CustomResourceDefinitionYaml() (*asset, error) {
 	return a, nil
 }
 
-var _manifests00IngressCredentialsRequestYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x57\xc1\x8e\xdb\x36\x10\xbd\xfb\x2b\x08\x5d\x02\x04\xa0\xd3\x45\x51\xa0\xe0\xcd\xeb\x2d\xd2\x02\x49\x11\x78\xd1\x04\xe8\x6d\x44\x8e\xe5\x41\xa8\xa1\xca\xa1\x94\x36\x5f\x5f\xd0\x92\x65\x3b\x72\xbd\xdd\x5d\xa7\xd8\xb6\x7b\xb3\x39\x6f\xa8\x99\xc7\xf7\x44\x0d\x34\xf4\x1e\xa3\x50\x60\xa3\xac\x0f\xad\xb3\x11\x1d\x72\x22\xf0\xf3\xd0\x20\xcb\x86\xd6\x69\x4e\xe1\x55\x77\x35\xfb\x48\xec\x8c\x5a\x8e\x00\x59\xe1\x6f\x2d\x4a\x9a\xd5\x98\xc0\x41\x02\x33\x53\xca\x43\x89\x5e\xf2\x2f\xa5\x6c\xe0\x14\x83\xf7\x18\x75\x0a\xc1\xcb\xfc\xe3\xf7\x32\xa7\x60\x54\x71\x35\xff\xa6\x98\x29\xc5\x50\xa3\x51\xe3\x73\x34\x71\x15\x51\x64\x88\x48\x03\xf6\x28\xbc\x2d\x50\xef\x2b\xd4\xa1\xc1\x08\x29\xc4\x99\x52\xc0\x1c\x12\x24\x0a\x3c\x3c\x9c\xd8\xfa\xd6\xe1\x3c\xa2\x47\x10\x3c\xee\x86\xca\x7a\xd8\xad\x06\x86\x0a\x9d\x51\x45\x8a\x2d\x16\x77\xa7\x0a\xfa\xf5\x2e\x4b\x6f\xa8\xda\x68\xe8\x80\x3c\x94\xe4\x29\xfd\x71\x8f\x7d\x88\x2b\x8f\x9a\x83\x43\xed\xb0\x43\x9f\x9b\x19\xd3\xa5\x41\x9b\xfb\x10\x8c\x1d\x59\x5c\x58\x1b\x5a\x4e\x3f\x67\x56\xf2\xb2\x56\x03\x55\x87\x14\x08\xda\x88\x69\x85\xeb\x9e\x80\x9e\xdc\x2f\x39\x93\x31\x36\xa1\xf7\xc4\x96\x4d\x0c\x1d\x39\x8c\xb7\x43\x39\x4a\xdd\x47\x30\x19\xdf\x8b\x66\xf1\xe1\xf6\xdd\xc1\x56\xdb\x88\x24\x48\x58\x23\xa7\x1f\x38\x45\xc2\xe1\xd8\xb4\xc2\xf5\x1a\x6d\x32\x6a\xe1\x7d\xf8\xb4\x5d\x53\x0a\x6c\x3e\x59\x33\xfc\xd3\x0a\x3d\x48\x22\xeb\x03\xb8\x12\x3c\xb0\x25\xae\xcc\x0d\x8a\x8d\x54\xe2\x9b\x00\xee\x7a\xbb\x8a\x51\xc6\x94\x18\xda\x84\xdf\x7d\x6b\xde\x90\xa4\x1f\x83\x24\x74\xbf\x06\xc6\x69\x7c\xb9\x01\xae\x70\x85\x12\xda\x68\x71\x85\x36\x44\x77\x8b\x69\x0f\x4c\x50\x99\xd7\x99\xe7\x1e\xb1\x0b\xc4\xe1\xbf\x51\xc5\xcb\x62\xa6\xb5\x9e\x3d\x49\x6f\x69\xf8\xdc\x46\x7c\x76\xd8\x81\xc3\x9e\xae\x6b\xf2\x51\x4d\x7c\x13\x83\xc7\x6b\x62\x47\x5c\x8d\x9e\xc9\x6b\x46\x2d\xb3\x26\xa8\x6c\x73\x15\x4f\x57\x80\x95\x6d\x9e\xe5\xf7\x5f\x7b\xc1\xbf\x5e\xbe\x9b\x08\xb5\xc9\x89\x6b\x62\x74\xab\xe0\xf1\x48\xab\xf2\xca\xb1\xcc\xc1\xd5\xc4\x5f\x47\xa9\x7f\x25\x3e\x2a\xeb\xed\xfe\xf7\x57\xe0\xee\xc0\x2e\xc5\xd8\x4f\xd7\x6f\x97\x19\x3c\xa5\x2d\x78\xb2\xf4\x05\x5f\xfb\xab\xaf\xb0\x91\x4d\x77\x65\x4a\xdf\x62\x4d\xbf\x9b\xa6\x2d\x3d\x59\x43\x50\x1b\x63\xcc\x20\xa7\x4c\xb8\x79\xbb\xd5\x70\x2c\x1e\x90\xba\x42\x70\x0f\xcb\xfc\x10\x29\xed\x33\x21\xf5\x2f\xa4\xc3\x06\xfa\xa3\x29\x86\xa4\xac\xf8\x1d\x5a\xa9\x0e\x7c\x9b\x83\xc4\x09\x23\x63\xd2\xd2\x59\x29\xfe\xc7\x44\x38\x96\x91\x83\x8b\xdb\xff\x1f\x75\x5e\x13\x3e\x61\xec\x1e\xf0\x6d\xff\xd5\x8c\x97\x0b\x7a\x3f\xfd\x2e\x3d\xf6\xdf\x44\x78\x8f\x14\xdf\xe3\x04\xf8\x38\x11\x9e\x92\xe1\xdd\x52\x3c\xeb\xcb\x7f\xb7\x26\xc1\x53\x09\x25\x9c\xbd\x11\x26\x15\x5e\x5a\x8f\x8b\xbe\x88\xd3\x97\xc1\xe9\x21\x29\x1f\xd9\xf1\x48\x34\xac\x79\x72\x2c\x66\xe1\xdc\x4d\xa8\x81\xb8\x9f\x5e\x4e\x41\x7e\x69\x1c\x24\xbc\x0b\x75\x83\x1e\xff\x0e\xaa\x9f\xbb\x0e\x71\x32\x02\x4f\x8d\x73\x87\xd3\xd2\x8b\x97\x2f\xce\xf6\xd4\x74\xe9\x73\xee\x28\x4f\x6b\x27\x6a\xd8\x86\xfb\x6e\xce\x21\xfa\x4e\xce\x23\xfa\x2e\xf6\x18\x39\x0f\x92\xb3\xcd\x4c\x1b\xbf\xb8\x55\xfe\x0c\x00\x00\xff\xff\xe6\xd6\xee\xc1\xbc\x11\x00\x00")
+var _manifests00IngressCredentialsRequestYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x57\xc1\x8e\xdb\x36\x10\xbd\xfb\x2b\x08\x5d\x02\x04\xa0\xd3\x45\x51\xa0\xe0\xcd\xeb\x2d\xd2\x02\x49\x11\x78\xd1\x04\xe8\x6d\x44\x8e\xb5\x83\x50\x43\x95\x43\x29\x6d\xbe\xbe\xa0\x25\xcb\x76\xe4\xda\xdd\x5d\xa7\x58\xa4\x7b\xb3\x39\x6f\xa8\x99\xc7\xf7\x44\x0d\x34\xf4\x1e\xa3\x50\x60\xa3\xac\x0f\xad\xb3\x11\x1d\x72\x22\xf0\xf3\xd0\x20\xcb\x1d\xad\xd3\x9c\xc2\xab\xee\x6a\xf6\x91\xd8\x19\xb5\x1c\x01\xb2\xc2\x3f\x5a\x94\x34\xab\x31\x81\x83\x04\x66\xa6\x94\x87\x12\xbd\xe4\x5f\x4a\xd9\xc0\x29\x06\xef\x31\xea\x14\x82\x97\xf9\xc7\x1f\x65\x4e\xc1\xa8\xe2\x6a\xfe\x5d\x31\x53\x8a\xa1\x46\xa3\xc6\xe7\x68\xe2\x2a\xa2\xc8\x10\x91\x06\xec\x41\x78\x53\xa0\xde\x55\xa8\x43\x83\x11\x52\x88\x33\xa5\x80\x39\x24\x48\x14\x78\x78\x38\xb1\xf5\xad\xc3\x79\x44\x8f\x20\x78\xd8\x0d\x95\xf5\xb0\x5b\x0d\x0c\x15\x3a\xa3\x8a\x14\x5b\x2c\xce\xa7\x0a\xfa\xf5\x36\x4b\xdf\x51\x75\xa7\xa1\x03\xf2\x50\x92\xa7\xf4\xd7\x3d\xf6\x21\xae\x3c\x6a\x0e\x0e\xb5\xc3\x0e\x7d\x6e\x66\x4c\x97\x06\x6d\xee\x43\x30\x76\x64\x71\x61\x6d\x68\x39\xfd\x9a\x59\xc9\xcb\x5a\x0d\x54\xed\x53\x20\x68\x23\xa6\x15\xae\x7b\x02\x7a\x72\xbf\xe4\x4c\xc6\xd8\x84\xde\x23\x5b\x36\x31\x74\xe4\x30\xde\x0e\xe5\x28\x75\x1f\xc1\x64\x7c\x2f\x9a\xc5\x87\xdb\x77\x7b\x5b\x6d\x22\x92\x20\x61\x8d\x9c\x7e\xe2\x14\x09\x87\x63\xd3\x0a\xd7\x6b\xb4\xc9\xa8\x85\xf7\xe1\xd3\x66\x4d\x29\xb0\xf9\x64\xcd\xf0\x4f\x2b\xf4\x20\x89\xac\x0f\xe0\x4a\xf0\xc0\x96\xb8\x32\x37\x28\x36\x52\x89\x6f\x02\xb8\xeb\xcd\x2a\x46\x19\x53\x62\x68\x13\xfe\xf0\xbd\x79\x43\x92\x7e\x0e\x92\xd0\xfd\x1e\x18\xa7\xf1\xe5\x1d\x70\x85\x2b\x94\xd0\x46\x8b\x2b\xb4\x21\xba\x5b\x4c\x3b\x60\x82\xca\xbc\xce\x3c\xf7\x88\x6d\x20\x0e\xff\x8d\x2a\x5e\x16\x33\xad\xf5\xec\x49\x7a\x4b\xc3\xe7\x36\xe2\xb3\xc3\xf6\x1c\xf6\x74\x5d\x93\x8f\x6a\xe2\x9b\x18\x3c\x5e\x13\x3b\xe2\x6a\xf4\x4c\x5e\x33\x6a\x99\x35\x41\x65\x9b\xab\x78\xba\x02\xac\x6c\xf3\x2c\xbf\x6f\xed\x05\xff\x7a\xf9\x6e\x22\xd4\x26\x27\xae\x89\xd1\xad\x82\xc7\x03\xad\xca\x2b\xc7\x32\x07\x57\x13\x7f\x1d\xa5\xfe\x93\xf8\xa8\xac\x37\xfb\xdf\x5f\x81\xdb\x03\xbb\x14\x63\xbf\x5c\xbf\x5d\x66\xf0\x94\xb6\xe0\xc9\xd2\x17\x7c\xed\xae\xbe\xc2\x46\x36\xdd\x95\x29\x7d\x8b\x35\xfd\x69\x9a\xb6\xf4\x64\x0d\x41\x6d\x8c\x31\x83\x9c\x32\xe1\xe6\xed\x46\xc3\xb1\x78\x40\xea\x0a\xc1\x3d\x2c\xf3\x43\xa4\xb4\xcb\x84\xd4\xbf\x90\xf6\x1b\xe8\x8f\xa6\x18\x92\xb2\xe2\xb7\x68\xa5\x3a\xf0\x6d\x0e\x12\x27\x8c\x8c\x49\x4b\x67\xa5\xf8\x1f\x13\xe1\x58\x46\x0e\x2e\x6e\xff\xff\xd4\x79\x4d\xf8\x84\xb1\x7b\xc0\xb7\xfd\x57\x33\x5e\x2e\xe8\xfd\xf4\xbb\xf4\xd0\x7f\x13\xe1\x3d\x52\x7c\x8f\x13\xe0\xe3\x44\x78\x4c\x86\xe7\xa5\x78\xc6\x97\xcf\x04\x7d\x9b\x7e\x05\x4f\x25\x94\x70\xf2\xb6\x9c\x54\x78\x69\xaf\x2e\xfa\x22\x8e\x5f\x94\xc7\x07\xc8\x7c\x5a\x87\xe3\xe2\xb0\xe6\xc9\xb1\x98\x85\x73\x37\xa1\x06\xe2\x7e\xb2\x3b\x06\xf9\xad\x71\x90\xf0\x1c\xea\x06\x3d\xfe\x1b\x54\x3f\x93\xee\xe3\x64\x04\x1e\x1b\x75\xf7\x27\xc9\x17\x2f\x5f\x9c\xec\xa9\xe9\xd2\xe7\xdc\x51\x9e\x64\x8f\xd4\xb0\x09\xf7\xdd\x9c\x42\xf4\x9d\x9c\x46\xf4\x5d\xec\x30\x72\x1a\x24\x27\x9b\x99\x36\x7e\x71\xab\xfc\x1d\x00\x00\xff\xff\x33\x96\x38\x9d\xd8\x12\x00\x00")
 
 func manifests00IngressCredentialsRequestYamlBytes() ([]byte, error) {
 	return bindataRead(
@@ -477,8 +477,8 @@ func manifests00IngressCredentialsRequestYaml() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "manifests/00-ingress-credentials-request.yaml", size: 4540, mode: os.FileMode(420), modTime: time.Unix(1, 0)}
-	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xed, 0xee, 0x9a, 0x3f, 0x45, 0xc5, 0xb0, 0x46, 0xc3, 0x6a, 0x97, 0xd, 0x9b, 0x37, 0x38, 0x92, 0x8, 0xc7, 0xdb, 0xbb, 0x33, 0xb9, 0x15, 0x3, 0x8e, 0x8e, 0x39, 0xaf, 0x5f, 0x74, 0x8b, 0xf3}}
+	info := bindataFileInfo{name: "manifests/00-ingress-credentials-request.yaml", size: 4824, mode: os.FileMode(420), modTime: time.Unix(1, 0)}
+	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x94, 0xd8, 0x55, 0xea, 0x58, 0x1f, 0x7c, 0xda, 0x6c, 0x81, 0x25, 0x7f, 0x11, 0xc3, 0x28, 0x77, 0xe1, 0x4e, 0x5, 0xc1, 0xff, 0x67, 0x67, 0x7, 0xcd, 0xe4, 0xbd, 0x1b, 0x56, 0x55, 0xd1, 0xca}}
 	return a, nil
 }
 
diff --git a/pkg/operator/controller/dns/controller.go b/pkg/operator/controller/dns/controller.go
index 7e1667cdee..2d745b2a6f 100644
--- a/pkg/operator/controller/dns/controller.go
+++ b/pkg/operator/controller/dns/controller.go
@@ -583,25 +583,30 @@ func (r *reconciler) createDNSProvider(dnsConfig *configv1.DNS, platformStatus *
 				return nil, err
 			}
 		} else if platformStatus.IBMCloud.DNSInstanceCRN != "" {
-			matches := ibm.IBMResourceCRNRegexp.FindStringSubmatch(platformStatus.IBMCloud.DNSInstanceCRN)
-			if len(matches) <= 0 {
-				return nil, fmt.Errorf("CRN does not match expected format: %s", platformStatus.IBMCloud.DNSInstanceCRN)
-			}
-			dnsProvider, err = getIbmDNSProvider(dnsConfig, creds, matches[ibm.IBMResourceCRNRegexp.SubexpIndex("guid")], userAgent, false)
+			dnsProvider, err = getIbmDNSProvider(dnsConfig, creds, platformStatus.IBMCloud.DNSInstanceCRN, userAgent, false)
 			if err != nil {
 				return nil, err
 			}
+		} else {
+			log.Info("using fake DNS provider as both CISInstanceCRN and DNSInstanceCRN are empty")
+			return &dns.FakeProvider{}, nil
 		}
 	case configv1.PowerVSPlatformType:
 		//Power VS platform will use the ibm dns implementation
 		var err error
-		cisInstanceCRN := platformStatus.PowerVS.CISInstanceCRN
-		if cisInstanceCRN == "" {
-			return nil, fmt.Errorf("missing cis instance crn")
-		}
-		dnsProvider, err = getIbmDNSProvider(dnsConfig, creds, cisInstanceCRN, userAgent, true)
-		if err != nil {
-			return nil, fmt.Errorf("failed to create IBM DNS manager: %v", err)
+		if platformStatus.PowerVS.CISInstanceCRN != "" {
+			dnsProvider, err = getIbmDNSProvider(dnsConfig, creds, platformStatus.PowerVS.CISInstanceCRN, userAgent, true)
+			if err != nil {
+				return nil, err
+			}
+		} else if platformStatus.PowerVS.DNSInstanceCRN != "" {
+			dnsProvider, err = getIbmDNSProvider(dnsConfig, creds, platformStatus.PowerVS.DNSInstanceCRN, userAgent, false)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			log.Info("using fake DNS provider as both CISInstanceCRN and DNSInstanceCRN are empty")
+			return &dns.FakeProvider{}, nil
 		}
 	case configv1.AlibabaCloudPlatformType:
 		if platformStatus.AlibabaCloud.Region == "" {
@@ -651,7 +656,7 @@ func (r *reconciler) customCABundle() (string, error) {
 }
 
 // getIbmDNSProvider initializes and returns an IBM DNS provider instance.
-func getIbmDNSProvider(dnsConfig *configv1.DNS, creds *corev1.Secret, instanceID, userAgent string, isPublic bool) (dns.Provider, error) {
+func getIbmDNSProvider(dnsConfig *configv1.DNS, creds *corev1.Secret, instanceCRN, userAgent string, isPublic bool) (dns.Provider, error) {
 	zones := []string{}
 	if dnsConfig.Spec.PrivateZone != nil {
 		zones = append(zones, dnsConfig.Spec.PrivateZone.ID)
@@ -661,13 +666,13 @@ func getIbmDNSProvider(dnsConfig *configv1.DNS, creds *corev1.Secret, instanceID
 	}
 
 	providerCfg := ibm.Config{
-		APIKey:     string(creds.Data["ibmcloud_api_key"]),
-		InstanceID: instanceID,
-		Zones:      zones,
-		UserAgent:  userAgent,
+		APIKey:    string(creds.Data["ibmcloud_api_key"]),
+		Zones:     zones,
+		UserAgent: userAgent,
 	}
 
 	if isPublic {
+		providerCfg.InstanceID = instanceCRN
 		provider, err := ibmpublicdns.NewProvider(providerCfg)
 		if err != nil {
 			return nil, fmt.Errorf("failed to initialize IBM CIS DNS provider: %w", err)
@@ -675,6 +680,11 @@ func getIbmDNSProvider(dnsConfig *configv1.DNS, creds *corev1.Secret, instanceID
 		log.Info("successfully initialized IBM CIS DNS provider")
 		return provider, nil
 	} else {
+		matches := ibm.IBMResourceCRNRegexp.FindStringSubmatch(instanceCRN)
+		if matches == nil {
+			return nil, fmt.Errorf("CRN: %s does not match expected format: %s", instanceCRN, ibm.IBMResourceCRNRegexp)
+		}
+		providerCfg.InstanceID = matches[ibm.IBMResourceCRNRegexp.SubexpIndex("guid")]
 		provider, err := ibmprivatedns.NewProvider(providerCfg)
 		if err != nil {
 			return nil, fmt.Errorf("failed to initialize IBM Cloud DNS Services provider: %w", err)
@@ -682,5 +692,4 @@ func getIbmDNSProvider(dnsConfig *configv1.DNS, creds *corev1.Secret, instanceID
 		log.Info("successfully initialized IBM Cloud DNS Services provider")
 		return provider, nil
 	}
-
 }