This is a horrible recommendation and will ensure that the attack can continue after activating CloudFlare. You've already exposed your origin's IPs in this circumstance.

Yikes, of course.

can't you ask your provider for a new one?

Your provider would have to nullroute the ip under attack and you'll have to wait for DNS cache expiration so your updated zone is being distributed to clients.

Short TTLs are not honoured by everyone so you'll experience some downtime.

Is there any way around that? I'd rather set it and forget it so I don't have to worry about the attack in first place.