Not just in an ideal world - in the real world as well; at the very least, they must be aware of the testing underway. It's really a coordination effort between your client and their hosting provider.
Remember, a lot of hosting providers are hosting multiple domains/apps on a single node. In this case, not only will you potentially disrupt your client's services (which your client is expecting anyway, so not a big deal), but you can potentially disrupt unrelated services. As well, you don't want the hosting company to think they're under a real attack and start an investigation, alerting authorities, etc.
You'll need to check with your legal team on how your agreement(s)/contract(s) spell out resolution on this situation (if they even do). Better to check twice and be annoying about it, than not check and leave yourself open to legal trouble.