The purpose of DTO is that your controller returns an object in your API that is separate from your core entities.

If you have a core entity called Transaction that contains an object of type Currency, it is a bad practice to return Transaction and leak to the outside that your transaction has a type Currency in it, instead you create a DTO and in the DTO format the currency to a String, this way your entities preserved and hidden from what your controller returns. Now your API and core entities can change independently without breaking each other.

The correct order is that services will return model entities, and in your controller, they are mapped to a DTO.