Short version:
Cloudflare users will see many MODIFY-TTL changes when they upgrade to v4.15.4. It will be a one-time change. It is expected.
Longer version:
Since
2019-06-27 the CLOUDFLAREAPI provider has changed TTLs from 300 to 1. This was done to reflect the special treatment that Cloudflare gives certain TTLs.
This 300 -> 1 change should have been done ONLY for A/AAAA/CNAME records with Cloudflare proxy enabled; no other records. However we've been doing it for all records. That is a bug.
This bug was fixed in v4.15.4. Therefore, when you upgrade to v4.15.4 or later, your next "push" will see many, many, many, records changing their TTL to 300. For example, here are just the first 26 such corrections at my site:
******************** Domain: stackoverflow.com
108 corrections (cloudflare_main)
#1: ± MODIFY-TTL stackoverflow.com MX 1 aspmx.l.google.com. ttl=(1->300) id=aab5612c342fad59cac07135b23d84a0
#2: ± MODIFY-TTL stackoverflow.com MX 10 alt3.aspmx.l.google.com. ttl=(1->300) id=6bc248ab58629572f62c8f22ea817ff1
#3: ± MODIFY-TTL stackoverflow.com MX 10 alt4.aspmx.l.google.com. ttl=(1->300) id=6827992ff7bd0a4bd6bd48eaf2a020bb
#4: ± MODIFY-TTL stackoverflow.com MX 5 alt1.aspmx.l.google.com. ttl=(1->300) id=a2833ddd6bea77297a08f96247d05959
#5: ± MODIFY-TTL stackoverflow.com MX 5 alt2.aspmx.l.google.com. ttl=(1->300) id=c8fe2997cdb5010f4bdadfb87b229124
#6: ± MODIFY-TTL stackoverflow.com TXT "MS=ms52592611" ttl=(1->300) id=da7a1e0f5b722cc48db8f041c73fc47f
#7: ± MODIFY-TTL stackoverflow.com TXT "ZOOM_verify_AbkNwz5bBl0eurcDKyhhuk" ttl=(1->300) id=abecd28a6eed0d9c84046e4daf71e296
#8: ± MODIFY-TTL stackoverflow.com TXT "apple-domain-verification=O9jlnJXAQ7sNSZqC" ttl=(1->300) id=c0e4ea611804bca0420a8b31ef393e55
#9: ± MODIFY-TTL stackoverflow.com TXT "atlassian-domain-verification=byLeZgl3MIcfOqwWuMhq8Fhr/1zem/jIaouJegvDZbBKUU5OqhwDjdpkyYg5CTzm" ttl=(1->300) id=90c88ba2362d0f0db9e8e33fb5e497de
#10: ± MODIFY-TTL stackoverflow.com TXT "docker-verification=d65aee54-9091-4ceb-b792-61f5d5804050" ttl=(1->300) id=735b8415c0bc7181b1d52d8330934125
#11: ± MODIFY-TTL stackoverflow.com TXT "docusign=4262531d-29f4-4a62-9f33-ae9f66f5247b" ttl=(1->300) id=f8694e9d538a06b3c3e40616533bfe38
#12: ± MODIFY-TTL stackoverflow.com TXT "google-site-verification=2Bi6SYw5skkRexdtdLPL2gpxeIhLxnYVqITVP9Htl3w" ttl=(1->300) id=5997142f6d20a214ee09d294068fb5e6
#13: ± MODIFY-TTL stackoverflow.com TXT "google-site-verification=ctogLnZNAdc_CXq8yOhODMLpmugGynjxKecKHDz4oL8" ttl=(1->300) id=65b7c4bc52b4a2f9dd297f11afed7aaa
#14: ± MODIFY-TTL stackoverflow.com TXT "google-site-verification=o3EMam8yBGo1yEjyybIiZcOunGHOQKpo8JmOtp9n1BU" ttl=(1->300) id=a1a88583fd8684c8800805a1483bf33e
#15: ± MODIFY-TTL stackoverflow.com TXT "google-site-verification=rdWtMbplKjbRHGr2dNONfwkqithlUvjr3u6i8QEz_mo" ttl=(1->300) id=074ed2039968c59a915b7f39a286b082
#16: ± MODIFY-TTL stackoverflow.com TXT "onetrust-domain-verification=0d9d67f856334905a54256085a5768b3" ttl=(1->300) id=e1f065a4d27bf1493314fee1a7d79e54
#17: ± MODIFY-TTL stackoverflow.com TXT "onetrust-domain-verification=e445562296a64c649ae3d520230b8c4c" ttl=(1->300) id=2ba90181a6c602e9f50c84adf1f97bc0
#18: ± MODIFY-TTL stackoverflow.com TXT "v=spf1 ip4:198.252.206.71 include:_spf1.stackoverflow.com ~all" ttl=(1->300) id=0c772a809bcd79e0afb09d43346bf085
#19: ± MODIFY-TTL stackoverflow.com CAA 0 issue "digicert.com" ttl=(1->300) id=eedc0e4324594862e6cc240b3a2d7615
#20: ± MODIFY-TTL stackoverflow.com CAA 0 issue "digicert.com; cansignhttpexchanges=yes" ttl=(1->300) id=89f84774a3f07af4aa2295653e44b07b
#21: ± MODIFY-TTL stackoverflow.com CAA 0 issue "letsencrypt.org" ttl=(1->300) id=9f66552e8a727929f1fa2e3c739c943b
#22: ± MODIFY-TTL stackoverflow.com CAA 0 issue "pki.goog; cansignhttpexchanges=yes" ttl=(1->300) id=10e2fe16d68347c9fa270b7648eb499c
#23: ± MODIFY-TTL stackoverflow.com CAA 0 issue "sectigo.com" ttl=(1->300) id=796346a05ebe0001883485f7088cc610
#24: ± MODIFY-TTL stackoverflow.com CAA 0 issuewild "digicert.com" ttl=(1->300) id=75c1850f44128ecc19659b260ce29256
#25: ± MODIFY-TTL stackoverflow.com CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes" ttl=(1->300) id=60715cfe9fac82bbd65893e6b1391226
#26: ± MODIFY-TTL stackoverflow.com CAA 0 issuewild "letsencrypt.org" ttl=(1->300) id=f42f4ab4a6a02d4a8ebaac21e70e611d
...
...
This means that since 2019, the TTL on your MX, TXT, CAA, and other records was lower than you thought (1 second, when you thought it was 5 minutes). Now they will be cached properly.
Best,
Tom
-- Tom Limoncelli (he/him)
SRE TPM, Stack Overflow, Inc.